Commit 2216f86b authored by Steven Fackler's avatar Steven Fackler
Browse files

Make verification callbacks sound

parent fc57ec0e

lib.rs

+4 −4
Original line number Diff line number Diff line
@@ -111,14 +111,14 @@ extern "C" fn raw_verify(preverify_ok: c_int, x509_ctx: *ffi::X509_STORE_CTX) 


        match verify {

            None => preverify_ok,

            Some(verify) => verify(preverify_ok != 0, ctx) as c_int

            Some(verify) => verify(preverify_ok != 0, &ctx) as c_int

        }

    }

}



/// The signature of functions that can be used to manually verify certificates

pub type VerifyCallback = extern "Rust" fn(preverify_ok: bool,

                                           x509_ctx: X509StoreContext) -> bool;

                                           x509_ctx: &X509StoreContext) -> bool;



/// An SSL context object

pub struct SslContext {
@@ -189,7 +189,7 @@ impl X509StoreContext { 
        X509ValidationError::from_raw(err)

    }



    pub fn get_current_cert(&self) -> Option<X509> {

    pub fn get_current_cert<'a>(&'a self) -> Option<X509<'a>> {

        let ptr = unsafe { ffi::X509_STORE_CTX_get_current_cert(self.ctx) };



        if ptr.is_null() {
@@ -201,7 +201,7 @@ impl X509StoreContext { 
}



/// A public key certificate

pub struct X509 {

pub struct X509<'ctx> {

    priv x509: *ffi::X509

}

test.rs

+7 −7
Original line number Diff line number Diff line
@@ -47,7 +47,7 @@ fn test_verify_trusted() { 


#[test]

fn test_verify_untrusted_callback_override_ok() {

    fn callback(_preverify_ok: bool, _x509_ctx: X509StoreContext) -> bool {

    fn callback(_preverify_ok: bool, _x509_ctx: &X509StoreContext) -> bool {

        true

    }

    let stream = TcpStream::connect(FromStr::from_str("127.0.0.1:15418").unwrap()).unwrap();
@@ -61,7 +61,7 @@ fn test_verify_untrusted_callback_override_ok() { 


#[test]

fn test_verify_untrusted_callback_override_bad() {

    fn callback(_preverify_ok: bool, _x509_ctx: X509StoreContext) -> bool {

    fn callback(_preverify_ok: bool, _x509_ctx: &X509StoreContext) -> bool {

        false

    }

    let stream = TcpStream::connect(FromStr::from_str("127.0.0.1:15418").unwrap()).unwrap();
@@ -72,7 +72,7 @@ fn test_verify_untrusted_callback_override_bad() { 


#[test]

fn test_verify_trusted_callback_override_ok() {

    fn callback(_preverify_ok: bool, _x509_ctx: X509StoreContext) -> bool {

    fn callback(_preverify_ok: bool, _x509_ctx: &X509StoreContext) -> bool {

        true

    }

    let stream = TcpStream::connect(FromStr::from_str("127.0.0.1:15418").unwrap()).unwrap();
@@ -90,7 +90,7 @@ fn test_verify_trusted_callback_override_ok() { 


#[test]

fn test_verify_trusted_callback_override_bad() {

    fn callback(_preverify_ok: bool, _x509_ctx: X509StoreContext) -> bool {

    fn callback(_preverify_ok: bool, _x509_ctx: &X509StoreContext) -> bool {

        false

    }

    let stream = TcpStream::connect(FromStr::from_str("127.0.0.1:15418").unwrap()).unwrap();
@@ -105,7 +105,7 @@ fn test_verify_trusted_callback_override_bad() { 


#[test]

fn test_verify_callback_load_certs() {

    fn callback(_preverify_ok: bool, x509_ctx: X509StoreContext) -> bool {

    fn callback(_preverify_ok: bool, x509_ctx: &X509StoreContext) -> bool {

        assert!(x509_ctx.get_current_cert().is_some());

        true

    }
@@ -117,7 +117,7 @@ fn test_verify_callback_load_certs() { 


#[test]

fn test_verify_trusted_get_error_ok() {

    fn callback(_preverify_ok: bool, x509_ctx: X509StoreContext) -> bool {

    fn callback(_preverify_ok: bool, x509_ctx: &X509StoreContext) -> bool {

        assert!(x509_ctx.get_error().is_none());

        true

    }
@@ -133,7 +133,7 @@ fn test_verify_trusted_get_error_ok() { 


#[test]

fn test_verify_trusted_get_error_err() {

    fn callback(_preverify_ok: bool, x509_ctx: X509StoreContext) -> bool {

    fn callback(_preverify_ok: bool, x509_ctx: &X509StoreContext) -> bool {

        assert!(x509_ctx.get_error().is_some());

        false

    }