Loading openssl/src/ssl/mod.rs +9 −9 Original line number Diff line number Diff line Loading @@ -79,7 +79,7 @@ use crate::ssl::error::InnerError; use crate::stack::{Stack, StackRef, Stackable}; use crate::util::{ForeignTypeExt, ForeignTypeRefExt}; use crate::x509::store::{X509Store, X509StoreBuilderRef, X509StoreRef}; #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] use crate::x509::verify::X509VerifyParamRef; use crate::x509::{X509Name, X509Ref, X509StoreContextRef, X509VerifyResult, X509}; use crate::{cvt, cvt_n, cvt_p, init}; Loading Loading @@ -1307,18 +1307,18 @@ impl SslContextBuilder { /// Returns a reference to the X509 verification configuration. /// /// Requires OpenSSL 1.0.2 or newer. /// Requires BoringSSL or OpenSSL 1.0.2 or newer. #[corresponds(SSL_CTX_get0_param)] #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] pub fn verify_param(&self) -> &X509VerifyParamRef { unsafe { X509VerifyParamRef::from_ptr(ffi::SSL_CTX_get0_param(self.as_ptr())) } } /// Returns a mutable reference to the X509 verification configuration. /// /// Requires OpenSSL 1.0.2 or newer. /// Requires BoringSSL or OpenSSL 1.0.2 or newer. #[corresponds(SSL_CTX_get0_param)] #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] pub fn verify_param_mut(&mut self) -> &mut X509VerifyParamRef { unsafe { X509VerifyParamRef::from_ptr_mut(ffi::SSL_CTX_get0_param(self.as_ptr())) } } Loading Loading @@ -1719,9 +1719,9 @@ impl SslContextBuilder { /// Sets the context's supported elliptic curve groups. /// /// Requires OpenSSL 1.1.1 or LibreSSL 2.5.1 or newer. /// Requires BoringSSL or OpenSSL 1.1.1 or LibreSSL 2.5.1 or newer. #[corresponds(SSL_CTX_set1_groups_list)] #[cfg(any(ossl111, libressl251))] #[cfg(any(ossl111, boringssl, libressl251))] pub fn set_groups_list(&mut self, groups: &str) -> Result<(), ErrorStack> { let groups = CString::new(groups).unwrap(); unsafe { Loading Loading @@ -2769,9 +2769,9 @@ impl SslRef { /// Returns a mutable reference to the X509 verification configuration. /// /// Requires OpenSSL 1.0.2 or newer. /// Requires BoringSSL or OpenSSL 1.0.2 or newer. #[corresponds(SSL_get0_param)] #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] pub fn param_mut(&mut self) -> &mut X509VerifyParamRef { unsafe { X509VerifyParamRef::from_ptr_mut(ffi::SSL_get0_param(self.as_ptr())) } } Loading openssl/src/x509/mod.rs +1 −1 Original line number Diff line number Diff line Loading @@ -41,7 +41,7 @@ use crate::util::{ForeignTypeExt, ForeignTypeRefExt}; use crate::{cvt, cvt_n, cvt_p, cvt_p_const}; use openssl_macros::corresponds; #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] pub mod verify; pub mod extension; Loading openssl/src/x509/store.rs +3 −3 Original line number Diff line number Diff line Loading @@ -52,7 +52,7 @@ use crate::ssl::SslFiletype; use crate::stack::Stack; use crate::stack::StackRef; use crate::util::ForeignTypeRefExt; #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] use crate::x509::verify::{X509VerifyFlags, X509VerifyParamRef}; use crate::x509::{X509Object, X509PurposeId, X509}; use crate::{cvt, cvt_p}; Loading Loading @@ -123,7 +123,7 @@ impl X509StoreBuilderRef { /// Sets certificate chain validation related flags. #[corresponds(X509_STORE_set_flags)] #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] pub fn set_flags(&mut self, flags: X509VerifyFlags) -> Result<(), ErrorStack> { unsafe { cvt(ffi::X509_STORE_set_flags(self.as_ptr(), flags.bits())).map(|_| ()) } } Loading @@ -137,7 +137,7 @@ impl X509StoreBuilderRef { /// Sets certificate chain validation related parameters. #[corresponds[X509_STORE_set1_param]] #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] pub fn set_param(&mut self, param: &X509VerifyParamRef) -> Result<(), ErrorStack> { unsafe { cvt(ffi::X509_STORE_set1_param(self.as_ptr(), param.as_ptr())).map(|_| ()) } } Loading openssl/src/x509/tests.rs +13 −13 Original line number Diff line number Diff line Loading @@ -16,11 +16,11 @@ use crate::x509::extension::{ #[cfg(not(boringssl))] use crate::x509::store::X509Lookup; use crate::x509::store::X509StoreBuilder; #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] use crate::x509::verify::{X509VerifyFlags, X509VerifyParam}; #[cfg(ossl102)] #[cfg(any(ossl102, boringssl))] use crate::x509::X509PurposeId; #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] use crate::x509::X509PurposeRef; #[cfg(ossl110)] use crate::x509::{CrlReason, X509Builder}; Loading @@ -31,7 +31,7 @@ use crate::x509::{ #[cfg(ossl110)] use foreign_types::ForeignType; use hex::{self, FromHex}; #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] use libc::time_t; use super::{AuthorityInformationAccess, CertificateIssuer, ReasonCode}; Loading Loading @@ -557,7 +557,7 @@ fn test_verify_fails() { } #[test] #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] fn test_verify_fails_with_crl_flag_set_and_no_crl() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); Loading @@ -584,7 +584,7 @@ fn test_verify_fails_with_crl_flag_set_and_no_crl() { } #[test] #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] fn test_verify_cert_with_purpose() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); Loading @@ -611,7 +611,7 @@ fn test_verify_cert_with_purpose() { } #[test] #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] fn test_verify_cert_with_wrong_purpose_fails() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); Loading Loading @@ -846,7 +846,7 @@ fn test_name_to_owned() { } #[test] #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] fn test_verify_param_set_time_fails_verification() { const TEST_T_2030: time_t = 1893456000; Loading Loading @@ -877,7 +877,7 @@ fn test_verify_param_set_time_fails_verification() { } #[test] #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] fn test_verify_param_set_time() { const TEST_T_2020: time_t = 1577836800; Loading @@ -901,7 +901,7 @@ fn test_verify_param_set_time() { } #[test] #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] fn test_verify_param_set_depth() { let cert = include_bytes!("../../test/leaf.pem"); let cert = X509::from_pem(cert).unwrap(); Loading @@ -928,7 +928,7 @@ fn test_verify_param_set_depth() { } #[test] #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] #[allow(clippy::bool_to_int_with_if)] fn test_verify_param_set_depth_fails_verification() { let cert = include_bytes!("../../test/leaf.pem"); Loading Loading @@ -1003,7 +1003,7 @@ fn test_verify_param_auth_level() { } #[test] #[cfg(ossl102)] #[cfg(any(ossl102, boringssl))] fn test_set_purpose() { let cert = include_bytes!("../../test/leaf.pem"); let cert = X509::from_pem(cert).unwrap(); Loading @@ -1028,7 +1028,7 @@ fn test_set_purpose() { } #[test] #[cfg(ossl102)] #[cfg(any(ossl102, boringssl))] fn test_set_purpose_fails_verification() { let cert = include_bytes!("../../test/leaf.pem"); let cert = X509::from_pem(cert).unwrap(); Loading openssl/src/x509/verify.rs +31 −31 Original line number Diff line number Diff line Loading @@ -4,7 +4,7 @@ use libc::{c_int, c_uint, c_ulong, time_t}; use std::net::IpAddr; use crate::error::ErrorStack; #[cfg(ossl102)] #[cfg(any(ossl102, boringssl))] use crate::x509::X509PurposeId; use crate::{cvt, cvt_p}; use openssl_macros::corresponds; Loading @@ -14,17 +14,17 @@ bitflags! { #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] #[repr(transparent)] pub struct X509CheckFlags: c_uint { const ALWAYS_CHECK_SUBJECT = ffi::X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT; const NO_WILDCARDS = ffi::X509_CHECK_FLAG_NO_WILDCARDS; const NO_PARTIAL_WILDCARDS = ffi::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS; const MULTI_LABEL_WILDCARDS = ffi::X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS; const SINGLE_LABEL_SUBDOMAINS = ffi::X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS; const ALWAYS_CHECK_SUBJECT = ffi::X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT as _; const NO_WILDCARDS = ffi::X509_CHECK_FLAG_NO_WILDCARDS as _; const NO_PARTIAL_WILDCARDS = ffi::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS as _; const MULTI_LABEL_WILDCARDS = ffi::X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS as _; const SINGLE_LABEL_SUBDOMAINS = ffi::X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS as _; /// Requires OpenSSL 1.1.0 or newer. #[cfg(any(ossl110))] const NEVER_CHECK_SUBJECT = ffi::X509_CHECK_FLAG_NEVER_CHECK_SUBJECT; #[deprecated(since = "0.10.6", note = "renamed to NO_WILDCARDS")] const FLAG_NO_WILDCARDS = ffi::X509_CHECK_FLAG_NO_WILDCARDS; const FLAG_NO_WILDCARDS = ffi::X509_CHECK_FLAG_NO_WILDCARDS as _; } } Loading @@ -33,35 +33,35 @@ bitflags! { #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] #[repr(transparent)] pub struct X509VerifyFlags: c_ulong { const CB_ISSUER_CHECK = ffi::X509_V_FLAG_CB_ISSUER_CHECK; const USE_CHECK_TIME = ffi::X509_V_FLAG_USE_CHECK_TIME; const CRL_CHECK = ffi::X509_V_FLAG_CRL_CHECK; const CRL_CHECK_ALL = ffi::X509_V_FLAG_CRL_CHECK_ALL; const IGNORE_CRITICAL = ffi::X509_V_FLAG_IGNORE_CRITICAL; const X509_STRICT = ffi::X509_V_FLAG_X509_STRICT; const ALLOW_PROXY_CERTS = ffi::X509_V_FLAG_ALLOW_PROXY_CERTS; const POLICY_CHECK = ffi::X509_V_FLAG_POLICY_CHECK; const EXPLICIT_POLICY = ffi::X509_V_FLAG_EXPLICIT_POLICY; const INHIBIT_ANY = ffi::X509_V_FLAG_INHIBIT_ANY; const INHIBIT_MAP = ffi::X509_V_FLAG_INHIBIT_MAP; const NOTIFY_POLICY = ffi::X509_V_FLAG_NOTIFY_POLICY; const EXTENDED_CRL_SUPPORT = ffi::X509_V_FLAG_EXTENDED_CRL_SUPPORT; const USE_DELTAS = ffi::X509_V_FLAG_USE_DELTAS; const CHECK_SS_SIGNATURE = ffi::X509_V_FLAG_CHECK_SS_SIGNATURE; #[cfg(ossl102)] const TRUSTED_FIRST = ffi::X509_V_FLAG_TRUSTED_FIRST; const CB_ISSUER_CHECK = ffi::X509_V_FLAG_CB_ISSUER_CHECK as _; const USE_CHECK_TIME = ffi::X509_V_FLAG_USE_CHECK_TIME as _; const CRL_CHECK = ffi::X509_V_FLAG_CRL_CHECK as _; const CRL_CHECK_ALL = ffi::X509_V_FLAG_CRL_CHECK_ALL as _; const IGNORE_CRITICAL = ffi::X509_V_FLAG_IGNORE_CRITICAL as _; const X509_STRICT = ffi::X509_V_FLAG_X509_STRICT as _; const ALLOW_PROXY_CERTS = ffi::X509_V_FLAG_ALLOW_PROXY_CERTS as _; const POLICY_CHECK = ffi::X509_V_FLAG_POLICY_CHECK as _; const EXPLICIT_POLICY = ffi::X509_V_FLAG_EXPLICIT_POLICY as _; const INHIBIT_ANY = ffi::X509_V_FLAG_INHIBIT_ANY as _; const INHIBIT_MAP = ffi::X509_V_FLAG_INHIBIT_MAP as _; const NOTIFY_POLICY = ffi::X509_V_FLAG_NOTIFY_POLICY as _; const EXTENDED_CRL_SUPPORT = ffi::X509_V_FLAG_EXTENDED_CRL_SUPPORT as _; const USE_DELTAS = ffi::X509_V_FLAG_USE_DELTAS as _; const CHECK_SS_SIGNATURE = ffi::X509_V_FLAG_CHECK_SS_SIGNATURE as _; #[cfg(any(ossl102, boringssl))] const TRUSTED_FIRST = ffi::X509_V_FLAG_TRUSTED_FIRST as _; #[cfg(ossl102)] const SUITEB_128_LOS_ONLY = ffi::X509_V_FLAG_SUITEB_128_LOS_ONLY; #[cfg(ossl102)] const SUITEB_192_LOS = ffi::X509_V_FLAG_SUITEB_128_LOS; #[cfg(ossl102)] const SUITEB_128_LOS = ffi::X509_V_FLAG_SUITEB_192_LOS; #[cfg(ossl102)] const PARTIAL_CHAIN = ffi::X509_V_FLAG_PARTIAL_CHAIN; #[cfg(ossl110)] const NO_ALT_CHAINS = ffi::X509_V_FLAG_NO_ALT_CHAINS; #[cfg(ossl110)] const NO_CHECK_TIME = ffi::X509_V_FLAG_NO_CHECK_TIME; #[cfg(any(ossl102, boringssl))] const PARTIAL_CHAIN = ffi::X509_V_FLAG_PARTIAL_CHAIN as _; #[cfg(any(ossl110, boringssl))] const NO_ALT_CHAINS = ffi::X509_V_FLAG_NO_ALT_CHAINS as _; #[cfg(any(ossl110, boringssl))] const NO_CHECK_TIME = ffi::X509_V_FLAG_NO_CHECK_TIME as _; } } Loading Loading @@ -208,7 +208,7 @@ impl X509VerifyParamRef { /// Sets the verification purpose #[corresponds(X509_VERIFY_PARAM_set_purpose)] #[cfg(ossl102)] #[cfg(any(ossl102, boringssl))] pub fn set_purpose(&mut self, purpose: X509PurposeId) -> Result<(), ErrorStack> { unsafe { cvt(ffi::X509_VERIFY_PARAM_set_purpose(self.as_ptr(), purpose.0)).map(|_| ()) } } Loading Loading
openssl/src/ssl/mod.rs +9 −9 Original line number Diff line number Diff line Loading @@ -79,7 +79,7 @@ use crate::ssl::error::InnerError; use crate::stack::{Stack, StackRef, Stackable}; use crate::util::{ForeignTypeExt, ForeignTypeRefExt}; use crate::x509::store::{X509Store, X509StoreBuilderRef, X509StoreRef}; #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] use crate::x509::verify::X509VerifyParamRef; use crate::x509::{X509Name, X509Ref, X509StoreContextRef, X509VerifyResult, X509}; use crate::{cvt, cvt_n, cvt_p, init}; Loading Loading @@ -1307,18 +1307,18 @@ impl SslContextBuilder { /// Returns a reference to the X509 verification configuration. /// /// Requires OpenSSL 1.0.2 or newer. /// Requires BoringSSL or OpenSSL 1.0.2 or newer. #[corresponds(SSL_CTX_get0_param)] #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] pub fn verify_param(&self) -> &X509VerifyParamRef { unsafe { X509VerifyParamRef::from_ptr(ffi::SSL_CTX_get0_param(self.as_ptr())) } } /// Returns a mutable reference to the X509 verification configuration. /// /// Requires OpenSSL 1.0.2 or newer. /// Requires BoringSSL or OpenSSL 1.0.2 or newer. #[corresponds(SSL_CTX_get0_param)] #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] pub fn verify_param_mut(&mut self) -> &mut X509VerifyParamRef { unsafe { X509VerifyParamRef::from_ptr_mut(ffi::SSL_CTX_get0_param(self.as_ptr())) } } Loading Loading @@ -1719,9 +1719,9 @@ impl SslContextBuilder { /// Sets the context's supported elliptic curve groups. /// /// Requires OpenSSL 1.1.1 or LibreSSL 2.5.1 or newer. /// Requires BoringSSL or OpenSSL 1.1.1 or LibreSSL 2.5.1 or newer. #[corresponds(SSL_CTX_set1_groups_list)] #[cfg(any(ossl111, libressl251))] #[cfg(any(ossl111, boringssl, libressl251))] pub fn set_groups_list(&mut self, groups: &str) -> Result<(), ErrorStack> { let groups = CString::new(groups).unwrap(); unsafe { Loading Loading @@ -2769,9 +2769,9 @@ impl SslRef { /// Returns a mutable reference to the X509 verification configuration. /// /// Requires OpenSSL 1.0.2 or newer. /// Requires BoringSSL or OpenSSL 1.0.2 or newer. #[corresponds(SSL_get0_param)] #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] pub fn param_mut(&mut self) -> &mut X509VerifyParamRef { unsafe { X509VerifyParamRef::from_ptr_mut(ffi::SSL_get0_param(self.as_ptr())) } } Loading
openssl/src/x509/mod.rs +1 −1 Original line number Diff line number Diff line Loading @@ -41,7 +41,7 @@ use crate::util::{ForeignTypeExt, ForeignTypeRefExt}; use crate::{cvt, cvt_n, cvt_p, cvt_p_const}; use openssl_macros::corresponds; #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] pub mod verify; pub mod extension; Loading
openssl/src/x509/store.rs +3 −3 Original line number Diff line number Diff line Loading @@ -52,7 +52,7 @@ use crate::ssl::SslFiletype; use crate::stack::Stack; use crate::stack::StackRef; use crate::util::ForeignTypeRefExt; #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] use crate::x509::verify::{X509VerifyFlags, X509VerifyParamRef}; use crate::x509::{X509Object, X509PurposeId, X509}; use crate::{cvt, cvt_p}; Loading Loading @@ -123,7 +123,7 @@ impl X509StoreBuilderRef { /// Sets certificate chain validation related flags. #[corresponds(X509_STORE_set_flags)] #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] pub fn set_flags(&mut self, flags: X509VerifyFlags) -> Result<(), ErrorStack> { unsafe { cvt(ffi::X509_STORE_set_flags(self.as_ptr(), flags.bits())).map(|_| ()) } } Loading @@ -137,7 +137,7 @@ impl X509StoreBuilderRef { /// Sets certificate chain validation related parameters. #[corresponds[X509_STORE_set1_param]] #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] pub fn set_param(&mut self, param: &X509VerifyParamRef) -> Result<(), ErrorStack> { unsafe { cvt(ffi::X509_STORE_set1_param(self.as_ptr(), param.as_ptr())).map(|_| ()) } } Loading
openssl/src/x509/tests.rs +13 −13 Original line number Diff line number Diff line Loading @@ -16,11 +16,11 @@ use crate::x509::extension::{ #[cfg(not(boringssl))] use crate::x509::store::X509Lookup; use crate::x509::store::X509StoreBuilder; #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] use crate::x509::verify::{X509VerifyFlags, X509VerifyParam}; #[cfg(ossl102)] #[cfg(any(ossl102, boringssl))] use crate::x509::X509PurposeId; #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] use crate::x509::X509PurposeRef; #[cfg(ossl110)] use crate::x509::{CrlReason, X509Builder}; Loading @@ -31,7 +31,7 @@ use crate::x509::{ #[cfg(ossl110)] use foreign_types::ForeignType; use hex::{self, FromHex}; #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] use libc::time_t; use super::{AuthorityInformationAccess, CertificateIssuer, ReasonCode}; Loading Loading @@ -557,7 +557,7 @@ fn test_verify_fails() { } #[test] #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] fn test_verify_fails_with_crl_flag_set_and_no_crl() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); Loading @@ -584,7 +584,7 @@ fn test_verify_fails_with_crl_flag_set_and_no_crl() { } #[test] #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] fn test_verify_cert_with_purpose() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); Loading @@ -611,7 +611,7 @@ fn test_verify_cert_with_purpose() { } #[test] #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] fn test_verify_cert_with_wrong_purpose_fails() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); Loading Loading @@ -846,7 +846,7 @@ fn test_name_to_owned() { } #[test] #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] fn test_verify_param_set_time_fails_verification() { const TEST_T_2030: time_t = 1893456000; Loading Loading @@ -877,7 +877,7 @@ fn test_verify_param_set_time_fails_verification() { } #[test] #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] fn test_verify_param_set_time() { const TEST_T_2020: time_t = 1577836800; Loading @@ -901,7 +901,7 @@ fn test_verify_param_set_time() { } #[test] #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] fn test_verify_param_set_depth() { let cert = include_bytes!("../../test/leaf.pem"); let cert = X509::from_pem(cert).unwrap(); Loading @@ -928,7 +928,7 @@ fn test_verify_param_set_depth() { } #[test] #[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, boringssl, libressl261))] #[allow(clippy::bool_to_int_with_if)] fn test_verify_param_set_depth_fails_verification() { let cert = include_bytes!("../../test/leaf.pem"); Loading Loading @@ -1003,7 +1003,7 @@ fn test_verify_param_auth_level() { } #[test] #[cfg(ossl102)] #[cfg(any(ossl102, boringssl))] fn test_set_purpose() { let cert = include_bytes!("../../test/leaf.pem"); let cert = X509::from_pem(cert).unwrap(); Loading @@ -1028,7 +1028,7 @@ fn test_set_purpose() { } #[test] #[cfg(ossl102)] #[cfg(any(ossl102, boringssl))] fn test_set_purpose_fails_verification() { let cert = include_bytes!("../../test/leaf.pem"); let cert = X509::from_pem(cert).unwrap(); Loading
openssl/src/x509/verify.rs +31 −31 Original line number Diff line number Diff line Loading @@ -4,7 +4,7 @@ use libc::{c_int, c_uint, c_ulong, time_t}; use std::net::IpAddr; use crate::error::ErrorStack; #[cfg(ossl102)] #[cfg(any(ossl102, boringssl))] use crate::x509::X509PurposeId; use crate::{cvt, cvt_p}; use openssl_macros::corresponds; Loading @@ -14,17 +14,17 @@ bitflags! { #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] #[repr(transparent)] pub struct X509CheckFlags: c_uint { const ALWAYS_CHECK_SUBJECT = ffi::X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT; const NO_WILDCARDS = ffi::X509_CHECK_FLAG_NO_WILDCARDS; const NO_PARTIAL_WILDCARDS = ffi::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS; const MULTI_LABEL_WILDCARDS = ffi::X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS; const SINGLE_LABEL_SUBDOMAINS = ffi::X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS; const ALWAYS_CHECK_SUBJECT = ffi::X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT as _; const NO_WILDCARDS = ffi::X509_CHECK_FLAG_NO_WILDCARDS as _; const NO_PARTIAL_WILDCARDS = ffi::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS as _; const MULTI_LABEL_WILDCARDS = ffi::X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS as _; const SINGLE_LABEL_SUBDOMAINS = ffi::X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS as _; /// Requires OpenSSL 1.1.0 or newer. #[cfg(any(ossl110))] const NEVER_CHECK_SUBJECT = ffi::X509_CHECK_FLAG_NEVER_CHECK_SUBJECT; #[deprecated(since = "0.10.6", note = "renamed to NO_WILDCARDS")] const FLAG_NO_WILDCARDS = ffi::X509_CHECK_FLAG_NO_WILDCARDS; const FLAG_NO_WILDCARDS = ffi::X509_CHECK_FLAG_NO_WILDCARDS as _; } } Loading @@ -33,35 +33,35 @@ bitflags! { #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] #[repr(transparent)] pub struct X509VerifyFlags: c_ulong { const CB_ISSUER_CHECK = ffi::X509_V_FLAG_CB_ISSUER_CHECK; const USE_CHECK_TIME = ffi::X509_V_FLAG_USE_CHECK_TIME; const CRL_CHECK = ffi::X509_V_FLAG_CRL_CHECK; const CRL_CHECK_ALL = ffi::X509_V_FLAG_CRL_CHECK_ALL; const IGNORE_CRITICAL = ffi::X509_V_FLAG_IGNORE_CRITICAL; const X509_STRICT = ffi::X509_V_FLAG_X509_STRICT; const ALLOW_PROXY_CERTS = ffi::X509_V_FLAG_ALLOW_PROXY_CERTS; const POLICY_CHECK = ffi::X509_V_FLAG_POLICY_CHECK; const EXPLICIT_POLICY = ffi::X509_V_FLAG_EXPLICIT_POLICY; const INHIBIT_ANY = ffi::X509_V_FLAG_INHIBIT_ANY; const INHIBIT_MAP = ffi::X509_V_FLAG_INHIBIT_MAP; const NOTIFY_POLICY = ffi::X509_V_FLAG_NOTIFY_POLICY; const EXTENDED_CRL_SUPPORT = ffi::X509_V_FLAG_EXTENDED_CRL_SUPPORT; const USE_DELTAS = ffi::X509_V_FLAG_USE_DELTAS; const CHECK_SS_SIGNATURE = ffi::X509_V_FLAG_CHECK_SS_SIGNATURE; #[cfg(ossl102)] const TRUSTED_FIRST = ffi::X509_V_FLAG_TRUSTED_FIRST; const CB_ISSUER_CHECK = ffi::X509_V_FLAG_CB_ISSUER_CHECK as _; const USE_CHECK_TIME = ffi::X509_V_FLAG_USE_CHECK_TIME as _; const CRL_CHECK = ffi::X509_V_FLAG_CRL_CHECK as _; const CRL_CHECK_ALL = ffi::X509_V_FLAG_CRL_CHECK_ALL as _; const IGNORE_CRITICAL = ffi::X509_V_FLAG_IGNORE_CRITICAL as _; const X509_STRICT = ffi::X509_V_FLAG_X509_STRICT as _; const ALLOW_PROXY_CERTS = ffi::X509_V_FLAG_ALLOW_PROXY_CERTS as _; const POLICY_CHECK = ffi::X509_V_FLAG_POLICY_CHECK as _; const EXPLICIT_POLICY = ffi::X509_V_FLAG_EXPLICIT_POLICY as _; const INHIBIT_ANY = ffi::X509_V_FLAG_INHIBIT_ANY as _; const INHIBIT_MAP = ffi::X509_V_FLAG_INHIBIT_MAP as _; const NOTIFY_POLICY = ffi::X509_V_FLAG_NOTIFY_POLICY as _; const EXTENDED_CRL_SUPPORT = ffi::X509_V_FLAG_EXTENDED_CRL_SUPPORT as _; const USE_DELTAS = ffi::X509_V_FLAG_USE_DELTAS as _; const CHECK_SS_SIGNATURE = ffi::X509_V_FLAG_CHECK_SS_SIGNATURE as _; #[cfg(any(ossl102, boringssl))] const TRUSTED_FIRST = ffi::X509_V_FLAG_TRUSTED_FIRST as _; #[cfg(ossl102)] const SUITEB_128_LOS_ONLY = ffi::X509_V_FLAG_SUITEB_128_LOS_ONLY; #[cfg(ossl102)] const SUITEB_192_LOS = ffi::X509_V_FLAG_SUITEB_128_LOS; #[cfg(ossl102)] const SUITEB_128_LOS = ffi::X509_V_FLAG_SUITEB_192_LOS; #[cfg(ossl102)] const PARTIAL_CHAIN = ffi::X509_V_FLAG_PARTIAL_CHAIN; #[cfg(ossl110)] const NO_ALT_CHAINS = ffi::X509_V_FLAG_NO_ALT_CHAINS; #[cfg(ossl110)] const NO_CHECK_TIME = ffi::X509_V_FLAG_NO_CHECK_TIME; #[cfg(any(ossl102, boringssl))] const PARTIAL_CHAIN = ffi::X509_V_FLAG_PARTIAL_CHAIN as _; #[cfg(any(ossl110, boringssl))] const NO_ALT_CHAINS = ffi::X509_V_FLAG_NO_ALT_CHAINS as _; #[cfg(any(ossl110, boringssl))] const NO_CHECK_TIME = ffi::X509_V_FLAG_NO_CHECK_TIME as _; } } Loading Loading @@ -208,7 +208,7 @@ impl X509VerifyParamRef { /// Sets the verification purpose #[corresponds(X509_VERIFY_PARAM_set_purpose)] #[cfg(ossl102)] #[cfg(any(ossl102, boringssl))] pub fn set_purpose(&mut self, purpose: X509PurposeId) -> Result<(), ErrorStack> { unsafe { cvt(ffi::X509_VERIFY_PARAM_set_purpose(self.as_ptr(), purpose.0)).map(|_| ()) } } Loading
