Loading openssl-sys/src/lib.rs +7 −0 Original line number Diff line number Diff line Loading @@ -1143,6 +1143,8 @@ pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: c_int = 65; pub const SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: c_int = 70; pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: c_int = 71; pub const SSL_CTRL_GET_EXTRA_CHAIN_CERTS: c_int = 82; #[cfg(not(any(ossl101, libressl)))] pub const SSL_CTRL_SET_VERIFY_CERT_STORE: c_int = 106; pub const SSL_MODE_ENABLE_PARTIAL_WRITE: c_long = 0x1; pub const SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER: c_long = 0x2; Loading Loading @@ -1349,6 +1351,11 @@ pub unsafe fn SSL_CTX_add_extra_chain_cert(ctx: *mut SSL_CTX, x509: *mut X509) - SSL_CTX_ctrl(ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, x509 as *mut c_void) } #[cfg(not(any(ossl101, libressl)))] pub unsafe fn SSL_CTX_set0_verify_cert_store(ctx: *mut SSL_CTX, st: *mut X509_STORE) -> c_long { SSL_CTX_ctrl(ctx, SSL_CTRL_SET_VERIFY_CERT_STORE, 0, st as *mut c_void) } pub unsafe fn SSL_CTX_set_tlsext_servername_callback(ctx: *mut SSL_CTX, cb: Option<extern fn()>) -> c_long { Loading openssl/src/ssl/mod.rs +17 −0 Original line number Diff line number Diff line Loading @@ -99,6 +99,8 @@ use ec::EcKeyRef; use ec::EcKey; use x509::{X509StoreContextRef, X509FileType, X509, X509Ref, X509VerifyError, X509Name}; use x509::store::{X509StoreBuilderRef, X509StoreRef}; #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] use x509::store::X509Store; #[cfg(any(ossl102, ossl110))] use verify::X509VerifyParamRef; use pkey::PKeyRef; Loading Loading @@ -652,6 +654,21 @@ impl SslContextBuilder { } } /// Sets a custom X509Store for verifying peer certificates. /// /// Requires the `v102` feature and OpenSSL 1.0.2, or the `v110` feature and OpenSSL 1.1.0. #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] pub fn set_verify_cert_store(&mut self, cert_store: X509Store) -> Result<(), ErrorStack> { unsafe { // set0 will free, set1 increments, and then requires a free let ptr = cert_store.as_ptr(); let result = try!(cvt(ffi::SSL_CTX_set0_verify_cert_store(self.as_ptr(), ptr) as c_int).map(|_|())); mem::forget(cert_store); Ok(result) } } pub fn set_read_ahead(&mut self, read_ahead: bool) { unsafe { ffi::SSL_CTX_set_read_ahead(self.as_ptr(), read_ahead as c_long); Loading openssl/src/ssl/tests/mod.rs +25 −0 Original line number Diff line number Diff line Loading @@ -173,9 +173,15 @@ macro_rules! run_test( use ssl::SSL_VERIFY_PEER; use hash::MessageDigest; use x509::X509StoreContext; #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] use x509::X509; #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] use x509::store::X509StoreBuilder; use hex::FromHex; use foreign_types::ForeignTypeRef; use super::Server; #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] use super::ROOT_CERT; #[test] fn sslv23() { Loading Loading @@ -221,6 +227,25 @@ run_test!(verify_trusted, |method, stream| { } }); #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] run_test!(verify_trusted_with_set_cert, |method, stream| { let x509 = X509::from_pem(ROOT_CERT).unwrap(); let mut store = X509StoreBuilder::new().unwrap(); store.add_cert(x509).unwrap(); let mut ctx = SslContext::builder(method).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); match ctx.set_verify_cert_store(store.build()) { Ok(_) => {} Err(err) => panic!("Unexpected error {:?}", err), } match Ssl::new(&ctx.build()).unwrap().connect(stream) { Ok(_) => (), Err(err) => panic!("Expected success, got {:?}", err), } }); run_test!(verify_untrusted_callback_override_ok, |method, stream| { let mut ctx = SslContext::builder(method).unwrap(); ctx.set_verify_callback(SSL_VERIFY_PEER, |_, _| true); Loading Loading
openssl-sys/src/lib.rs +7 −0 Original line number Diff line number Diff line Loading @@ -1143,6 +1143,8 @@ pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: c_int = 65; pub const SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: c_int = 70; pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: c_int = 71; pub const SSL_CTRL_GET_EXTRA_CHAIN_CERTS: c_int = 82; #[cfg(not(any(ossl101, libressl)))] pub const SSL_CTRL_SET_VERIFY_CERT_STORE: c_int = 106; pub const SSL_MODE_ENABLE_PARTIAL_WRITE: c_long = 0x1; pub const SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER: c_long = 0x2; Loading Loading @@ -1349,6 +1351,11 @@ pub unsafe fn SSL_CTX_add_extra_chain_cert(ctx: *mut SSL_CTX, x509: *mut X509) - SSL_CTX_ctrl(ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, x509 as *mut c_void) } #[cfg(not(any(ossl101, libressl)))] pub unsafe fn SSL_CTX_set0_verify_cert_store(ctx: *mut SSL_CTX, st: *mut X509_STORE) -> c_long { SSL_CTX_ctrl(ctx, SSL_CTRL_SET_VERIFY_CERT_STORE, 0, st as *mut c_void) } pub unsafe fn SSL_CTX_set_tlsext_servername_callback(ctx: *mut SSL_CTX, cb: Option<extern fn()>) -> c_long { Loading
openssl/src/ssl/mod.rs +17 −0 Original line number Diff line number Diff line Loading @@ -99,6 +99,8 @@ use ec::EcKeyRef; use ec::EcKey; use x509::{X509StoreContextRef, X509FileType, X509, X509Ref, X509VerifyError, X509Name}; use x509::store::{X509StoreBuilderRef, X509StoreRef}; #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] use x509::store::X509Store; #[cfg(any(ossl102, ossl110))] use verify::X509VerifyParamRef; use pkey::PKeyRef; Loading Loading @@ -652,6 +654,21 @@ impl SslContextBuilder { } } /// Sets a custom X509Store for verifying peer certificates. /// /// Requires the `v102` feature and OpenSSL 1.0.2, or the `v110` feature and OpenSSL 1.1.0. #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] pub fn set_verify_cert_store(&mut self, cert_store: X509Store) -> Result<(), ErrorStack> { unsafe { // set0 will free, set1 increments, and then requires a free let ptr = cert_store.as_ptr(); let result = try!(cvt(ffi::SSL_CTX_set0_verify_cert_store(self.as_ptr(), ptr) as c_int).map(|_|())); mem::forget(cert_store); Ok(result) } } pub fn set_read_ahead(&mut self, read_ahead: bool) { unsafe { ffi::SSL_CTX_set_read_ahead(self.as_ptr(), read_ahead as c_long); Loading
openssl/src/ssl/tests/mod.rs +25 −0 Original line number Diff line number Diff line Loading @@ -173,9 +173,15 @@ macro_rules! run_test( use ssl::SSL_VERIFY_PEER; use hash::MessageDigest; use x509::X509StoreContext; #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] use x509::X509; #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] use x509::store::X509StoreBuilder; use hex::FromHex; use foreign_types::ForeignTypeRef; use super::Server; #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] use super::ROOT_CERT; #[test] fn sslv23() { Loading Loading @@ -221,6 +227,25 @@ run_test!(verify_trusted, |method, stream| { } }); #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] run_test!(verify_trusted_with_set_cert, |method, stream| { let x509 = X509::from_pem(ROOT_CERT).unwrap(); let mut store = X509StoreBuilder::new().unwrap(); store.add_cert(x509).unwrap(); let mut ctx = SslContext::builder(method).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); match ctx.set_verify_cert_store(store.build()) { Ok(_) => {} Err(err) => panic!("Unexpected error {:?}", err), } match Ssl::new(&ctx.build()).unwrap().connect(stream) { Ok(_) => (), Err(err) => panic!("Expected success, got {:?}", err), } }); run_test!(verify_untrusted_callback_override_ok, |method, stream| { let mut ctx = SslContext::builder(method).unwrap(); ctx.set_verify_callback(SSL_VERIFY_PEER, |_, _| true); Loading
