Loading openssl-sys/src/x509v3.rs +0 −10 Original line number Diff line number Diff line Loading @@ -58,25 +58,15 @@ pub const EXFLAG_FRESHEST: u32 = 0x1000; #[cfg(any(ossl102, libressl261))] pub const EXFLAG_SS: u32 = 0x2000; #[cfg(not(boringssl))] pub const X509v3_KU_DIGITAL_SIGNATURE: u32 = 0x0080; #[cfg(not(boringssl))] pub const X509v3_KU_NON_REPUDIATION: u32 = 0x0040; #[cfg(not(boringssl))] pub const X509v3_KU_KEY_ENCIPHERMENT: u32 = 0x0020; #[cfg(not(boringssl))] pub const X509v3_KU_DATA_ENCIPHERMENT: u32 = 0x0010; #[cfg(not(boringssl))] pub const X509v3_KU_KEY_AGREEMENT: u32 = 0x0008; #[cfg(not(boringssl))] pub const X509v3_KU_KEY_CERT_SIGN: u32 = 0x0004; #[cfg(not(boringssl))] pub const X509v3_KU_CRL_SIGN: u32 = 0x0002; #[cfg(not(boringssl))] pub const X509v3_KU_ENCIPHER_ONLY: u32 = 0x0001; #[cfg(not(boringssl))] pub const X509v3_KU_DECIPHER_ONLY: u32 = 0x8000; #[cfg(not(boringssl))] pub const X509v3_KU_UNDEF: u32 = 0xffff; pub const XKU_SSL_SERVER: u32 = 0x1; Loading openssl/src/x509/mod.rs +19 −28 Original line number Diff line number Diff line Loading @@ -8,7 +8,7 @@ //! the secure protocol for browsing the web. use cfg_if::cfg_if; use foreign_types::{ForeignType, ForeignTypeRef}; use foreign_types::{ForeignType, ForeignTypeRef, Opaque}; use libc::{c_int, c_long, c_uint}; use std::cmp::{self, Ordering}; use std::error::Error; Loading Loading @@ -1740,7 +1740,8 @@ cfg_if! { } } pub struct X509PurposeId(i32); #[derive(Copy, Clone, PartialEq, Eq)] pub struct X509PurposeId(c_int); impl X509PurposeId { pub const SSL_CLIENT: X509PurposeId = X509PurposeId(ffi::X509_PURPOSE_SSL_CLIENT); Loading @@ -1753,31 +1754,24 @@ impl X509PurposeId { pub const OCSP_HELPER: X509PurposeId = X509PurposeId(ffi::X509_PURPOSE_OCSP_HELPER); pub const TIMESTAMP_SIGN: X509PurposeId = X509PurposeId(ffi::X509_PURPOSE_TIMESTAMP_SIGN); pub fn value(&self) -> i32 { self.0 } } /// Constructs an `X509PurposeId` from a raw OpenSSL value. pub fn from_raw(id: c_int) -> Self { X509PurposeId(id) } impl From<i32> for X509PurposeId { fn from(id: i32) -> Self { X509PurposeId(id) /// Returns the raw OpenSSL value represented by this type. pub fn as_raw(&self) -> c_int { self.0 } } /// fake free method, since X509_PURPOSE is static unsafe fn no_free_purpose(_purps: *mut ffi::X509_PURPOSE) {} /// A reference to an [`X509_PURPOSE`]. pub struct X509PurposeRef(Opaque); foreign_type_and_impl_send_sync! { /// Implements a wrapper type for the static `X509_PURPOSE` table in OpenSSL. impl ForeignTypeRef for X509PurposeRef { type CType = ffi::X509_PURPOSE; fn drop = no_free_purpose; /// Adjust parameters associated with certificate verification. pub struct X509Purpose; /// Reference to `X509Purpose`. pub struct X509PurposeRef; } impl X509Purpose { impl X509PurposeRef { /// Get the internal table index of an X509_PURPOSE for a given short name. Valid short /// names include /// - "sslclient", Loading @@ -1789,9 +1783,9 @@ impl X509Purpose { /// - "any", /// - "ocsphelper", /// - "timestampsign" /// The index can be used with `X509Purpose::from_idx()` to get the purpose. /// The index can be used with `X509PurposeRef::from_idx()` to get the purpose. #[allow(clippy::unnecessary_cast)] pub fn get_by_sname(sname: &str) -> Result<i32, ErrorStack> { pub fn get_by_sname(sname: &str) -> Result<c_int, ErrorStack> { unsafe { let sname = CString::new(sname).unwrap(); cfg_if! { Loading @@ -1801,22 +1795,19 @@ impl X509Purpose { let purpose = cvt_n(ffi::X509_PURPOSE_get_by_sname(sname.as_ptr() as *mut _))?; } } Ok(purpose as i32) Ok(purpose) } } /// Get an `X509PurposeRef` for a given index value. The index can be obtained from e.g. /// `X509Purpose::get_by_sname()`. /// `X509PurposeRef::get_by_sname()`. #[corresponds(X509_PURPOSE_get0)] pub fn from_idx(idx: i32) -> Result<&'static X509PurposeRef, ErrorStack> { pub fn from_idx(idx: c_int) -> Result<&'static X509PurposeRef, ErrorStack> { unsafe { let ptr = cvt_p(ffi::X509_PURPOSE_get0(idx))?; Ok(X509PurposeRef::from_ptr(ptr)) } } } impl X509PurposeRef { /// Get the purpose value from an X509Purpose structure. This value is one of /// - `X509_PURPOSE_SSL_CLIENT` /// - `X509_PURPOSE_SSL_SERVER` Loading @@ -1830,7 +1821,7 @@ impl X509PurposeRef { pub fn purpose(&self) -> X509PurposeId { unsafe { let x509_purpose: *mut ffi::X509_PURPOSE = self.as_ptr(); X509PurposeId::from((*x509_purpose).purpose) X509PurposeId::from_raw((*x509_purpose).purpose) } } } openssl/src/x509/store.rs +2 −3 Original line number Diff line number Diff line Loading @@ -53,7 +53,6 @@ use crate::stack::StackRef; use crate::x509::verify::{X509VerifyFlags, X509VerifyParamRef}; use crate::x509::{X509Object, X509PurposeId, X509}; use crate::{cvt, cvt_p}; use libc::c_int; use openssl_macros::corresponds; #[cfg(not(boringssl))] use std::ffi::CString; Loading Loading @@ -127,13 +126,13 @@ impl X509StoreBuilderRef { } /// Sets the certificate purpose. /// The purpose value can be obtained by `X509Purpose::get_by_sname()` /// The purpose value can be obtained by `X509PurposeRef::get_by_sname()` #[corresponds(X509_STORE_set_purpose)] pub fn set_purpose(&mut self, purpose: X509PurposeId) -> Result<(), ErrorStack> { unsafe { cvt(ffi::X509_STORE_set_purpose( self.as_ptr(), purpose.value() as c_int, purpose.as_raw(), )) .map(|_| ()) } Loading openssl/src/x509/tests.rs +7 −7 Original line number Diff line number Diff line Loading @@ -21,7 +21,7 @@ use crate::x509::verify::{X509VerifyFlags, X509VerifyParam}; #[cfg(ossl110)] use crate::x509::X509Builder; #[cfg(any(ossl102, libressl261))] use crate::x509::X509Purpose; use crate::x509::X509PurposeRef; #[cfg(ossl102)] use crate::x509::X509PurposeId; use crate::x509::{X509Name, X509Req, X509StoreContext, X509VerifyResult, X509}; Loading Loading @@ -452,12 +452,12 @@ fn test_verify_cert_with_purpose() { let chain = Stack::new().unwrap(); let mut store_bldr = X509StoreBuilder::new().unwrap(); let purpose_idx = X509Purpose::get_by_sname("sslserver") let purpose_idx = X509PurposeRef::get_by_sname("sslserver") .expect("Getting certificate purpose 'sslserver' failed"); let x509_purpose = X509Purpose::from_idx(purpose_idx).expect("Getting certificate purpose failed"); let x509_purposeref = X509PurposeRef::from_idx(purpose_idx).expect("Getting certificate purpose failed"); store_bldr .set_purpose(x509_purpose.purpose()) .set_purpose(x509_purposeref.purpose()) .expect("Setting certificate purpose failed"); store_bldr.add_cert(ca).unwrap(); Loading @@ -479,10 +479,10 @@ fn test_verify_cert_with_wrong_purpose_fails() { let chain = Stack::new().unwrap(); let mut store_bldr = X509StoreBuilder::new().unwrap(); let purpose_idx = X509Purpose::get_by_sname("timestampsign") let purpose_idx = X509PurposeRef::get_by_sname("timestampsign") .expect("Getting certificate purpose 'timestampsign' failed"); let x509_purpose = X509Purpose::from_idx(purpose_idx).expect("Getting certificate purpose failed"); X509PurposeRef::from_idx(purpose_idx).expect("Getting certificate purpose failed"); store_bldr .set_purpose(x509_purpose.purpose()) .expect("Setting certificate purpose failed"); Loading Loading
openssl-sys/src/x509v3.rs +0 −10 Original line number Diff line number Diff line Loading @@ -58,25 +58,15 @@ pub const EXFLAG_FRESHEST: u32 = 0x1000; #[cfg(any(ossl102, libressl261))] pub const EXFLAG_SS: u32 = 0x2000; #[cfg(not(boringssl))] pub const X509v3_KU_DIGITAL_SIGNATURE: u32 = 0x0080; #[cfg(not(boringssl))] pub const X509v3_KU_NON_REPUDIATION: u32 = 0x0040; #[cfg(not(boringssl))] pub const X509v3_KU_KEY_ENCIPHERMENT: u32 = 0x0020; #[cfg(not(boringssl))] pub const X509v3_KU_DATA_ENCIPHERMENT: u32 = 0x0010; #[cfg(not(boringssl))] pub const X509v3_KU_KEY_AGREEMENT: u32 = 0x0008; #[cfg(not(boringssl))] pub const X509v3_KU_KEY_CERT_SIGN: u32 = 0x0004; #[cfg(not(boringssl))] pub const X509v3_KU_CRL_SIGN: u32 = 0x0002; #[cfg(not(boringssl))] pub const X509v3_KU_ENCIPHER_ONLY: u32 = 0x0001; #[cfg(not(boringssl))] pub const X509v3_KU_DECIPHER_ONLY: u32 = 0x8000; #[cfg(not(boringssl))] pub const X509v3_KU_UNDEF: u32 = 0xffff; pub const XKU_SSL_SERVER: u32 = 0x1; Loading
openssl/src/x509/mod.rs +19 −28 Original line number Diff line number Diff line Loading @@ -8,7 +8,7 @@ //! the secure protocol for browsing the web. use cfg_if::cfg_if; use foreign_types::{ForeignType, ForeignTypeRef}; use foreign_types::{ForeignType, ForeignTypeRef, Opaque}; use libc::{c_int, c_long, c_uint}; use std::cmp::{self, Ordering}; use std::error::Error; Loading Loading @@ -1740,7 +1740,8 @@ cfg_if! { } } pub struct X509PurposeId(i32); #[derive(Copy, Clone, PartialEq, Eq)] pub struct X509PurposeId(c_int); impl X509PurposeId { pub const SSL_CLIENT: X509PurposeId = X509PurposeId(ffi::X509_PURPOSE_SSL_CLIENT); Loading @@ -1753,31 +1754,24 @@ impl X509PurposeId { pub const OCSP_HELPER: X509PurposeId = X509PurposeId(ffi::X509_PURPOSE_OCSP_HELPER); pub const TIMESTAMP_SIGN: X509PurposeId = X509PurposeId(ffi::X509_PURPOSE_TIMESTAMP_SIGN); pub fn value(&self) -> i32 { self.0 } } /// Constructs an `X509PurposeId` from a raw OpenSSL value. pub fn from_raw(id: c_int) -> Self { X509PurposeId(id) } impl From<i32> for X509PurposeId { fn from(id: i32) -> Self { X509PurposeId(id) /// Returns the raw OpenSSL value represented by this type. pub fn as_raw(&self) -> c_int { self.0 } } /// fake free method, since X509_PURPOSE is static unsafe fn no_free_purpose(_purps: *mut ffi::X509_PURPOSE) {} /// A reference to an [`X509_PURPOSE`]. pub struct X509PurposeRef(Opaque); foreign_type_and_impl_send_sync! { /// Implements a wrapper type for the static `X509_PURPOSE` table in OpenSSL. impl ForeignTypeRef for X509PurposeRef { type CType = ffi::X509_PURPOSE; fn drop = no_free_purpose; /// Adjust parameters associated with certificate verification. pub struct X509Purpose; /// Reference to `X509Purpose`. pub struct X509PurposeRef; } impl X509Purpose { impl X509PurposeRef { /// Get the internal table index of an X509_PURPOSE for a given short name. Valid short /// names include /// - "sslclient", Loading @@ -1789,9 +1783,9 @@ impl X509Purpose { /// - "any", /// - "ocsphelper", /// - "timestampsign" /// The index can be used with `X509Purpose::from_idx()` to get the purpose. /// The index can be used with `X509PurposeRef::from_idx()` to get the purpose. #[allow(clippy::unnecessary_cast)] pub fn get_by_sname(sname: &str) -> Result<i32, ErrorStack> { pub fn get_by_sname(sname: &str) -> Result<c_int, ErrorStack> { unsafe { let sname = CString::new(sname).unwrap(); cfg_if! { Loading @@ -1801,22 +1795,19 @@ impl X509Purpose { let purpose = cvt_n(ffi::X509_PURPOSE_get_by_sname(sname.as_ptr() as *mut _))?; } } Ok(purpose as i32) Ok(purpose) } } /// Get an `X509PurposeRef` for a given index value. The index can be obtained from e.g. /// `X509Purpose::get_by_sname()`. /// `X509PurposeRef::get_by_sname()`. #[corresponds(X509_PURPOSE_get0)] pub fn from_idx(idx: i32) -> Result<&'static X509PurposeRef, ErrorStack> { pub fn from_idx(idx: c_int) -> Result<&'static X509PurposeRef, ErrorStack> { unsafe { let ptr = cvt_p(ffi::X509_PURPOSE_get0(idx))?; Ok(X509PurposeRef::from_ptr(ptr)) } } } impl X509PurposeRef { /// Get the purpose value from an X509Purpose structure. This value is one of /// - `X509_PURPOSE_SSL_CLIENT` /// - `X509_PURPOSE_SSL_SERVER` Loading @@ -1830,7 +1821,7 @@ impl X509PurposeRef { pub fn purpose(&self) -> X509PurposeId { unsafe { let x509_purpose: *mut ffi::X509_PURPOSE = self.as_ptr(); X509PurposeId::from((*x509_purpose).purpose) X509PurposeId::from_raw((*x509_purpose).purpose) } } }
openssl/src/x509/store.rs +2 −3 Original line number Diff line number Diff line Loading @@ -53,7 +53,6 @@ use crate::stack::StackRef; use crate::x509::verify::{X509VerifyFlags, X509VerifyParamRef}; use crate::x509::{X509Object, X509PurposeId, X509}; use crate::{cvt, cvt_p}; use libc::c_int; use openssl_macros::corresponds; #[cfg(not(boringssl))] use std::ffi::CString; Loading Loading @@ -127,13 +126,13 @@ impl X509StoreBuilderRef { } /// Sets the certificate purpose. /// The purpose value can be obtained by `X509Purpose::get_by_sname()` /// The purpose value can be obtained by `X509PurposeRef::get_by_sname()` #[corresponds(X509_STORE_set_purpose)] pub fn set_purpose(&mut self, purpose: X509PurposeId) -> Result<(), ErrorStack> { unsafe { cvt(ffi::X509_STORE_set_purpose( self.as_ptr(), purpose.value() as c_int, purpose.as_raw(), )) .map(|_| ()) } Loading
openssl/src/x509/tests.rs +7 −7 Original line number Diff line number Diff line Loading @@ -21,7 +21,7 @@ use crate::x509::verify::{X509VerifyFlags, X509VerifyParam}; #[cfg(ossl110)] use crate::x509::X509Builder; #[cfg(any(ossl102, libressl261))] use crate::x509::X509Purpose; use crate::x509::X509PurposeRef; #[cfg(ossl102)] use crate::x509::X509PurposeId; use crate::x509::{X509Name, X509Req, X509StoreContext, X509VerifyResult, X509}; Loading Loading @@ -452,12 +452,12 @@ fn test_verify_cert_with_purpose() { let chain = Stack::new().unwrap(); let mut store_bldr = X509StoreBuilder::new().unwrap(); let purpose_idx = X509Purpose::get_by_sname("sslserver") let purpose_idx = X509PurposeRef::get_by_sname("sslserver") .expect("Getting certificate purpose 'sslserver' failed"); let x509_purpose = X509Purpose::from_idx(purpose_idx).expect("Getting certificate purpose failed"); let x509_purposeref = X509PurposeRef::from_idx(purpose_idx).expect("Getting certificate purpose failed"); store_bldr .set_purpose(x509_purpose.purpose()) .set_purpose(x509_purposeref.purpose()) .expect("Setting certificate purpose failed"); store_bldr.add_cert(ca).unwrap(); Loading @@ -479,10 +479,10 @@ fn test_verify_cert_with_wrong_purpose_fails() { let chain = Stack::new().unwrap(); let mut store_bldr = X509StoreBuilder::new().unwrap(); let purpose_idx = X509Purpose::get_by_sname("timestampsign") let purpose_idx = X509PurposeRef::get_by_sname("timestampsign") .expect("Getting certificate purpose 'timestampsign' failed"); let x509_purpose = X509Purpose::from_idx(purpose_idx).expect("Getting certificate purpose failed"); X509PurposeRef::from_idx(purpose_idx).expect("Getting certificate purpose failed"); store_bldr .set_purpose(x509_purpose.purpose()) .expect("Setting certificate purpose failed"); Loading
