From d7342a09a77088e096535205944ffc4a201b8c5d Mon Sep 17 00:00:00 2001 From: Laurence Tratt Date: Sat, 3 Oct 2015 17:25:38 +0059 Subject: Fix build on LibreSSL. LibreSSL has deprecated SSLv3_method, so this commit makes that a compile-time feature. It also removes a test referencing SSL_OP_CISCO_ANYCONNECT, as the LibreSSL header says it is amongst "Obsolete flags kept for compatibility. No sane code should use them." --- openssl/src/ssl/mod.rs | 3 +++ openssl/src/ssl/tests.rs | 4 ---- 2 files changed, 3 insertions(+), 4 deletions(-) (limited to 'openssl/src/ssl') diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 360f3f3e..a68a2fc3 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -109,6 +109,7 @@ pub enum SslMethod { /// Support the SSLv2, SSLv3, TLSv1, TLSv1.1, and TLSv1.2 protocols depending on what the /// linked OpenSSL library supports. Sslv23, + #[cfg(feature = "sslv3")] /// Only support the SSLv3 protocol. Sslv3, /// Only support the TLSv1 protocol. @@ -132,6 +133,7 @@ impl SslMethod { match *self { #[cfg(feature = "sslv2")] SslMethod::Sslv2 => ffi::SSLv2_method(), + #[cfg(feature = "sslv3")] SslMethod::Sslv3 => ffi::SSLv3_method(), SslMethod::Tlsv1 => ffi::TLSv1_method(), SslMethod::Sslv23 => ffi::SSLv23_method(), @@ -150,6 +152,7 @@ impl SslMethod { match method { #[cfg(feature = "sslv2")] x if x == ffi::SSLv2_method() => Some(SslMethod::Sslv2), + #[cfg(feature = "sslv3")] x if x == ffi::SSLv3_method() => Some(SslMethod::Sslv3), x if x == ffi::TLSv1_method() => Some(SslMethod::Tlsv1), x if x == ffi::SSLv23_method() => Some(SslMethod::Sslv23), diff --git a/openssl/src/ssl/tests.rs b/openssl/src/ssl/tests.rs index 033a3b86..a8bd4a87 100644 --- a/openssl/src/ssl/tests.rs +++ b/openssl/src/ssl/tests.rs @@ -416,10 +416,6 @@ run_test!(set_ctx_options, |method, _| { let mut ctx = SslContext::new(method).unwrap(); let opts = ctx.set_options(ssl::SSL_OP_NO_TICKET); assert!(opts.contains(ssl::SSL_OP_NO_TICKET)); - assert!(!opts.contains(ssl::SSL_OP_CISCO_ANYCONNECT)); - let more_opts = ctx.set_options(ssl::SSL_OP_CISCO_ANYCONNECT); - assert!(more_opts.contains(ssl::SSL_OP_NO_TICKET)); - assert!(more_opts.contains(ssl::SSL_OP_CISCO_ANYCONNECT)); }); run_test!(clear_ctx_options, |method, _| { -- cgit v1.2.3 From a28253ee7d73250abff2ce3934acca36175f9866 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 12 Oct 2015 20:54:00 +0200 Subject: Add set_certificate_chain_file() SSL_CTX_use_certificate_chain_file() is preferred over SSL_CTX_use_certificate_file(). It allows the use of complete certificate chains instead of loading only the first certificate in a PEM file. --- openssl/src/ssl/mod.rs | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'openssl/src/ssl') diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index a68a2fc3..3580c66d 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -523,6 +523,16 @@ impl SslContext { }) } + /// Specifies the file that contains certificate chain + pub fn set_certificate_chain_file>(&mut self, file: P, file_type: X509FileType) + -> Result<(),SslError> { + let file = CString::new(file.as_ref().as_os_str().to_str().expect("invalid utf8")).unwrap(); + wrap_ssl_result( + unsafe { + ffi::SSL_CTX_use_certificate_chain_file(self.ctx, file.as_ptr(), file_type as c_int) + }) + } + /// Specifies the certificate pub fn set_certificate(&mut self, cert: &X509) -> Result<(),SslError> { wrap_ssl_result( -- cgit v1.2.3 From ae3d0e36d71bb121c2fc1a75b3bc6d97f0e61480 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Wed, 14 Oct 2015 21:51:32 -0400 Subject: Revert "Merge pull request #280 from ltratt/libressl_build" This reverts commit aad933e5077b2c73e1f05d7314e442531a562bcf, reversing changes made to 60ee731408facdc8e3dfc000fdee2f1291fad664. --- openssl/src/ssl/mod.rs | 3 --- openssl/src/ssl/tests.rs | 4 ++++ 2 files changed, 4 insertions(+), 3 deletions(-) (limited to 'openssl/src/ssl') diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 3580c66d..e76529a5 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -109,7 +109,6 @@ pub enum SslMethod { /// Support the SSLv2, SSLv3, TLSv1, TLSv1.1, and TLSv1.2 protocols depending on what the /// linked OpenSSL library supports. Sslv23, - #[cfg(feature = "sslv3")] /// Only support the SSLv3 protocol. Sslv3, /// Only support the TLSv1 protocol. @@ -133,7 +132,6 @@ impl SslMethod { match *self { #[cfg(feature = "sslv2")] SslMethod::Sslv2 => ffi::SSLv2_method(), - #[cfg(feature = "sslv3")] SslMethod::Sslv3 => ffi::SSLv3_method(), SslMethod::Tlsv1 => ffi::TLSv1_method(), SslMethod::Sslv23 => ffi::SSLv23_method(), @@ -152,7 +150,6 @@ impl SslMethod { match method { #[cfg(feature = "sslv2")] x if x == ffi::SSLv2_method() => Some(SslMethod::Sslv2), - #[cfg(feature = "sslv3")] x if x == ffi::SSLv3_method() => Some(SslMethod::Sslv3), x if x == ffi::TLSv1_method() => Some(SslMethod::Tlsv1), x if x == ffi::SSLv23_method() => Some(SslMethod::Sslv23), diff --git a/openssl/src/ssl/tests.rs b/openssl/src/ssl/tests.rs index a8bd4a87..033a3b86 100644 --- a/openssl/src/ssl/tests.rs +++ b/openssl/src/ssl/tests.rs @@ -416,6 +416,10 @@ run_test!(set_ctx_options, |method, _| { let mut ctx = SslContext::new(method).unwrap(); let opts = ctx.set_options(ssl::SSL_OP_NO_TICKET); assert!(opts.contains(ssl::SSL_OP_NO_TICKET)); + assert!(!opts.contains(ssl::SSL_OP_CISCO_ANYCONNECT)); + let more_opts = ctx.set_options(ssl::SSL_OP_CISCO_ANYCONNECT); + assert!(more_opts.contains(ssl::SSL_OP_NO_TICKET)); + assert!(more_opts.contains(ssl::SSL_OP_CISCO_ANYCONNECT)); }); run_test!(clear_ctx_options, |method, _| { -- cgit v1.2.3