Add basic X509_STORE access (26a3358a) · Commits · Public Repositories / Rust Openssl

openssl-sys/src/lib.rs

+5 −0

Original line number	Diff line number	Diff line
		@@ -38,6 +38,7 @@ pub enum X509_EXTENSION {}
		pub enum X509_NAME {}
		pub enum X509_NAME_ENTRY {}
		pub enum X509_REQ {}
		pub enum X509_STORE {}
		pub enum X509_STORE_CTX {}
		pub enum bio_st {}
		pub enum PKCS12 {}
		@@ -1622,6 +1623,7 @@ extern {
		pub fn SSL_CTX_use_PrivateKey(ctx: mut SSL_CTX, key: mut EVP_PKEY) -> c_int;
		pub fn SSL_CTX_check_private_key(ctx: *const SSL_CTX) -> c_int;
		pub fn SSL_CTX_set_client_CA_list(ctx: mut SSL_CTX, list: mut stack_st_X509_NAME);
		pub fn SSL_CTX_get_cert_store(ctx: mut SSL_CTX) -> mut X509_STORE;

		#[cfg(not(ossl101))]
		pub fn SSL_CTX_get0_certificate(ctx: const SSL_CTX) -> mut X509;
		@@ -1693,6 +1695,9 @@ extern {
		pub fn ASN1_STRING_free(x: *mut ASN1_STRING);
		pub fn ASN1_STRING_length(x: *const ASN1_STRING) -> c_int;

		pub fn X509_STORE_free(store: *mut X509_STORE);
		pub fn X509_STORE_add_cert(store: mut X509_STORE, x: mut X509) -> c_int;

		pub fn X509_STORE_CTX_free(ctx: *mut X509_STORE_CTX);
		pub fn X509_STORE_CTX_get_current_cert(ctx: mut X509_STORE_CTX) -> mut X509;
		pub fn X509_STORE_CTX_get_error(ctx: *mut X509_STORE_CTX) -> c_int;

+11 −0

Original line number	Diff line number	Diff line
		@@ -94,6 +94,7 @@ use {init, cvt, cvt_p};
		use dh::DhRef;
		use ec_key::EcKeyRef;
		use x509::{X509StoreContextRef, X509FileType, X509, X509Ref, X509VerifyError, X509Name};
		use x509::store::X509StoreBuilderRef;
		#[cfg(any(ossl102, ossl110))]
		use verify::X509VerifyParamRef;
		use pkey::PKeyRef;
		@@ -739,6 +740,16 @@ impl SslContextBuilder {
		unsafe { cvt(ffi::SSL_CTX_check_private_key(self.as_ptr())).map(\|_\| ()) }
		}

		/// Returns a shared reference to the context's certificate store.
		pub fn cert_store(&self) -> &X509StoreBuilderRef {
		unsafe { X509StoreBuilderRef::from_ptr(ffi::SSL_CTX_get_cert_store(self.as_ptr())) }
		}

		/// Returns a mutable reference to the context's certificate store.
		pub fn cert_store_mut(&mut self) -> &mut X509StoreBuilderRef {
		unsafe { X509StoreBuilderRef::from_ptr_mut(ffi::SSL_CTX_get_cert_store(self.as_ptr())) }
		}

		pub fn build(self) -> SslContext {
		let ctx = SslContext(self.0);
		mem::forget(self);

+14 −0

Original line number	Diff line number	Diff line
		@@ -28,6 +28,7 @@ use std::net::UdpSocket;

		mod select;

		static ROOT_CERT: &'static [u8] = include_bytes!("../../../test/root-ca.pem");
		static CERT: &'static [u8] = include_bytes!("../../../test/cert.pem");
		static KEY: &'static [u8] = include_bytes!("../../../test/key.pem");

		@@ -1192,6 +1193,19 @@ fn client_ca_list() {
		ctx.set_client_ca_list(names);
		}

		#[test]
		fn cert_store() {
		let (_s, tcp) = Server::new();

		let cert = X509::from_pem(ROOT_CERT).unwrap();

		let mut ctx = SslConnectorBuilder::new(SslMethod::tls()).unwrap();
		ctx.builder_mut().cert_store_mut().add_cert(cert).unwrap();
		let ctx = ctx.build();

		ctx.connect("foobar.com", tcp).unwrap();
		}

		fn _check_kinds() {
		fn is_send<T: Send>() {}
		fn is_sync<T: Sync>() {}

+1 −0

Original line number	Diff line number	Diff line
		@@ -36,6 +36,7 @@ pub mod verify;
		use x509::extension::{ExtensionType, Extension};

		pub mod extension;
		pub mod store;

		#[cfg(test)]
		mod tests;

0 → 100644

+20 −0

Original line number	Diff line number	Diff line
		use ffi;
		use std::mem;

		use cvt;
		use error::ErrorStack;
		use types::OpenSslTypeRef;
		use x509::X509;

		type_!(X509StoreBuilder, X509StoreBuilderRef, ffi::X509_STORE, ffi::X509_STORE_free);

		impl X509StoreBuilderRef {
		/// Adds a certificate to the certificate store.
		pub fn add_cert(&mut self, cert: X509) -> Result<(), ErrorStack> {
		unsafe {
		let ptr = cert.as_ptr();
		mem::forget(cert); // the cert will be freed inside of X509_STORE_add_cert on error
		cvt(ffi::X509_STORE_add_cert(self.as_ptr(), ptr)).map(\|_\| ())
		}
		}
		}