From 2062d48dd2fa5645889f2fda06c84de7bf546806 Mon Sep 17 00:00:00 2001 From: Charlie Ozinga Date: Thu, 14 Apr 2016 03:44:43 -0600 Subject: Add 1DES symm ciphers (des-cbc, des-ecb, des-cfb, des-ofb) 1DES is well and truly dead for actual sensitive information, (its keysize is too small for modern purposes), but it can still find use in backwards compatiblity or educational applications. --- openssl/src/crypto/symm.rs | 49 +++++++++++++++++++++++++++++++++++++ openssl/src/crypto/symm_internal.rs | 5 ++++ 2 files changed, 54 insertions(+) (limited to 'openssl/src') diff --git a/openssl/src/crypto/symm.rs b/openssl/src/crypto/symm.rs index c0e845dc..dfba7053 100644 --- a/openssl/src/crypto/symm.rs +++ b/openssl/src/crypto/symm.rs @@ -37,6 +37,11 @@ pub enum Type { AES_256_CFB128, AES_256_CFB8, + DES_CBC, + DES_ECB, + DES_CFB, + DES_OFB, + RC4_128, } @@ -362,4 +367,48 @@ mod tests { cipher_test(super::Type::AES_256_CFB8, pt, ct, key, iv); } + + #[test] + fn test_des_cbc() { + + let pt = "54686973206973206120746573742e"; + let ct = "6f2867cfefda048a4046ef7e556c7132"; + let key = "7cb66337f3d3c0fe"; + let iv = "0001020304050607"; + + cipher_test(super::Type::DES_CBC, pt, ct, key, iv); + } + + #[test] + fn test_des_ecb() { + + let pt = "54686973206973206120746573742e"; + let ct = "0050ab8aecec758843fe157b4dde938c"; + let key = "7cb66337f3d3c0fe"; + let iv = "0001020304050607"; + + cipher_test(super::Type::DES_ECB, pt, ct, key, iv); + } + + #[test] + fn test_des_cfb() { + + let pt = "54686973206973206120746573742e"; + let ct = "10577dc484ebfe7679121dff761797"; + let key = "7cb66337f3d3c0fe"; + let iv = "0001020304050607"; + + cipher_test(super::Type::DES_CFB, pt, ct, key, iv); + } + + #[test] + fn test_des_ofb() { + + let pt = "54686973206973206120746573742e"; + let ct = "10577dc484ebfe76be391c7b8a6b9d"; + let key = "7cb66337f3d3c0fe"; + let iv = "0001020304050607"; + + cipher_test(super::Type::DES_OFB, pt, ct, key, iv); + } } diff --git a/openssl/src/crypto/symm_internal.rs b/openssl/src/crypto/symm_internal.rs index 5c457f3f..37b9025c 100644 --- a/openssl/src/crypto/symm_internal.rs +++ b/openssl/src/crypto/symm_internal.rs @@ -26,6 +26,11 @@ pub fn evpc(t: symm::Type) -> (*const ffi::EVP_CIPHER, u32, u32) { symm::Type::AES_256_CFB128 => (ffi::EVP_aes_256_cfb128(), 32, 16), symm::Type::AES_256_CFB8 => (ffi::EVP_aes_256_cfb8(), 32, 16), + symm::Type::DES_CBC => (ffi::EVP_des_cbc(), 8, 8), + symm::Type::DES_ECB => (ffi::EVP_des_ecb(), 8, 8), + symm::Type::DES_CFB => (ffi::EVP_des_cfb(), 8, 8), + symm::Type::DES_OFB => (ffi::EVP_des_ofb(), 8, 8), + symm::Type::RC4_128 => (ffi::EVP_rc4(), 16, 0), } } -- cgit v1.2.3 From 5682c044696bacb6600617433826141b0a08cd66 Mon Sep 17 00:00:00 2001 From: Charlie Ozinga Date: Tue, 19 Apr 2016 17:28:19 -0600 Subject: Remove des_cfb and des_ofb, since they appear on limit platforms --- openssl/src/crypto/symm.rs | 24 ------------------------ openssl/src/crypto/symm_internal.rs | 2 -- 2 files changed, 26 deletions(-) (limited to 'openssl/src') diff --git a/openssl/src/crypto/symm.rs b/openssl/src/crypto/symm.rs index dfba7053..935980f3 100644 --- a/openssl/src/crypto/symm.rs +++ b/openssl/src/crypto/symm.rs @@ -39,8 +39,6 @@ pub enum Type { DES_CBC, DES_ECB, - DES_CFB, - DES_OFB, RC4_128, } @@ -389,26 +387,4 @@ mod tests { cipher_test(super::Type::DES_ECB, pt, ct, key, iv); } - - #[test] - fn test_des_cfb() { - - let pt = "54686973206973206120746573742e"; - let ct = "10577dc484ebfe7679121dff761797"; - let key = "7cb66337f3d3c0fe"; - let iv = "0001020304050607"; - - cipher_test(super::Type::DES_CFB, pt, ct, key, iv); - } - - #[test] - fn test_des_ofb() { - - let pt = "54686973206973206120746573742e"; - let ct = "10577dc484ebfe76be391c7b8a6b9d"; - let key = "7cb66337f3d3c0fe"; - let iv = "0001020304050607"; - - cipher_test(super::Type::DES_OFB, pt, ct, key, iv); - } } diff --git a/openssl/src/crypto/symm_internal.rs b/openssl/src/crypto/symm_internal.rs index 37b9025c..ba01e1c1 100644 --- a/openssl/src/crypto/symm_internal.rs +++ b/openssl/src/crypto/symm_internal.rs @@ -28,8 +28,6 @@ pub fn evpc(t: symm::Type) -> (*const ffi::EVP_CIPHER, u32, u32) { symm::Type::DES_CBC => (ffi::EVP_des_cbc(), 8, 8), symm::Type::DES_ECB => (ffi::EVP_des_ecb(), 8, 8), - symm::Type::DES_CFB => (ffi::EVP_des_cfb(), 8, 8), - symm::Type::DES_OFB => (ffi::EVP_des_ofb(), 8, 8), symm::Type::RC4_128 => (ffi::EVP_rc4(), 16, 0), } -- cgit v1.2.3 From caf9272c85ddc68071aac8a0a3aa2d88dd322427 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Thu, 28 Apr 2016 22:16:29 -0700 Subject: Start on GeneralName --- openssl/src/x509/extension.rs | 39 +++++++++++++++++++++++++++++++++++++++ openssl/src/x509/mod.rs | 22 +++++++++++----------- 2 files changed, 50 insertions(+), 11 deletions(-) (limited to 'openssl/src') diff --git a/openssl/src/x509/extension.rs b/openssl/src/x509/extension.rs index 88cb64a2..c0b3bad4 100644 --- a/openssl/src/x509/extension.rs +++ b/openssl/src/x509/extension.rs @@ -1,4 +1,9 @@ use std::fmt; +use std::marker::PhantomData; +use std::slice; +use std::str; +use ffi; + use nid::Nid; /// Type-only version of the `Extension` enum. @@ -218,3 +223,37 @@ impl fmt::Display for AltNameOption { }) } } + +pub struct GeneralName<'a> { + name: *const ffi::GENERAL_NAME, + m: PhantomData<&'a ()>, +} + +impl<'a> GeneralName<'a> { + pub fn dns(&self) -> Option<&str> { + unsafe { + if (*self.name).type_ != ffi::GEN_DNS { + return None; + } + + let ptr = ffi::ASN1_STRING_data((*self.name).d as *mut _); + let len = ffi::ASN1_STRING_length((*self.name).d as *mut _); + + let slice = slice::from_raw_parts(ptr as *const u8, len as usize); + Some(str::from_utf8_unchecked(slice)) + } + } + + pub fn ipadd(&self) -> Option<&[u8]> { + unsafe { + if (*self.name).type_ != ffi::GEN_IPADD { + return None; + } + + let ptr = ffi::ASN1_STRING_data((*self.name).d as *mut _); + let len = ffi::ASN1_STRING_length((*self.name).d as *mut _); + + Some(slice::from_raw_parts(ptr as *const u8, len as usize)) + } + } +} diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index a69f61d5..cb2c7494 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -2,13 +2,14 @@ use libc::{c_char, c_int, c_long, c_ulong, c_uint, c_void}; use std::io; use std::io::prelude::*; use std::cmp::Ordering; -use std::ffi::{CString, CStr}; +use std::ffi::CString; use std::iter::repeat; use std::mem; use std::ptr; use std::ops::Deref; use std::fmt; use std::str; +use std::slice; use std::collections::HashMap; use asn1::Asn1Time; @@ -29,14 +30,12 @@ use self::extension::{ExtensionType, Extension}; #[cfg(test)] mod tests; -pub struct SslString { - s: &'static str, -} +pub struct SslString(&'static str); impl<'s> Drop for SslString { fn drop(&mut self) { unsafe { - ffi::CRYPTO_free(self.s.as_ptr() as *mut c_void); + ffi::CRYPTO_free(self.0.as_ptr() as *mut c_void); } } } @@ -45,25 +44,26 @@ impl Deref for SslString { type Target = str; fn deref(&self) -> &str { - self.s + self.0 } } impl SslString { - unsafe fn new(buf: *const c_char) -> SslString { - SslString { s: str::from_utf8(CStr::from_ptr(buf as *const _).to_bytes()).unwrap() } + unsafe fn new(buf: *const c_char, len: c_int) -> SslString { + let slice = slice::from_raw_parts(buf as *const _, len as usize); + SslString(str::from_utf8_unchecked(slice)) } } impl fmt::Display for SslString { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - fmt::Display::fmt(self.s, f) + fmt::Display::fmt(self.0, f) } } impl fmt::Debug for SslString { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - fmt::Debug::fmt(self.s, f) + fmt::Debug::fmt(self.0, f) } } @@ -570,7 +570,7 @@ impl<'x> X509Name<'x> { assert!(!str_from_asn1.is_null()); - Some(SslString::new(str_from_asn1)) + Some(SslString::new(str_from_asn1, len)) } } } -- cgit v1.2.3 From ee120877435d8627064f8590a967314b9be87b1e Mon Sep 17 00:00:00 2001 From: Matt Brubeck Date: Fri, 29 Apr 2016 11:11:43 -0700 Subject: Upgrade to work with bitflags 0.5 and 0.6 --- openssl/src/ssl/mod.rs | 84 +++++++++++++++++++++++++------------------------- 1 file changed, 42 insertions(+), 42 deletions(-) (limited to 'openssl/src') diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 4b3a4385..3610627a 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -69,44 +69,44 @@ pub fn init() { } bitflags! { - flags SslContextOptions: u64 { - const SSL_OP_MICROSOFT_SESS_ID_BUG = ffi_extras::SSL_OP_MICROSOFT_SESS_ID_BUG, - const SSL_OP_NETSCAPE_CHALLENGE_BUG = ffi_extras::SSL_OP_NETSCAPE_CHALLENGE_BUG, - const SSL_OP_LEGACY_SERVER_CONNECT = ffi_extras::SSL_OP_LEGACY_SERVER_CONNECT, - const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = ffi_extras::SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG, - const SSL_OP_TLSEXT_PADDING = ffi_extras::SSL_OP_TLSEXT_PADDING, - const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = ffi_extras::SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER, - const SSL_OP_SAFARI_ECDHE_ECDSA_BUG = ffi_extras::SSL_OP_SAFARI_ECDHE_ECDSA_BUG, - const SSL_OP_SSLEAY_080_CLIENT_DH_BUG = ffi_extras::SSL_OP_SSLEAY_080_CLIENT_DH_BUG, - const SSL_OP_TLS_D5_BUG = ffi_extras::SSL_OP_TLS_D5_BUG, - const SSL_OP_TLS_BLOCK_PADDING_BUG = ffi_extras::SSL_OP_TLS_BLOCK_PADDING_BUG, - const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = ffi_extras::SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS, - const SSL_OP_NO_QUERY_MTU = ffi_extras::SSL_OP_NO_QUERY_MTU, - const SSL_OP_COOKIE_EXCHANGE = ffi_extras::SSL_OP_COOKIE_EXCHANGE, - const SSL_OP_NO_TICKET = ffi_extras::SSL_OP_NO_TICKET, - const SSL_OP_CISCO_ANYCONNECT = ffi_extras::SSL_OP_CISCO_ANYCONNECT, - const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = ffi_extras::SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION, - const SSL_OP_NO_COMPRESSION = ffi_extras::SSL_OP_NO_COMPRESSION, - const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION = ffi_extras::SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, - const SSL_OP_SINGLE_ECDH_USE = ffi_extras::SSL_OP_SINGLE_ECDH_USE, - const SSL_OP_SINGLE_DH_USE = ffi_extras::SSL_OP_SINGLE_DH_USE, - const SSL_OP_CIPHER_SERVER_PREFERENCE = ffi_extras::SSL_OP_CIPHER_SERVER_PREFERENCE, - const SSL_OP_TLS_ROLLBACK_BUG = ffi_extras::SSL_OP_TLS_ROLLBACK_BUG, - const SSL_OP_NO_SSLV2 = ffi_extras::SSL_OP_NO_SSLv2, - const SSL_OP_NO_SSLV3 = ffi_extras::SSL_OP_NO_SSLv3, - const SSL_OP_NO_DTLSV1 = ffi_extras::SSL_OP_NO_DTLSv1, - const SSL_OP_NO_TLSV1 = ffi_extras::SSL_OP_NO_TLSv1, - const SSL_OP_NO_DTLSV1_2 = ffi_extras::SSL_OP_NO_DTLSv1_2, - const SSL_OP_NO_TLSV1_2 = ffi_extras::SSL_OP_NO_TLSv1_2, - const SSL_OP_NO_TLSV1_1 = ffi_extras::SSL_OP_NO_TLSv1_1, - const SSL_OP_NETSCAPE_CA_DN_BUG = ffi_extras::SSL_OP_NETSCAPE_CA_DN_BUG, - const SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = ffi_extras::SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG, - const SSL_OP_CRYPTOPRO_TLSEXT_BUG = ffi_extras::SSL_OP_CRYPTOPRO_TLSEXT_BUG, - const SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = ffi_extras::SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG, - const SSL_OP_MSIE_SSLV2_RSA_PADDING = ffi_extras::SSL_OP_MSIE_SSLV2_RSA_PADDING, - const SSL_OP_PKCS1_CHECK_1 = ffi_extras::SSL_OP_PKCS1_CHECK_1, - const SSL_OP_PKCS1_CHECK_2 = ffi_extras::SSL_OP_PKCS1_CHECK_2, - const SSL_OP_EPHEMERAL_RSA = ffi_extras::SSL_OP_EPHEMERAL_RSA, + pub flags SslContextOptions: u64 { + const SSL_OP_MICROSOFT_SESS_ID_BUG = ::ffi_extras::SSL_OP_MICROSOFT_SESS_ID_BUG, + const SSL_OP_NETSCAPE_CHALLENGE_BUG = ::ffi_extras::SSL_OP_NETSCAPE_CHALLENGE_BUG, + const SSL_OP_LEGACY_SERVER_CONNECT = ::ffi_extras::SSL_OP_LEGACY_SERVER_CONNECT, + const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = ::ffi_extras::SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG, + const SSL_OP_TLSEXT_PADDING = ::ffi_extras::SSL_OP_TLSEXT_PADDING, + const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = ::ffi_extras::SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER, + const SSL_OP_SAFARI_ECDHE_ECDSA_BUG = ::ffi_extras::SSL_OP_SAFARI_ECDHE_ECDSA_BUG, + const SSL_OP_SSLEAY_080_CLIENT_DH_BUG = ::ffi_extras::SSL_OP_SSLEAY_080_CLIENT_DH_BUG, + const SSL_OP_TLS_D5_BUG = ::ffi_extras::SSL_OP_TLS_D5_BUG, + const SSL_OP_TLS_BLOCK_PADDING_BUG = ::ffi_extras::SSL_OP_TLS_BLOCK_PADDING_BUG, + const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = ::ffi_extras::SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS, + const SSL_OP_NO_QUERY_MTU = ::ffi_extras::SSL_OP_NO_QUERY_MTU, + const SSL_OP_COOKIE_EXCHANGE = ::ffi_extras::SSL_OP_COOKIE_EXCHANGE, + const SSL_OP_NO_TICKET = ::ffi_extras::SSL_OP_NO_TICKET, + const SSL_OP_CISCO_ANYCONNECT = ::ffi_extras::SSL_OP_CISCO_ANYCONNECT, + const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = ::ffi_extras::SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION, + const SSL_OP_NO_COMPRESSION = ::ffi_extras::SSL_OP_NO_COMPRESSION, + const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION = ::ffi_extras::SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, + const SSL_OP_SINGLE_ECDH_USE = ::ffi_extras::SSL_OP_SINGLE_ECDH_USE, + const SSL_OP_SINGLE_DH_USE = ::ffi_extras::SSL_OP_SINGLE_DH_USE, + const SSL_OP_CIPHER_SERVER_PREFERENCE = ::ffi_extras::SSL_OP_CIPHER_SERVER_PREFERENCE, + const SSL_OP_TLS_ROLLBACK_BUG = ::ffi_extras::SSL_OP_TLS_ROLLBACK_BUG, + const SSL_OP_NO_SSLV2 = ::ffi_extras::SSL_OP_NO_SSLv2, + const SSL_OP_NO_SSLV3 = ::ffi_extras::SSL_OP_NO_SSLv3, + const SSL_OP_NO_DTLSV1 = ::ffi_extras::SSL_OP_NO_DTLSv1, + const SSL_OP_NO_TLSV1 = ::ffi_extras::SSL_OP_NO_TLSv1, + const SSL_OP_NO_DTLSV1_2 = ::ffi_extras::SSL_OP_NO_DTLSv1_2, + const SSL_OP_NO_TLSV1_2 = ::ffi_extras::SSL_OP_NO_TLSv1_2, + const SSL_OP_NO_TLSV1_1 = ::ffi_extras::SSL_OP_NO_TLSv1_1, + const SSL_OP_NETSCAPE_CA_DN_BUG = ::ffi_extras::SSL_OP_NETSCAPE_CA_DN_BUG, + const SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = ::ffi_extras::SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG, + const SSL_OP_CRYPTOPRO_TLSEXT_BUG = ::ffi_extras::SSL_OP_CRYPTOPRO_TLSEXT_BUG, + const SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = ::ffi_extras::SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG, + const SSL_OP_MSIE_SSLV2_RSA_PADDING = ::ffi_extras::SSL_OP_MSIE_SSLV2_RSA_PADDING, + const SSL_OP_PKCS1_CHECK_1 = ::ffi_extras::SSL_OP_PKCS1_CHECK_1, + const SSL_OP_PKCS1_CHECK_2 = ::ffi_extras::SSL_OP_PKCS1_CHECK_2, + const SSL_OP_EPHEMERAL_RSA = ::ffi_extras::SSL_OP_EPHEMERAL_RSA, const SSL_OP_ALL = SSL_OP_MICROSOFT_SESS_ID_BUG.bits|SSL_OP_NETSCAPE_CHALLENGE_BUG.bits |SSL_OP_LEGACY_SERVER_CONNECT.bits|SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG.bits |SSL_OP_TLSEXT_PADDING.bits|SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER.bits @@ -214,14 +214,14 @@ impl SslMethod { /// Determines the type of certificate verification used bitflags! { - flags SslVerifyMode: i32 { + pub flags SslVerifyMode: i32 { /// Verify that the server's certificate is trusted - const SSL_VERIFY_PEER = ffi::SSL_VERIFY_PEER, + const SSL_VERIFY_PEER = ::ffi::SSL_VERIFY_PEER, /// Do not verify the server's certificate - const SSL_VERIFY_NONE = ffi::SSL_VERIFY_NONE, + const SSL_VERIFY_NONE = ::ffi::SSL_VERIFY_NONE, /// Terminate handshake if client did not return a certificate. /// Use together with SSL_VERIFY_PEER. - const SSL_VERIFY_FAIL_IF_NO_PEER_CERT = ffi::SSL_VERIFY_FAIL_IF_NO_PEER_CERT, + const SSL_VERIFY_FAIL_IF_NO_PEER_CERT = ::ffi::SSL_VERIFY_FAIL_IF_NO_PEER_CERT, } } -- cgit v1.2.3 From 32722e18501b06fbd51a8871f8bea0cddb4b132c Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Fri, 29 Apr 2016 21:15:32 -0700 Subject: Add accessors for x509 subject alt names --- openssl/src/x509/extension.rs | 38 --------------------- openssl/src/x509/mod.rs | 79 +++++++++++++++++++++++++++++++++++++++++-- openssl/src/x509/tests.rs | 12 +++++++ 3 files changed, 89 insertions(+), 40 deletions(-) (limited to 'openssl/src') diff --git a/openssl/src/x509/extension.rs b/openssl/src/x509/extension.rs index c0b3bad4..7ff0c1ca 100644 --- a/openssl/src/x509/extension.rs +++ b/openssl/src/x509/extension.rs @@ -1,8 +1,4 @@ use std::fmt; -use std::marker::PhantomData; -use std::slice; -use std::str; -use ffi; use nid::Nid; @@ -223,37 +219,3 @@ impl fmt::Display for AltNameOption { }) } } - -pub struct GeneralName<'a> { - name: *const ffi::GENERAL_NAME, - m: PhantomData<&'a ()>, -} - -impl<'a> GeneralName<'a> { - pub fn dns(&self) -> Option<&str> { - unsafe { - if (*self.name).type_ != ffi::GEN_DNS { - return None; - } - - let ptr = ffi::ASN1_STRING_data((*self.name).d as *mut _); - let len = ffi::ASN1_STRING_length((*self.name).d as *mut _); - - let slice = slice::from_raw_parts(ptr as *const u8, len as usize); - Some(str::from_utf8_unchecked(slice)) - } - } - - pub fn ipadd(&self) -> Option<&[u8]> { - unsafe { - if (*self.name).type_ != ffi::GEN_IPADD { - return None; - } - - let ptr = ffi::ASN1_STRING_data((*self.name).d as *mut _); - let len = ffi::ASN1_STRING_length((*self.name).d as *mut _); - - Some(slice::from_raw_parts(ptr as *const u8, len as usize)) - } - } -} diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index cb2c7494..cdd729aa 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -11,6 +11,7 @@ use std::fmt; use std::str; use std::slice; use std::collections::HashMap; +use std::marker::PhantomData; use asn1::Asn1Time; use bio::MemBio; @@ -21,7 +22,7 @@ use crypto::rand::rand_bytes; use ffi; use ffi_extras; use ssl::error::{SslError, StreamError}; -use nid; +use nid::Nid; pub mod extension; @@ -464,6 +465,23 @@ impl<'ctx> X509<'ctx> { } } + pub fn subject_alt_names<'a>(&'a self) -> Option> { + unsafe { + let stack = ffi::X509_get_ext_d2i(self.handle, + Nid::SubjectAltName as c_int, + ptr::null_mut(), + ptr::null_mut()); + if stack.is_null() { + return None; + } + + Some(GeneralNames { + stack: stack as *const _, + m: PhantomData, + }) + } + } + pub fn public_key(&self) -> PKey { let pkey = unsafe { ffi::X509_get_pubkey(self.handle) }; assert!(!pkey.is_null()); @@ -544,7 +562,7 @@ pub struct X509NameEntry<'x> { } impl<'x> X509Name<'x> { - pub fn text_by_nid(&self, nid: nid::Nid) -> Option { + pub fn text_by_nid(&self, nid: Nid) -> Option { unsafe { let loc = ffi::X509_NAME_get_index_by_NID(self.name, nid as c_int, -1); if loc == -1 { @@ -766,6 +784,63 @@ make_validation_error!(X509_V_OK, X509ApplicationVerification = X509_V_ERR_APPLICATION_VERIFICATION, ); +pub struct GeneralNames<'a> { + stack: *const ffi::stack_st_GENERAL_NAME, + m: PhantomData<&'a ()>, +} + +impl<'a> GeneralNames<'a> { + pub fn len(&self) -> usize { + unsafe { + (*self.stack).stack.num as usize + } + } + + pub fn get(&self, idx: usize) -> GeneralName<'a> { + unsafe { + assert!(idx < self.len()); + + GeneralName { + name: *(*self.stack).stack.data.offset(idx as isize) as *const ffi::GENERAL_NAME, + m: PhantomData, + } + } + } +} + +pub struct GeneralName<'a> { + name: *const ffi::GENERAL_NAME, + m: PhantomData<&'a ()>, +} + +impl<'a> GeneralName<'a> { + pub fn dns(&self) -> Option<&str> { + unsafe { + if (*self.name).type_ != ffi::GEN_DNS { + return None; + } + + let ptr = ffi::ASN1_STRING_data((*self.name).d as *mut _); + let len = ffi::ASN1_STRING_length((*self.name).d as *mut _); + + let slice = slice::from_raw_parts(ptr as *const u8, len as usize); + Some(str::from_utf8_unchecked(slice)) + } + } + + pub fn ipadd(&self) -> Option<&[u8]> { + unsafe { + if (*self.name).type_ != ffi::GEN_IPADD { + return None; + } + + let ptr = ffi::ASN1_STRING_data((*self.name).d as *mut _); + let len = ffi::ASN1_STRING_length((*self.name).d as *mut _); + + Some(slice::from_raw_parts(ptr as *const u8, len as usize)) + } + } +} #[test] fn test_negative_serial() { diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index 69ad37f8..5f4d432e 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -157,3 +157,15 @@ fn test_nid_uid_value() { }; assert_eq!(&cn as &str, "this is the userId"); } + +#[test] +fn test_subject_alt_name() { + let mut file = File::open("test/alt_name_cert.pem").unwrap(); + let cert = X509::from_pem(&mut file).unwrap(); + + let subject_alt_names = cert.subject_alt_names().unwrap(); + assert_eq!(3, subject_alt_names.len()); + assert_eq!(Some("foobar.com"), subject_alt_names.get(0).dns()); + assert_eq!(subject_alt_names.get(1).ipadd(), Some(&[127, 0, 0, 1][..])); + assert_eq!(subject_alt_names.get(2).ipadd(), Some(&b"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01"[..])); +} -- cgit v1.2.3 From 50024ce33b804e16e0c8b42abace73e0e4779cda Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Fri, 29 Apr 2016 21:40:16 -0700 Subject: Ignore default verify paths test on windows --- openssl/src/ssl/tests/mod.rs | 1 + 1 file changed, 1 insertion(+) (limited to 'openssl/src') diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs index 15811d99..ce153b8e 100644 --- a/openssl/src/ssl/tests/mod.rs +++ b/openssl/src/ssl/tests/mod.rs @@ -1061,6 +1061,7 @@ fn refcount_ssl_context() { } #[test] +#[cfg_attr(windows, ignore)] // don't have a trusted CA list easily available :( fn default_verify_paths() { let mut ctx = SslContext::new(SslMethod::Sslv23).unwrap(); ctx.set_default_verify_paths().unwrap(); -- cgit v1.2.3 From 62a7dd10e588d7636c7720af6786efaa7015246b Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Mon, 25 Apr 2016 22:26:46 -0700 Subject: Add Ssl::set_verify It also uses a better, closure based API than the existing callback methods. --- openssl/src/ssl/mod.rs | 57 ++++++++++++++++++++++++++++++++++++++++++++ openssl/src/ssl/tests/mod.rs | 30 +++++++++++++++++++++++ 2 files changed, 87 insertions(+) (limited to 'openssl/src') diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 3610627a..b3c558c4 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -227,6 +227,7 @@ bitflags! { lazy_static! { static ref INDEXES: Mutex> = Mutex::new(HashMap::new()); + static ref SSL_INDEXES: Mutex> = Mutex::new(HashMap::new()); } // Creates a static index for user data of type T @@ -236,6 +237,10 @@ fn get_verify_data_idx() -> c_int { *INDEXES.lock().unwrap().entry(TypeId::of::()).or_insert_with(|| get_new_idx::()) } +fn get_ssl_verify_data_idx() -> c_int { + *SSL_INDEXES.lock().unwrap().entry(TypeId::of::()).or_insert_with(|| get_new_ssl_idx::()) +} + #[cfg(feature = "npn")] lazy_static! { static ref NPN_PROTOS_IDX: c_int = get_new_idx::>(); @@ -267,6 +272,26 @@ fn get_new_idx() -> c_int { } } +fn get_new_ssl_idx() -> c_int { + extern "C" fn free_data_box(_parent: *mut c_void, + ptr: *mut c_void, + _ad: *mut ffi::CRYPTO_EX_DATA, + _idx: c_int, + _argl: c_long, + _argp: *mut c_void) { + if !ptr.is_null() { + let _: Box = unsafe { mem::transmute(ptr) }; + } + } + + unsafe { + let f: ffi::CRYPTO_EX_free = free_data_box::; + let idx = ffi::SSL_get_ex_new_index(0, ptr::null(), None, None, Some(f)); + assert!(idx >= 0); + idx + } +} + extern "C" fn raw_verify(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX) -> c_int { unsafe { let idx = ffi::SSL_get_ex_data_X509_STORE_CTX_idx(); @@ -311,6 +336,21 @@ extern "C" fn raw_verify_with_data(preverify_ok: c_int, } } +extern "C" fn ssl_raw_verify(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX) -> c_int + where F: Fn(bool, &X509StoreContext) -> bool + Any + 'static + Sync + Send +{ + unsafe { + let idx = ffi::SSL_get_ex_data_X509_STORE_CTX_idx(); + let ssl = ffi::X509_STORE_CTX_get_ex_data(x509_ctx, idx); + let verify = ffi::SSL_get_ex_data(ssl, get_ssl_verify_data_idx::()); + let verify: &F = mem::transmute(verify); + + let ctx = X509StoreContext::new(x509_ctx); + + verify(preverify_ok != 0, &ctx) as c_int + } +} + extern "C" fn raw_sni(ssl: *mut ffi::SSL, ad: &mut c_int, _arg: *mut c_void) -> c_int { unsafe { let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl); @@ -928,6 +968,23 @@ impl Ssl { } } + /// Sets the certificate verification callback to be used during the + /// handshake process. + /// + /// The callback is provided with a boolean indicating if the + /// preveification process was successful, and an object providing access + /// to the certificate chain. It should return `true` if the certificate + /// chain is valid and `false` otherwise. + pub fn set_verify(&mut self, mode: SslVerifyMode, verify: F) + where F: Fn(bool, &X509StoreContext) -> bool + Any + 'static + Sync + Send + { + unsafe { + let verify = Box::new(verify); + ffi::SSL_set_ex_data(self.ssl, get_ssl_verify_data_idx::(), mem::transmute(verify)); + ffi::SSL_set_verify(self.ssl, mode.bits as c_int, Some(ssl_raw_verify::)); + } + } + pub fn get_current_cipher<'a>(&'a self) -> Option> { unsafe { let ptr = ffi::SSL_get_current_cipher(self.ssl); diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs index ce153b8e..608d6fd7 100644 --- a/openssl/src/ssl/tests/mod.rs +++ b/openssl/src/ssl/tests/mod.rs @@ -381,6 +381,36 @@ run_test!(verify_callback_data, |method, stream| { } }); +run_test!(ssl_verify_callback, |method, stream| { + use std::sync::atomic::{AtomicUsize, ATOMIC_USIZE_INIT, Ordering}; + use ssl::IntoSsl; + + static CHECKED: AtomicUsize = ATOMIC_USIZE_INIT; + + let ctx = SslContext::new(method).unwrap(); + let mut ssl = ctx.into_ssl().unwrap(); + + let node_hash_str = "db400bb62f1b1f29c3b8f323b8f7d9dea724fdcd67104ef549c772ae3749655b"; + let node_id = node_hash_str.from_hex().unwrap(); + ssl.set_verify(SSL_VERIFY_PEER, move |_, x509| { + CHECKED.store(1, Ordering::SeqCst); + match x509.get_current_cert() { + None => false, + Some(cert) => { + let fingerprint = cert.fingerprint(SHA256).unwrap(); + fingerprint == node_id + } + } + }); + + match SslStream::connect_generic(ssl, stream) { + Ok(_) => (), + Err(err) => panic!("Expected success, got {:?}", err) + } + + assert_eq!(CHECKED.load(Ordering::SeqCst), 1); +}); + // Make sure every write call translates to a write call to the underlying socket. #[test] fn test_write_hits_stream() { -- cgit v1.2.3 From 7b73003b6753020f9c5184145536f541c9d8d5ea Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sat, 30 Apr 2016 09:27:50 -0700 Subject: Add X509StoreContext::error_depth --- openssl/src/x509/mod.rs | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'openssl/src') diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index cdd729aa..af1e6ed1 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -104,6 +104,10 @@ impl X509StoreContext { }) } } + + pub fn error_depth(&self) -> u32 { + unsafe { ffi::X509_STORE_CTX_get_error_depth(self.ctx) as u32 } + } } #[allow(non_snake_case)] -- cgit v1.2.3 From bf7076b7853c27546ed5ce3d235e20b409682729 Mon Sep 17 00:00:00 2001 From: Corey Farwell Date: Sat, 30 Apr 2016 23:54:29 -0400 Subject: Implement `iter` method on `GeneralNames`. --- openssl/src/x509/mod.rs | 26 ++++++++++++++++++++++++++ openssl/src/x509/tests.rs | 13 +++++++++++++ 2 files changed, 39 insertions(+) (limited to 'openssl/src') diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index af1e6ed1..93526d7f 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -810,6 +810,32 @@ impl<'a> GeneralNames<'a> { } } } + + pub fn iter(&self) -> GeneralNamesIter { + GeneralNamesIter { + names: self, + idx: 0 + } + } +} + +pub struct GeneralNamesIter<'a> { + names: &'a GeneralNames<'a>, + idx: usize, +} + +impl<'a> Iterator for GeneralNamesIter<'a> { + type Item = GeneralName<'a>; + + fn next(&mut self) -> Option { + if self.idx < self.names.len() { + let name = self.names.get(self.idx); + self.idx += 1; + Some(name) + } else { + None + } + } } pub struct GeneralName<'a> { diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index 5f4d432e..aa41bfc6 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -169,3 +169,16 @@ fn test_subject_alt_name() { assert_eq!(subject_alt_names.get(1).ipadd(), Some(&[127, 0, 0, 1][..])); assert_eq!(subject_alt_names.get(2).ipadd(), Some(&b"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01"[..])); } + +#[test] +fn test_subject_alt_name_iter() { + let mut file = File::open("test/alt_name_cert.pem").unwrap(); + let cert = X509::from_pem(&mut file).unwrap(); + + let subject_alt_names = cert.subject_alt_names().unwrap(); + let mut subject_alt_names_iter = subject_alt_names.iter(); + assert_eq!(subject_alt_names_iter.next().unwrap().dns(), Some("foobar.com")); + assert_eq!(subject_alt_names_iter.next().unwrap().ipadd(), Some(&[127, 0, 0, 1][..])); + assert_eq!(subject_alt_names_iter.next().unwrap().ipadd(), Some(&b"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01"[..])); + assert!(subject_alt_names_iter.next().is_none()); +} -- cgit v1.2.3 From 87782b22cf6b4f5e2ba4dc77cadb991ce7080615 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sat, 30 Apr 2016 21:32:29 -0700 Subject: Implement IntoIterator for &GeneralNames --- openssl/src/x509/mod.rs | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'openssl/src') diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 93526d7f..da45a930 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -819,6 +819,15 @@ impl<'a> GeneralNames<'a> { } } +impl<'a> IntoIterator for &'a GeneralNames<'a> { + type Item = GeneralName<'a>; + type IntoIter = GeneralNamesIter<'a>; + + fn into_iter(self) -> GeneralNamesIter<'a> { + self.iter() + } +} + pub struct GeneralNamesIter<'a> { names: &'a GeneralNames<'a>, idx: usize, -- cgit v1.2.3 From 2cfb25136f6c09c76c3ff173edf3a22e64ba72ca Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 1 May 2016 09:09:51 -0700 Subject: Document SAN APIs and tweak accessor names --- openssl/src/x509/mod.rs | 24 ++++++++++++++++++++++-- openssl/src/x509/tests.rs | 14 ++++++++------ 2 files changed, 30 insertions(+), 8 deletions(-) (limited to 'openssl/src') diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index da45a930..6d38047a 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -469,6 +469,7 @@ impl<'ctx> X509<'ctx> { } } + /// Returns this certificate's SAN entries, if they exist. pub fn subject_alt_names<'a>(&'a self) -> Option> { unsafe { let stack = ffi::X509_get_ext_d2i(self.handle, @@ -788,18 +789,25 @@ make_validation_error!(X509_V_OK, X509ApplicationVerification = X509_V_ERR_APPLICATION_VERIFICATION, ); +/// A collection of OpenSSL `GENERAL_NAME`s. pub struct GeneralNames<'a> { stack: *const ffi::stack_st_GENERAL_NAME, m: PhantomData<&'a ()>, } impl<'a> GeneralNames<'a> { + /// Returns the number of `GeneralName`s in this structure. pub fn len(&self) -> usize { unsafe { (*self.stack).stack.num as usize } } + /// Returns the specified `GeneralName`. + /// + /// # Panics + /// + /// Panics if `idx` is not less than `len()`. pub fn get(&self, idx: usize) -> GeneralName<'a> { unsafe { assert!(idx < self.len()); @@ -811,6 +819,7 @@ impl<'a> GeneralNames<'a> { } } + /// Returns an iterator over the `GeneralName`s in this structure. pub fn iter(&self) -> GeneralNamesIter { GeneralNamesIter { names: self, @@ -828,6 +837,7 @@ impl<'a> IntoIterator for &'a GeneralNames<'a> { } } +/// An iterator over OpenSSL `GENERAL_NAME`s. pub struct GeneralNamesIter<'a> { names: &'a GeneralNames<'a>, idx: usize, @@ -845,15 +855,24 @@ impl<'a> Iterator for GeneralNamesIter<'a> { None } } + + fn size_hint(&self) -> (usize, Option) { + let size = self.names.len() - self.idx; + (size, Some(size)) + } } +impl<'a> ExactSizeIterator for GeneralNamesIter<'a> {} + +/// An OpenSSL `GENERAL_NAME`. pub struct GeneralName<'a> { name: *const ffi::GENERAL_NAME, m: PhantomData<&'a ()>, } impl<'a> GeneralName<'a> { - pub fn dns(&self) -> Option<&str> { + /// Returns the contents of this `GeneralName` if it is a `dNSName`. + pub fn dnsname(&self) -> Option<&str> { unsafe { if (*self.name).type_ != ffi::GEN_DNS { return None; @@ -867,7 +886,8 @@ impl<'a> GeneralName<'a> { } } - pub fn ipadd(&self) -> Option<&[u8]> { + /// Returns the contents of this `GeneralName` if it is an `iPAddress`. + pub fn ipaddress(&self) -> Option<&[u8]> { unsafe { if (*self.name).type_ != ffi::GEN_IPADD { return None; diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index aa41bfc6..0032d108 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -165,9 +165,10 @@ fn test_subject_alt_name() { let subject_alt_names = cert.subject_alt_names().unwrap(); assert_eq!(3, subject_alt_names.len()); - assert_eq!(Some("foobar.com"), subject_alt_names.get(0).dns()); - assert_eq!(subject_alt_names.get(1).ipadd(), Some(&[127, 0, 0, 1][..])); - assert_eq!(subject_alt_names.get(2).ipadd(), Some(&b"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01"[..])); + assert_eq!(Some("foobar.com"), subject_alt_names.get(0).dnsname()); + assert_eq!(subject_alt_names.get(1).ipaddress(), Some(&[127, 0, 0, 1][..])); + assert_eq!(subject_alt_names.get(2).ipaddress(), + Some(&b"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01"[..])); } #[test] @@ -177,8 +178,9 @@ fn test_subject_alt_name_iter() { let subject_alt_names = cert.subject_alt_names().unwrap(); let mut subject_alt_names_iter = subject_alt_names.iter(); - assert_eq!(subject_alt_names_iter.next().unwrap().dns(), Some("foobar.com")); - assert_eq!(subject_alt_names_iter.next().unwrap().ipadd(), Some(&[127, 0, 0, 1][..])); - assert_eq!(subject_alt_names_iter.next().unwrap().ipadd(), Some(&b"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01"[..])); + assert_eq!(subject_alt_names_iter.next().unwrap().dnsname(), Some("foobar.com")); + assert_eq!(subject_alt_names_iter.next().unwrap().ipaddress(), Some(&[127, 0, 0, 1][..])); + assert_eq!(subject_alt_names_iter.next().unwrap().ipaddress(), + Some(&b"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01"[..])); assert!(subject_alt_names_iter.next().is_none()); } -- cgit v1.2.3 From 59c13aea84496d3a68f3c280d8ff8f3b80651949 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 1 May 2016 18:14:33 -0700 Subject: Still check UTF validity in dnsname --- openssl/src/x509/mod.rs | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'openssl/src') diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 6d38047a..0a242a15 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -882,7 +882,10 @@ impl<'a> GeneralName<'a> { let len = ffi::ASN1_STRING_length((*self.name).d as *mut _); let slice = slice::from_raw_parts(ptr as *const u8, len as usize); - Some(str::from_utf8_unchecked(slice)) + // dNSNames are stated to be ASCII (specifically IA5). Hopefully + // OpenSSL checks that when loading a certificate but if not we'll + // use this instead of from_utf8_unchecked just in case. + str::from_utf8(slice).ok() } } -- cgit v1.2.3 From 487232b52dff30c51d62579ff9a438ac98348533 Mon Sep 17 00:00:00 2001 From: Corey Farwell Date: Sun, 1 May 2016 21:28:51 -0400 Subject: Remove unnecessary explicit lifetime. --- openssl/src/x509/extension.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'openssl/src') diff --git a/openssl/src/x509/extension.rs b/openssl/src/x509/extension.rs index 7ff0c1ca..99ef62c1 100644 --- a/openssl/src/x509/extension.rs +++ b/openssl/src/x509/extension.rs @@ -80,7 +80,7 @@ impl ExtensionType { } } - pub fn get_name<'a>(&'a self) -> Option<&'a str> { + pub fn get_name(&self) -> Option<&str> { match self { &ExtensionType::OtherStr(ref s) => Some(s), _ => None, -- cgit v1.2.3 From 9b1eb6d94d88da1a466954f3709b8399583ec5da Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 1 May 2016 20:45:49 -0700 Subject: Add a version of Ssl::set_verify that doesn't set a callback --- openssl/src/ssl/mod.rs | 9 ++++++++- openssl/src/ssl/tests/mod.rs | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) (limited to 'openssl/src') diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index b3c558c4..aa785142 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -968,6 +968,13 @@ impl Ssl { } } + /// Sets the verification mode to be used during the handshake process. + /// + /// Use `set_verify_callback` to additionally add a callback. + pub fn set_verify(&mut self, mode: SslVerifyMode) { + unsafe { ffi::SSL_set_verify(self.ssl, mode.bits as c_int, None) } + } + /// Sets the certificate verification callback to be used during the /// handshake process. /// @@ -975,7 +982,7 @@ impl Ssl { /// preveification process was successful, and an object providing access /// to the certificate chain. It should return `true` if the certificate /// chain is valid and `false` otherwise. - pub fn set_verify(&mut self, mode: SslVerifyMode, verify: F) + pub fn set_verify_callback(&mut self, mode: SslVerifyMode, verify: F) where F: Fn(bool, &X509StoreContext) -> bool + Any + 'static + Sync + Send { unsafe { diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs index 608d6fd7..c3e7a363 100644 --- a/openssl/src/ssl/tests/mod.rs +++ b/openssl/src/ssl/tests/mod.rs @@ -392,7 +392,7 @@ run_test!(ssl_verify_callback, |method, stream| { let node_hash_str = "db400bb62f1b1f29c3b8f323b8f7d9dea724fdcd67104ef549c772ae3749655b"; let node_id = node_hash_str.from_hex().unwrap(); - ssl.set_verify(SSL_VERIFY_PEER, move |_, x509| { + ssl.set_verify_callback(SSL_VERIFY_PEER, move |_, x509| { CHECKED.store(1, Ordering::SeqCst); match x509.get_current_cert() { None => false, -- cgit v1.2.3 From 78122a9d686e23c8d5cab21a26fb3061c550bcec Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Thu, 5 May 2016 13:32:27 -0700 Subject: Release v0.7.11 --- openssl/src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'openssl/src') diff --git a/openssl/src/lib.rs b/openssl/src/lib.rs index 63926615..f3be24b1 100644 --- a/openssl/src/lib.rs +++ b/openssl/src/lib.rs @@ -1,4 +1,4 @@ -#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.10")] +#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.11")] #![cfg_attr(feature = "nightly", feature(const_fn))] #[macro_use] -- cgit v1.2.3