From cd7fa9fca29296adebe37dfc20d3cebc96010534 Mon Sep 17 00:00:00 2001
From: Steven Fackler <sfackler@gmail.com>
Date: Mon, 31 Oct 2016 20:54:34 -0700
Subject: Update x509

---
 openssl/src/ssl/connector.rs | 23 ++++++++++++-----------
 openssl/src/ssl/mod.rs       | 16 ++++++++--------
 openssl/src/ssl/tests/mod.rs | 23 +++--------------------
 3 files changed, 23 insertions(+), 39 deletions(-)

(limited to 'openssl/src/ssl')

diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs
index 752126e0..a1bcfa77 100644
--- a/openssl/src/ssl/connector.rs
+++ b/openssl/src/ssl/connector.rs
@@ -5,7 +5,7 @@ use error::ErrorStack;
 use ssl::{self, SslMethod, SslContextBuilder, SslContext, Ssl, SSL_VERIFY_PEER, SslStream,
           HandshakeError};
 use pkey::PKey;
-use x509::X509Ref;
+use x509::X509;
 use types::Ref;
 
 // apps/dh2048.pem
@@ -118,11 +118,11 @@ impl SslAcceptorBuilder {
     /// [docs]: https://wiki.mozilla.org/Security/Server_Side_TLS
     pub fn mozilla_intermediate<I>(method: SslMethod,
                                    private_key: &Ref<PKey>,
-                                   certificate: &X509Ref,
+                                   certificate: &Ref<X509>,
                                    chain: I)
                                    -> Result<SslAcceptorBuilder, ErrorStack>
         where I: IntoIterator,
-              I::Item: AsRef<X509Ref>
+              I::Item: AsRef<Ref<X509>>
     {
         let mut ctx = try!(ctx(method));
         let dh = try!(Dh::from_pem(DHPARAM_PEM.as_bytes()));
@@ -153,11 +153,11 @@ impl SslAcceptorBuilder {
     /// [docs]: https://wiki.mozilla.org/Security/Server_Side_TLS
     pub fn mozilla_modern<I>(method: SslMethod,
                              private_key: &Ref<PKey>,
-                             certificate: &X509Ref,
+                             certificate: &Ref<X509>,
                              chain: I)
                              -> Result<SslAcceptorBuilder, ErrorStack>
         where I: IntoIterator,
-              I::Item: AsRef<X509Ref>
+              I::Item: AsRef<Ref<X509>>
     {
         let mut ctx = try!(ctx(method));
         try!(setup_curves(&mut ctx));
@@ -171,11 +171,11 @@ impl SslAcceptorBuilder {
 
     fn finish_setup<I>(mut ctx: SslContextBuilder,
                        private_key: &Ref<PKey>,
-                       certificate: &X509Ref,
+                       certificate: &Ref<X509>,
                        chain: I)
                        -> Result<SslAcceptorBuilder, ErrorStack>
         where I: IntoIterator,
-              I::Item: AsRef<X509Ref>
+              I::Item: AsRef<Ref<X509>>
     {
         try!(ctx.set_private_key(private_key));
         try!(ctx.set_certificate(certificate));
@@ -255,11 +255,12 @@ mod verify {
     use std::net::IpAddr;
 
     use nid;
-    use x509::{X509StoreContextRef, X509Ref, GeneralNames, X509NameRef};
+    use x509::{X509StoreContext, X509, GeneralNames, X509Name};
+    use types::Ref;
 
     pub fn verify_callback(domain: &str,
                            preverify_ok: bool,
-                           x509_ctx: &X509StoreContextRef)
+                           x509_ctx: &Ref<X509StoreContext>)
                            -> bool {
         if !preverify_ok || x509_ctx.error_depth() != 0 {
             return preverify_ok;
@@ -271,7 +272,7 @@ mod verify {
         }
     }
 
-    fn verify_hostname(domain: &str, cert: &X509Ref) -> bool {
+    fn verify_hostname(domain: &str, cert: &Ref<X509>) -> bool {
         match cert.subject_alt_names() {
             Some(names) => verify_subject_alt_names(domain, &names),
             None => verify_subject_name(domain, &cert.subject_name()),
@@ -303,7 +304,7 @@ mod verify {
         false
     }
 
-    fn verify_subject_name(domain: &str, subject_name: &X509NameRef) -> bool {
+    fn verify_subject_name(domain: &str, subject_name: &Ref<X509Name>) -> bool {
         if let Some(pattern) = subject_name.text_by_nid(nid::COMMONNAME) {
             // Unlike with SANs, IP addresses in the subject name don't have a
             // different encoding. We need to pass this down to matches_dns to
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index 42c38980..68d411c7 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -92,7 +92,7 @@ use ffi;
 use {init, cvt, cvt_p};
 use dh::Dh;
 use ec_key::EcKey;
-use x509::{X509StoreContextRef, X509FileType, X509, X509Ref, X509VerifyError};
+use x509::{X509StoreContext, X509FileType, X509, X509VerifyError};
 #[cfg(any(ossl102, ossl110))]
 use verify::X509VerifyParam;
 use pkey::PKey;
@@ -262,7 +262,7 @@ fn get_new_ssl_idx<T>() -> c_int {
 }
 
 extern "C" fn raw_verify<F>(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX) -> c_int
-    where F: Fn(bool, &X509StoreContextRef) -> bool + Any + 'static + Sync + Send
+    where F: Fn(bool, &Ref<X509StoreContext>) -> bool + Any + 'static + Sync + Send
 {
     unsafe {
         let idx = ffi::SSL_get_ex_data_X509_STORE_CTX_idx();
@@ -271,14 +271,14 @@ extern "C" fn raw_verify<F>(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_
         let verify = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_verify_data_idx::<F>());
         let verify: &F = &*(verify as *mut F);
 
-        let ctx = X509StoreContextRef::from_ptr(x509_ctx);
+        let ctx = Ref::from_ptr(x509_ctx);
 
         verify(preverify_ok != 0, ctx) as c_int
     }
 }
 
 extern "C" fn ssl_raw_verify<F>(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX) -> c_int
-    where F: Fn(bool, &X509StoreContextRef) -> bool + Any + 'static + Sync + Send
+    where F: Fn(bool, &Ref<X509StoreContext>) -> bool + Any + 'static + Sync + Send
 {
     unsafe {
         let idx = ffi::SSL_get_ex_data_X509_STORE_CTX_idx();
@@ -286,7 +286,7 @@ extern "C" fn ssl_raw_verify<F>(preverify_ok: c_int, x509_ctx: *mut ffi::X509_ST
         let verify = ffi::SSL_get_ex_data(ssl as *const _, get_ssl_verify_data_idx::<F>());
         let verify: &F = &*(verify as *mut F);
 
-        let ctx = X509StoreContextRef::from_ptr(x509_ctx);
+        let ctx = Ref::from_ptr(x509_ctx);
 
         verify(preverify_ok != 0, ctx) as c_int
     }
@@ -463,7 +463,7 @@ impl SslContextBuilder {
     /// Configures the certificate verification method for new connections and
     /// registers a verification callback.
     pub fn set_verify_callback<F>(&mut self, mode: SslVerifyMode, verify: F)
-        where F: Fn(bool, &X509StoreContextRef) -> bool + Any + 'static + Sync + Send
+        where F: Fn(bool, &Ref<X509StoreContext>) -> bool + Any + 'static + Sync + Send
     {
         unsafe {
             let verify = Box::new(verify);
@@ -584,7 +584,7 @@ impl SslContextBuilder {
     }
 
     /// Specifies the certificate
-    pub fn set_certificate(&mut self, cert: &X509Ref) -> Result<(), ErrorStack> {
+    pub fn set_certificate(&mut self, cert: &Ref<X509>) -> Result<(), ErrorStack> {
         unsafe { cvt(ffi::SSL_CTX_use_certificate(self.as_ptr(), cert.as_ptr())).map(|_| ()) }
     }
 
@@ -874,7 +874,7 @@ impl Ref<Ssl> {
     /// to the certificate chain. It should return `true` if the certificate
     /// chain is valid and `false` otherwise.
     pub fn set_verify_callback<F>(&mut self, mode: SslVerifyMode, verify: F)
-        where F: Fn(bool, &X509StoreContextRef) -> bool + Any + 'static + Sync + Send
+        where F: Fn(bool, &Ref<X509StoreContext>) -> bool + Any + 'static + Sync + Send
     {
         unsafe {
             let verify = Box::new(verify);
diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs
index a874fe3b..13b3a8a7 100644
--- a/openssl/src/ssl/tests/mod.rs
+++ b/openssl/src/ssl/tests/mod.rs
@@ -20,7 +20,7 @@ use ssl::SSL_VERIFY_PEER;
 use ssl::{SslMethod, HandshakeError};
 use ssl::{SslContext, SslStream, Ssl, ShutdownResult, SslConnectorBuilder, SslAcceptorBuilder,
           Error};
-use x509::X509StoreContextRef;
+use x509::X509StoreContext;
 use x509::X509FileType;
 use x509::X509;
 #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
@@ -171,8 +171,9 @@ macro_rules! run_test(
             use ssl::{SslContext, Ssl, SslStream};
             use ssl::SSL_VERIFY_PEER;
             use hash::MessageDigest;
-            use x509::X509StoreContextRef;
+            use x509::X509StoreContext;
             use serialize::hex::FromHex;
+            use types::Ref;
             use super::Server;
 
             #[test]
@@ -771,24 +772,6 @@ fn test_alpn_server_select_none() {
     assert!(Ssl::new(&ctx.build()).unwrap().connect(stream).is_err());
 }
 
-#[cfg(test)]
-mod dtlsv1 {
-    use serialize::hex::FromHex;
-    use std::net::TcpStream;
-    use std::thread;
-
-    use hash::MessageDigest;
-    use ssl::SslMethod;
-    use ssl::{SslContext, SslStream};
-    use ssl::SSL_VERIFY_PEER;
-    use x509::X509StoreContextRef;
-
-    #[test]
-    fn test_new_ctx() {
-        SslContext::builder(SslMethod::dtls()).unwrap();
-    }
-}
-
 #[test]
 #[cfg_attr(any(windows, target_arch = "arm"), ignore)] // FIXME(#467)
 fn test_read_dtlsv1() {
-- 
cgit v1.2.3