From c2e72f6641b27c9227c43690ee39b772d0edea2a Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sat, 16 Apr 2016 20:47:32 -0700 Subject: Add SslContext::set_default_verify_paths --- openssl/src/ssl/mod.rs | 4 ++++ openssl/src/ssl/tests/mod.rs | 17 +++++++++++++++++ 2 files changed, 21 insertions(+) (limited to 'openssl/src') diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index e21cc3dd..4f1504aa 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -612,6 +612,10 @@ impl SslContext { wrap_ssl_result(unsafe { ffi_extras::SSL_CTX_set_tmp_dh(self.ctx, dh.raw()) as i32 }) } + pub fn set_default_verify_paths(&mut self) -> Result<(), SslError> { + wrap_ssl_result(unsafe { ffi::SSL_CTX_set_default_verify_paths(self.ctx) }) + } + #[allow(non_snake_case)] /// Specifies the file that contains trusted CA certificates. pub fn set_CA_file>(&mut self, file: P) -> Result<(), SslError> { diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs index be35d7ef..15811d99 100644 --- a/openssl/src/ssl/tests/mod.rs +++ b/openssl/src/ssl/tests/mod.rs @@ -1059,3 +1059,20 @@ fn refcount_ssl_context() { let _new_ctx_b = ssl.set_ssl_context(&new_ctx_a); } } + +#[test] +fn default_verify_paths() { + let mut ctx = SslContext::new(SslMethod::Sslv23).unwrap(); + ctx.set_default_verify_paths().unwrap(); + ctx.set_verify(SSL_VERIFY_PEER, None); + let s = TcpStream::connect("google.com:443").unwrap(); + let mut socket = SslStream::connect(&ctx, s).unwrap(); + + socket.write_all(b"GET / HTTP/1.0\r\n\r\n").unwrap(); + let mut result = vec![]; + socket.read_to_end(&mut result).unwrap(); + + println!("{}", String::from_utf8_lossy(&result)); + assert!(result.starts_with(b"HTTP/1.0")); + assert!(result.ends_with(b"\r\n") || result.ends_with(b"")); +} -- cgit v1.2.3