Loading openssl/src/x509/mod.rs +8 −5 Original line number Diff line number Diff line Loading @@ -117,18 +117,21 @@ impl X509StoreContextRef { /// # Result /// /// The Result must be `Some(None)` to be a valid certificate, otherwise the cert is not valid. pub fn verify_cert(trust: store::X509Store, cert: X509, cert_chain: Stack<X509>) -> Result<Option<X509VerifyError>, ErrorStack> { pub fn verify_cert(trust: store::X509Store, cert: X509, cert_chain: Stack<X509>) -> Result<(), ErrorStack> { unsafe { ffi::init(); let context = try!(cvt_p(ffi::X509_STORE_CTX_new()).map(|p| X509StoreContext(p))); try!(cvt(ffi::X509_STORE_CTX_init(context.as_ptr(), trust.as_ptr(), cert.as_ptr(), cert_chain.as_ptr())) .map(|_| ())); try!(cvt(ffi::X509_verify_cert(context.as_ptr())).map(|_| ())); let result = Ok(context.error()); ffi::X509_STORE_CTX_cleanup(context.as_ptr()); mem::forget(trust); mem::forget(cert); mem::forget(cert_chain); // verify_cert returns an error `<= 0` if there was a validation error try!(cvt(ffi::X509_verify_cert(context.as_ptr())).map(|_| ())); result Ok(()) } } Loading openssl/src/x509/tests.rs +15 −1 Original line number Diff line number Diff line Loading @@ -303,5 +303,19 @@ fn test_verify_cert() { store_bldr.add_cert(ca).unwrap(); let store = store_bldr.build(); assert!(X509StoreContext::verify_cert(store, cert, Stack::new().unwrap()).unwrap().is_none()); assert!(X509StoreContext::verify_cert(store, cert, Stack::new().unwrap()).is_ok()); } #[test] fn test_verify_fails() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); let ca = include_bytes!("../../test/alt_name_cert.pem"); let ca = X509::from_pem(ca).unwrap(); let mut store_bldr = X509StoreBuilder::new().unwrap(); store_bldr.add_cert(ca).unwrap(); let store = store_bldr.build(); assert!(X509StoreContext::verify_cert(store, cert, Stack::new().unwrap()).is_err()); } Loading
openssl/src/x509/mod.rs +8 −5 Original line number Diff line number Diff line Loading @@ -117,18 +117,21 @@ impl X509StoreContextRef { /// # Result /// /// The Result must be `Some(None)` to be a valid certificate, otherwise the cert is not valid. pub fn verify_cert(trust: store::X509Store, cert: X509, cert_chain: Stack<X509>) -> Result<Option<X509VerifyError>, ErrorStack> { pub fn verify_cert(trust: store::X509Store, cert: X509, cert_chain: Stack<X509>) -> Result<(), ErrorStack> { unsafe { ffi::init(); let context = try!(cvt_p(ffi::X509_STORE_CTX_new()).map(|p| X509StoreContext(p))); try!(cvt(ffi::X509_STORE_CTX_init(context.as_ptr(), trust.as_ptr(), cert.as_ptr(), cert_chain.as_ptr())) .map(|_| ())); try!(cvt(ffi::X509_verify_cert(context.as_ptr())).map(|_| ())); let result = Ok(context.error()); ffi::X509_STORE_CTX_cleanup(context.as_ptr()); mem::forget(trust); mem::forget(cert); mem::forget(cert_chain); // verify_cert returns an error `<= 0` if there was a validation error try!(cvt(ffi::X509_verify_cert(context.as_ptr())).map(|_| ())); result Ok(()) } } Loading
openssl/src/x509/tests.rs +15 −1 Original line number Diff line number Diff line Loading @@ -303,5 +303,19 @@ fn test_verify_cert() { store_bldr.add_cert(ca).unwrap(); let store = store_bldr.build(); assert!(X509StoreContext::verify_cert(store, cert, Stack::new().unwrap()).unwrap().is_none()); assert!(X509StoreContext::verify_cert(store, cert, Stack::new().unwrap()).is_ok()); } #[test] fn test_verify_fails() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); let ca = include_bytes!("../../test/alt_name_cert.pem"); let ca = X509::from_pem(ca).unwrap(); let mut store_bldr = X509StoreBuilder::new().unwrap(); store_bldr.add_cert(ca).unwrap(); let store = store_bldr.build(); assert!(X509StoreContext::verify_cert(store, cert, Stack::new().unwrap()).is_err()); }
