Unverified Commit 14662f54 authored by Steven Fackler's avatar Steven Fackler Committed by GitHub
Browse files

Merge pull request #890 from sfackler/no-feature-cleanup 

Clean up a couple of holdovers from old features
parents 598b326f ac950b28

openssl/src/lib.rs

+0 −2
Original line number Diff line number Diff line
@@ -61,8 +61,6 @@ pub mod string; 
pub mod symm;

pub mod version;

pub mod x509;

#[cfg(any(ossl102, ossl110))]

mod verify;



fn cvt_p<T>(r: *mut T) -> Result<*mut T, ErrorStack> {

    if r.is_null() {

openssl/src/ssl/connector.rs

+5 −11
Original line number Diff line number Diff line
@@ -192,11 +192,7 @@ impl SslAcceptor { 
    pub fn mozilla_intermediate(method: SslMethod) -> Result<SslAcceptorBuilder, ErrorStack> {

        let mut ctx = ctx(method)?;

        #[cfg(ossl111)]

        {

            ctx.set_options(SslOptions {

                bits: ::ffi::SSL_OP_NO_TLSv1_3,

            });

        }

        ctx.set_options(SslOptions::NO_TLSV1_3);

        let dh = Dh::params_from_pem(

            b"

-----BEGIN DH PARAMETERS-----
@@ -236,11 +232,7 @@ ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg== 
        let mut ctx = ctx(method)?;

        ctx.set_options(SslOptions::NO_TLSV1 | SslOptions::NO_TLSV1_1);

        #[cfg(ossl111)]

        {

            ctx.set_options(SslOptions {

                bits: ::ffi::SSL_OP_NO_TLSv1_3,

            });

        }

        ctx.set_options(SslOptions::NO_TLSV1_3);

        setup_curves(&mut ctx)?;

        ctx.set_cipher_list(

            "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:\
@@ -316,8 +308,10 @@ fn setup_verify(ctx: &mut SslContextBuilder) { 


#[cfg(any(ossl102, ossl110))]

fn setup_verify_hostname(ssl: &mut Ssl, domain: &str) -> Result<(), ErrorStack> {

    use x509::verify::X509CheckFlags;



    let param = ssl.param_mut();

    param.set_hostflags(::verify::X509CheckFlags::NO_PARTIAL_WILDCARDS);

    param.set_hostflags(X509CheckFlags::NO_PARTIAL_WILDCARDS);

    match domain.parse() {

        Ok(ip) => param.set_ip(ip),

        Err(_) => param.set_host(domain),

openssl/src/ssl/mod.rs

+5 −3
Original line number Diff line number Diff line
@@ -87,7 +87,7 @@ use x509::store::{X509StoreBuilderRef, X509StoreRef}; 
#[cfg(any(ossl102, ossl110))]

use x509::store::X509Store;

#[cfg(any(ossl102, ossl110))]

use verify::X509VerifyParamRef;

use x509::verify::X509VerifyParamRef;

use pkey::{HasPrivate, PKeyRef, Params, Private};

use error::ErrorStack;

use ex_data::Index;
@@ -1512,12 +1512,14 @@ impl SslContextBuilder { 
        parse_cb: ParseFn,

    ) -> Result<(), ErrorStack>

    where

        AddFn: Fn(&mut SslRef, ExtensionContext, Option<(usize, &X509Ref)>) -> Result<Option<T>, SslAlert>

        AddFn: Fn(&mut SslRef, ExtensionContext, Option<(usize, &X509Ref)>)

                -> Result<Option<T>, SslAlert>

            + 'static

            + Sync

            + Send,

        T: AsRef<[u8]> + 'static + Sync + Send,

        ParseFn: Fn(&mut SslRef, ExtensionContext, &[u8], Option<(usize, &X509Ref)>) -> Result<(), SslAlert>

        ParseFn: Fn(&mut SslRef, ExtensionContext, &[u8], Option<(usize, &X509Ref)>)

                -> Result<(), SslAlert>

            + 'static

            + Sync

            + Send,

openssl/src/verify.rs

deleted100644 → 0
+0 −86
Original line number Diff line number Diff line 
use libc::c_uint;

use ffi;

use foreign_types::ForeignTypeRef;

use std::net::IpAddr;



use cvt;

use error::ErrorStack;



bitflags! {

    /// Flags used to check an `X509` certificate.

    pub struct X509CheckFlags: c_uint {

        const ALWAYS_CHECK_SUBJECT = ffi::X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT;

        const FLAG_NO_WILDCARDS = ffi::X509_CHECK_FLAG_NO_WILDCARDS;

        const NO_PARTIAL_WILDCARDS = ffi::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS;

        const MULTI_LABEL_WILDCARDS = ffi::X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS;

        const SINGLE_LABEL_SUBDOMAINS

            = ffi::X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS;

        /// Requires OpenSSL 1.1.0 or newer.

        #[cfg(any(ossl110))]

        const NEVER_CHECK_SUBJECT = ffi::X509_CHECK_FLAG_NEVER_CHECK_SUBJECT;

    }

}



foreign_type_and_impl_send_sync! {

    type CType = ffi::X509_VERIFY_PARAM;

    fn drop = ffi::X509_VERIFY_PARAM_free;



    /// Adjust parameters associated with certificate verification.

    pub struct X509VerifyParam;

    /// Reference to `X509VerifyParam`.

    pub struct X509VerifyParamRef;

}



impl X509VerifyParamRef {

    /// Set the host flags.

    ///

    /// This corresponds to [`X509_VERIFY_PARAM_set_hostflags`].

    ///

    /// [`X509_VERIFY_PARAM_set_hostflags`]: https://www.openssl.org/docs/man1.1.0/crypto/X509_VERIFY_PARAM_set_hostflags.html

    pub fn set_hostflags(&mut self, hostflags: X509CheckFlags) {

        unsafe {

            ffi::X509_VERIFY_PARAM_set_hostflags(self.as_ptr(), hostflags.bits);

        }

    }



    /// Set the expected DNS hostname.

    ///

    /// This corresponds to [`X509_VERIFY_PARAM_set1_host`].

    ///

    /// [`X509_VERIFY_PARAM_set1_host`]: https://www.openssl.org/docs/man1.1.0/crypto/X509_VERIFY_PARAM_set1_host.html

    pub fn set_host(&mut self, host: &str) -> Result<(), ErrorStack> {

        unsafe {

            cvt(ffi::X509_VERIFY_PARAM_set1_host(

                self.as_ptr(),

                host.as_ptr() as *const _,

                host.len(),

            )).map(|_| ())

        }

    }



    /// Set the expected IPv4 or IPv6 address.

    ///

    /// This corresponds to [`X509_VERIFY_PARAM_set1_ip`].

    ///

    /// [`X509_VERIFY_PARAM_set1_ip`]: https://www.openssl.org/docs/man1.1.0/crypto/X509_VERIFY_PARAM_set1_ip.html

    pub fn set_ip(&mut self, ip: IpAddr) -> Result<(), ErrorStack> {

        unsafe {

            let mut buf = [0; 16];

            let len = match ip {

                IpAddr::V4(addr) => {

                    buf[..4].copy_from_slice(&addr.octets());

                    4

                }

                IpAddr::V6(addr) => {

                    buf.copy_from_slice(&addr.octets());

                    16

                }

            };

            cvt(ffi::X509_VERIFY_PARAM_set1_ip(

                self.as_ptr(),

                buf.as_ptr() as *const _,

                len,

            )).map(|_| ())

        }

    }

}

openssl/src/x509/verify.rs

+87 −4
Original line number Diff line number Diff line 
//! X509 certificate verification

//!

//! Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.

use libc::c_uint;

use ffi;

use foreign_types::ForeignTypeRef;

use std::net::IpAddr;



pub use verify::*;
 
use cvt;

use error::ErrorStack;



bitflags! {

    /// Flags used to check an `X509` certificate.

    pub struct X509CheckFlags: c_uint {

        const ALWAYS_CHECK_SUBJECT = ffi::X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT;

        const NO_WILDCARDS = ffi::X509_CHECK_FLAG_NO_WILDCARDS;

        const NO_PARTIAL_WILDCARDS = ffi::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS;

        const MULTI_LABEL_WILDCARDS = ffi::X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS;

        const SINGLE_LABEL_SUBDOMAINS = ffi::X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS;

        /// Requires OpenSSL 1.1.0 or newer.

        #[cfg(any(ossl110))]

        const NEVER_CHECK_SUBJECT = ffi::X509_CHECK_FLAG_NEVER_CHECK_SUBJECT;



        #[deprecated(since = "0.10.6", note = "renamed to NO_WILDCARDS")]

        const FLAG_NO_WILDCARDS = ffi::X509_CHECK_FLAG_NO_WILDCARDS;

    }

}



foreign_type_and_impl_send_sync! {

    type CType = ffi::X509_VERIFY_PARAM;

    fn drop = ffi::X509_VERIFY_PARAM_free;



    /// Adjust parameters associated with certificate verification.

    pub struct X509VerifyParam;

    /// Reference to `X509VerifyParam`.

    pub struct X509VerifyParamRef;

}



impl X509VerifyParamRef {

    /// Set the host flags.

    ///

    /// This corresponds to [`X509_VERIFY_PARAM_set_hostflags`].

    ///

    /// [`X509_VERIFY_PARAM_set_hostflags`]: https://www.openssl.org/docs/man1.1.0/crypto/X509_VERIFY_PARAM_set_hostflags.html

    pub fn set_hostflags(&mut self, hostflags: X509CheckFlags) {

        unsafe {

            ffi::X509_VERIFY_PARAM_set_hostflags(self.as_ptr(), hostflags.bits);

        }

    }



    /// Set the expected DNS hostname.

    ///

    /// This corresponds to [`X509_VERIFY_PARAM_set1_host`].

    ///

    /// [`X509_VERIFY_PARAM_set1_host`]: https://www.openssl.org/docs/man1.1.0/crypto/X509_VERIFY_PARAM_set1_host.html

    pub fn set_host(&mut self, host: &str) -> Result<(), ErrorStack> {

        unsafe {

            cvt(ffi::X509_VERIFY_PARAM_set1_host(

                self.as_ptr(),

                host.as_ptr() as *const _,

                host.len(),

            )).map(|_| ())

        }

    }



    /// Set the expected IPv4 or IPv6 address.

    ///

    /// This corresponds to [`X509_VERIFY_PARAM_set1_ip`].

    ///

    /// [`X509_VERIFY_PARAM_set1_ip`]: https://www.openssl.org/docs/man1.1.0/crypto/X509_VERIFY_PARAM_set1_ip.html

    pub fn set_ip(&mut self, ip: IpAddr) -> Result<(), ErrorStack> {

        unsafe {

            let mut buf = [0; 16];

            let len = match ip {

                IpAddr::V4(addr) => {

                    buf[..4].copy_from_slice(&addr.octets());

                    4

                }

                IpAddr::V6(addr) => {

                    buf.copy_from_slice(&addr.octets());

                    16

                }

            };

            cvt(ffi::X509_VERIFY_PARAM_set1_ip(

                self.as_ptr(),

                buf.as_ptr() as *const _,

                len,

            )).map(|_| ())

        }

    }

}