diff --git a/.circleci/config.yml b/.circleci/config.yml
index 4363e37697df997b6c4f2c9f680dde0f196554fa..35c235489ea263667fc918c3a93c2923bcbb312f 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -55,7 +55,6 @@ job: &JOB
cargo test \
--manifest-path=openssl/Cargo.toml \
--target $TARGET \
- --all-features \
$TEST_ARGS
- run:
command: |
@@ -87,7 +86,7 @@ macos_job: &MACOS_JOB
- run: cargo run --manifest-path=systest/Cargo.toml
- run: |
PATH=/usr/local/opt/openssl/bin:$PATH
- cargo test --manifest-path=openssl/Cargo.toml --all-features
+ cargo test --manifest-path=openssl/Cargo.toml
- *SAVE_DEPS
openssl_111: &OPENSSL_111
diff --git a/openssl/Cargo.toml b/openssl/Cargo.toml
index 7378a94a0b64b11d1396530fe68e3cd0a95f01be..e78b65aa26f74a1e96a60df50cde3cb5b148c37f 100644
--- a/openssl/Cargo.toml
+++ b/openssl/Cargo.toml
@@ -13,6 +13,7 @@ build = "build.rs"
[package.metadata.docs.rs]
all-features = true
+# these are deprecated and don't do anything anymore
[features]
v101 = []
v102 = []
diff --git a/openssl/src/dh.rs b/openssl/src/dh.rs
index 58b4026c34994ff3356dddce41f49880f053081e..a90b10b862b6498295c6dec3fe2c378a1829f9a9 100644
--- a/openssl/src/dh.rs
+++ b/openssl/src/dh.rs
@@ -83,9 +83,8 @@ impl Dh<Params> {
ffi::d2i_DHparams
}
- /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
- #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
- all(feature = "v111", ossl111)))]
+ /// Requires OpenSSL 1.0.2 or newer.
+ #[cfg(any(ossl102, ossl110))]
pub fn get_1024_160() -> Result<Dh<Params>, ErrorStack> {
unsafe {
ffi::init();
@@ -93,9 +92,8 @@ impl Dh<Params> {
}
}
- /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
- #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
- all(feature = "v111", ossl111)))]
+ /// Requires OpenSSL 1.0.2 or newer.
+ #[cfg(any(ossl102, ossl110))]
pub fn get_2048_224() -> Result<Dh<Params>, ErrorStack> {
unsafe {
ffi::init();
@@ -103,9 +101,8 @@ impl Dh<Params> {
}
}
- /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
- #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
- all(feature = "v111", ossl111)))]
+ /// Requires OpenSSL 1.0.2 or newer.
+ #[cfg(any(ossl102, ossl110))]
pub fn get_2048_256() -> Result<Dh<Params>, ErrorStack> {
unsafe {
ffi::init();
@@ -145,8 +142,7 @@ mod tests {
use ssl::{SslContext, SslMethod};
#[test]
- #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
- all(feature = "v111", ossl111)))]
+ #[cfg(any(ossl102, ossl110))]
fn test_dh_rfc5114() {
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
let dh1 = Dh::get_1024_160().unwrap();
diff --git a/openssl/src/pkcs5.rs b/openssl/src/pkcs5.rs
index 7253837f3b6473250b6db2dae4c2be36da0b7a26..03e3ee448a8d3c1a44550582ae2f589cea82d3a7 100644
--- a/openssl/src/pkcs5.rs
+++ b/openssl/src/pkcs5.rs
@@ -107,8 +107,8 @@ pub fn pbkdf2_hmac(
/// Derives a key from a password and salt using the scrypt algorithm.
///
-/// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
-#[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
+/// Requires OpenSSL 1.1.0 or newer.
+#[cfg(any(ossl110))]
pub fn scrypt(
pass: &[u8],
salt: &[u8],
@@ -271,7 +271,7 @@ mod tests {
}
#[test]
- #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
+ #[cfg(any(ossl110))]
fn scrypt() {
use hex;
diff --git a/openssl/src/ssl/callbacks.rs b/openssl/src/ssl/callbacks.rs
index 14667980429fa3807462e866311c28188f97fda8..5b95ed029d87e730f1e18e7a81c8735e708fddc8 100644
--- a/openssl/src/ssl/callbacks.rs
+++ b/openssl/src/ssl/callbacks.rs
@@ -1,30 +1,29 @@
use ffi;
use libc::{c_char, c_int, c_uchar, c_uint, c_void};
-#[cfg(all(feature = "v111", ossl111))]
+#[cfg(ossl111)]
use libc::size_t;
use std::ffi::CStr;
use std::ptr;
use std::slice;
use std::mem;
-#[cfg(all(feature = "v111", ossl111))]
+#[cfg(ossl111)]
use std::str;
use foreign_types::ForeignTypeRef;
use foreign_types::ForeignType;
use error::ErrorStack;
use dh::Dh;
-#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))]
+#[cfg(any(ossl101, ossl102))]
use ec::EcKey;
use pkey::Params;
use ssl::{get_callback_idx, get_ssl_callback_idx, SniError, SslAlert, SslContextRef, SslRef,
SslSession, SslSessionRef};
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
- all(feature = "v111", ossl111)))]
+#[cfg(any(ossl102, ossl110))]
use ssl::AlpnError;
use x509::X509StoreContextRef;
-#[cfg(all(feature = "v111", ossl111))]
+#[cfg(ossl111)]
use ssl::ExtensionContext;
-#[cfg(all(feature = "v111", ossl111))]
+#[cfg(ossl111)]
use x509::X509Ref;
pub extern "C" fn raw_verify<F>(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX) -> c_int
@@ -118,8 +117,7 @@ where
}
}
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
- all(feature = "v111", ossl111)))]
+#[cfg(any(ossl102, ossl110))]
pub extern "C" fn raw_alpn_select<F>(
ssl: *mut ffi::SSL,
out: *mut *const c_uchar,
@@ -175,7 +173,7 @@ where
}
}
-#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))]
+#[cfg(any(ossl101, ossl102))]
pub unsafe extern "C" fn raw_tmp_ecdh<F>(
ssl: *mut ffi::SSL,
is_export: c_int,
@@ -227,7 +225,7 @@ where
}
}
-#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))]
+#[cfg(any(ossl101, ossl102))]
pub unsafe extern "C" fn raw_tmp_ecdh_ssl<F>(
ssl: *mut ffi::SSL,
is_export: c_int,
@@ -320,9 +318,9 @@ pub unsafe extern "C" fn raw_remove_session<F>(
callback(ctx, session)
}
-#[cfg(any(ossl110, ossl111))]
+#[cfg(any(ossl110))]
type DataPtr = *const c_uchar;
-#[cfg(not(any(ossl110, ossl111)))]
+#[cfg(not(any(ossl110)))]
type DataPtr = *mut c_uchar;
pub unsafe extern "C" fn raw_get_session<F>(
@@ -352,7 +350,7 @@ where
}
}
-#[cfg(all(feature = "v111", ossl111))]
+#[cfg(ossl111)]
pub unsafe extern "C" fn raw_keylog<F>(ssl: *const ffi::SSL, line: *const c_char)
where
F: Fn(&SslRef, &str) + 'static + Sync + Send,
@@ -423,10 +421,10 @@ where
}
}
-#[cfg(all(feature = "v111", ossl111))]
+#[cfg(ossl111)]
pub struct CustomExtAddState<T>(Option<T>);
-#[cfg(all(feature = "v111", ossl111))]
+#[cfg(ossl111)]
pub extern "C" fn raw_custom_ext_add<F, T>(
ssl: *mut ffi::SSL,
_: c_uint,
@@ -480,7 +478,7 @@ where
}
}
-#[cfg(all(feature = "v111", ossl111))]
+#[cfg(ossl111)]
pub extern "C" fn raw_custom_ext_free<T>(
ssl: *mut ffi::SSL,
_: c_uint,
@@ -497,7 +495,7 @@ pub extern "C" fn raw_custom_ext_free<T>(
}
}
-#[cfg(all(feature = "v111", ossl111))]
+#[cfg(ossl111)]
pub extern "C" fn raw_custom_ext_parse<F>(
ssl: *mut ffi::SSL,
_: c_uint,
diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs
index c04147069875ed7488b85b102d182104682ffba7..89eb0ac32f79864ca55d5066d53d25b282075aac 100644
--- a/openssl/src/ssl/connector.rs
+++ b/openssl/src/ssl/connector.rs
@@ -296,7 +296,7 @@ fn setup_curves(ctx: &mut SslContextBuilder) -> Result<(), ErrorStack> {
#[cfg(ossl102)]
fn setup_curves(ctx: &mut SslContextBuilder) -> Result<(), ErrorStack> {
- ctx._set_ecdh_auto(true)
+ ctx.set_ecdh_auto(true)
}
#[cfg(ossl110)]
@@ -316,7 +316,7 @@ fn setup_verify(ctx: &mut SslContextBuilder) {
#[cfg(any(ossl102, ossl110))]
fn setup_verify_hostname(ssl: &mut Ssl, domain: &str) -> Result<(), ErrorStack> {
- let param = ssl._param_mut();
+ let param = ssl.param_mut();
param.set_hostflags(::verify::X509CheckFlags::NO_PARTIAL_WILDCARDS);
match domain.parse() {
Ok(ip) => param.set_ip(ip),
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index f7f46a7f922ef4cf391caa5968e765df29644a47..f3c4ed3a4c93a07e042dfd3cb457d752d52b8728 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -80,12 +80,11 @@ use std::sync::Mutex;
use {cvt, cvt_n, cvt_p, init};
use dh::{Dh, DhRef};
use ec::EcKeyRef;
-#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))]
+#[cfg(any(ossl101, ossl102))]
use ec::EcKey;
use x509::{X509, X509Name, X509Ref, X509StoreContextRef, X509VerifyResult};
use x509::store::{X509StoreBuilderRef, X509StoreRef};
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
- all(feature = "v111", ossl111)))]
+#[cfg(any(ossl102, ossl110))]
use x509::store::X509Store;
#[cfg(any(ossl102, ossl110))]
use verify::X509VerifyParamRef;
@@ -97,6 +96,7 @@ use ssl::bio::BioMethod;
use ssl::error::InnerError;
use ssl::callbacks::*;
use nid::Nid;
+#[cfg(ossl111)]
use hash::MessageDigest;
pub use ssl::connector::{ConnectConfiguration, SslAcceptor, SslAcceptorBuilder, SslConnector,
@@ -181,28 +181,27 @@ bitflags! {
/// Disables the use of TLSv1.3.
///
- /// Requires the `v111` feature and OpenSSL 1.1.1.
- #[cfg(all(feature = "v111", ossl111))]
+ /// Requires OpenSSL 1.1.1 or newer.
+ #[cfg(ossl111)]
const NO_TLSV1_3 = ffi::SSL_OP_NO_TLSv1_3;
/// Disables the use of DTLSv1.0
///
- /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
- #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
- all(feature = "v111", ossl111)))]
+ /// Requires OpenSSL 1.0.2 or newer.
+ #[cfg(any(ossl102, ossl110))]
const NO_DTLSV1 = ffi::SSL_OP_NO_DTLSv1;
/// Disables the use of DTLSv1.2.
- /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
- #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
- all(feature = "v111", ossl111)))]
+ ///
+ /// Requires OpenSSL 1.0.2, or newer.
+ #[cfg(any(ossl102, ossl110))]
const NO_DTLSV1_2 = ffi::SSL_OP_NO_DTLSv1_2;
/// Disables the use of all (D)TLS protocol versions.
///
/// This can be used as a mask when whitelisting protocol versions.
///
- /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
+ /// Requires OpenSSL 1.0.2 or newer.
///
/// # Examples
///
@@ -213,15 +212,14 @@ bitflags! {
///
/// let options = SslOptions::NO_SSL_MASK & !SslOptions::NO_TLSV1_2;
/// ```
- #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
- all(feature = "v111", ossl111)))]
+ #[cfg(any(ossl102, ossl110))]
const NO_SSL_MASK = ffi::SSL_OP_NO_SSL_MASK;
/// Enable TLSv1.3 Compatibility mode.
///
- /// This is on by default in OpenSSL 1.1.1. A future version may have this
- /// disabled by default.
- #[cfg(all(feature = "v111", ossl111))]
+ /// Requires OpenSSL 1.1.1 or newer. This is on by default in 1.1.1, but a future version
+ /// may have this disabled by default.
+ #[cfg(ossl111)]
const ENABLE_MIDDLEBOX_COMPAT = ffi::SSL_OP_ENABLE_MIDDLEBOX_COMPAT;
}
}
@@ -368,7 +366,7 @@ bitflags! {
}
}
-#[cfg(all(feature = "v111", ossl111))]
+#[cfg(ossl111)]
bitflags! {
/// Which messages and under which conditions an extension should be added or expected.
pub struct ExtensionContext: c_uint {
@@ -542,19 +540,17 @@ impl SslAlert {
/// An error returned from an ALPN selection callback.
///
-/// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
- all(feature = "v111", ossl111)))]
+/// Requires OpenSSL 1.0.2 or newer.
+#[cfg(any(ossl102, ossl110))]
#[derive(Debug, Copy, Clone, PartialEq, Eq)]
pub struct AlpnError(c_int);
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
- all(feature = "v111", ossl111)))]
+#[cfg(any(ossl102, ossl110))]
impl AlpnError {
/// Terminate the handshake with a fatal alert.
///
- /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
- #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
+ /// Requires OpenSSL 1.1.0 or newer.
+ #[cfg(any(ossl110))]
pub const ALERT_FATAL: AlpnError = AlpnError(ffi::SSL_TLSEXT_ERR_ALERT_FATAL);
/// Do not select a protocol, but continue the handshake.
@@ -580,8 +576,8 @@ impl SslVersion {
/// TLSv1.3
///
- /// Requires OpenSSL 1.1.1 and the corresponding Cargo feature.
- #[cfg(all(feature = "v111", ossl111))]
+ /// Requires OpenSSL 1.1.1 or newer.
+ #[cfg(ossl111)]
pub const TLS1_3: SslVersion = SslVersion(ffi::TLS1_3_VERSION);
}
@@ -725,13 +721,12 @@ impl SslContextBuilder {
/// Sets a custom certificate store for verifying peer certificates.
///
- /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
+ /// Requires OpenSSL 1.0.2 or newer.
///
/// This corresponds to [`SSL_CTX_set0_verify_cert_store`].
///
/// [`SSL_CTX_set0_verify_cert_store`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set0_verify_cert_store.html
- #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
- all(feature = "v111", ossl111)))]
+ #[cfg(any(ossl102, ossl110))]
pub fn set_verify_cert_store(&mut self, cert_store: X509Store) -> Result<(), ErrorStack> {
unsafe {
let ptr = cert_store.as_ptr();
@@ -819,10 +814,10 @@ impl SslContextBuilder {
/// indicating if the selected cipher is export-grade, and the key length. The export and key
/// length options are archaic and should be ignored in almost all cases.
///
- /// Requires the `v101` feature and OpenSSL 1.0.1, or the `v102` feature and OpenSSL 1.0.2.
+ /// Requires OpenSSL 1.0.1 or 1.0.2.
///
/// This corresponds to `SSL_CTX_set_tmp_ecdh_callback`.
- #[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))]
+ #[cfg(any(ossl101, ossl102))]
pub fn set_tmp_ecdh_callback<F>(&mut self, callback: F)
where
F: Fn(&mut SslRef, bool, u32) -> Result<EcKey<Params>, ErrorStack> + 'static + Sync + Send,
@@ -1032,18 +1027,13 @@ impl SslContextBuilder {
/// Enables ECDHE key exchange with an automatically chosen curve list.
///
- /// Requires the `v102` feature and OpenSSL 1.0.2.
+ /// Requires OpenSSL 1.0.2.
///
/// This corresponds to [`SSL_CTX_set_ecdh_auto`].
///
/// [`SSL_CTX_set_ecdh_auto`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_ecdh_auto.html
- #[cfg(all(feature = "v102", any(ossl102, libressl)))]
- pub fn set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> {
- self._set_ecdh_auto(onoff)
- }
-
#[cfg(any(ossl102, libressl))]
- fn _set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> {
+ pub fn set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> {
unsafe { cvt(ffi::SSL_CTX_set_ecdh_auto(self.as_ptr(), onoff as c_int)).map(|_| ()) }
}
@@ -1089,10 +1079,10 @@ impl SslContextBuilder {
///
/// This corresponds to [`SSL_CTX_set_min_proto_version`].
///
- /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
+ /// Requires OpenSSL 1.1.0 or newer.
///
/// [`SSL_CTX_set_min_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html
- #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
+ #[cfg(any(ossl110))]
pub fn set_min_proto_version(&mut self, version: Option<SslVersion>) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::SSL_CTX_set_min_proto_version(
@@ -1109,10 +1099,10 @@ impl SslContextBuilder {
///
/// This corresponds to [`SSL_CTX_set_max_proto_version`].
///
- /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
+ /// Requires OpenSSL 1.1.0 or newer.
///
/// [`SSL_CTX_set_max_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html
- #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
+ #[cfg(any(ossl110))]
pub fn set_max_proto_version(&mut self, version: Option<SslVersion>) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::SSL_CTX_set_max_proto_version(
@@ -1129,10 +1119,10 @@ impl SslContextBuilder {
///
/// This corresponds to [`SSL_CTX_get_min_proto_version`].
///
- /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
+ /// Requires OpenSSL 1.1.0 or newer.
///
/// [`SSL_CTX_get_min_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html
- #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
+ #[cfg(any(ossl110))]
pub fn min_proto_version(&mut self) -> Option<SslVersion> {
unsafe {
let r = ffi::SSL_CTX_get_min_proto_version(self.as_ptr());
@@ -1151,10 +1141,10 @@ impl SslContextBuilder {
///
/// This corresponds to [`SSL_CTX_get_max_proto_version`].
///
- /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
+ /// Requires OpenSSL 1.1.0 or newer.
///
/// [`SSL_CTX_get_max_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html
- #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
+ #[cfg(any(ossl110))]
pub fn max_proto_version(&mut self) -> Option<SslVersion> {
unsafe {
let r = ffi::SSL_CTX_get_max_proto_version(self.as_ptr());
@@ -1175,11 +1165,10 @@ impl SslContextBuilder {
///
/// This corresponds to [`SSL_CTX_set_alpn_protos`].
///
- /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
+ /// Requires OpenSSL 1.0.2 or newer.
///
/// [`SSL_CTX_set_alpn_protos`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_alpn_protos.html
- #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
- all(feature = "v111", ossl111)))]
+ #[cfg(any(ossl102, ossl110))]
pub fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack> {
unsafe {
assert!(protocols.len() <= c_uint::max_value() as usize);
@@ -1207,13 +1196,12 @@ impl SslContextBuilder {
///
/// This corresponds to [`SSL_CTX_set_alpn_select_cb`].
///
- /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
+ /// Requires OpenSSL 1.0.2 or newer.
///
/// [`SslContextBuilder::set_alpn_protos`]: struct.SslContextBuilder.html#method.set_alpn_protos
/// [`select_next_proto`]: fn.select_next_proto.html
/// [`SSL_CTX_set_alpn_select_cb`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_alpn_protos.html
- #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
- all(feature = "v111", ossl111)))]
+ #[cfg(any(ossl102, ossl110))]
pub fn set_alpn_select_callback<F>(&mut self, callback: F)
where
F: for<'a> Fn(&mut SslRef, &'a [u8]) -> Result<&'a [u8], AlpnError> + 'static + Sync + Send,
@@ -1409,12 +1397,12 @@ impl SslContextBuilder {
/// SSLKEYLOGFILE-formatted text. This can be used by tools like Wireshark to decrypt message
/// traffic. The line does not contain a trailing newline.
///
- /// Requires OpenSSL 1.1.1 and the corresponding Cargo feature.
+ /// Requires OpenSSL 1.1.1 or newer.
///
/// This corresponds to [`SSL_CTX_set_keylog_callback`].
///
/// [`SSL_CTX_set_keylog_callback`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_keylog_callback.html
- #[cfg(all(feature = "v111", ossl111))]
+ #[cfg(ossl111)]
pub fn set_keylog_callback<F>(&mut self, callback: F)
where
F: Fn(&SslRef, &str) + 'static + Sync + Send,
@@ -1510,10 +1498,12 @@ impl SslContextBuilder {
/// Adds a custom extension for a TLS/DTLS client or server for all supported protocol versions.
///
+ /// Requires OpenSSL 1.1.1 or newer.
+ ///
/// This corresponds to [`SSL_CTX_add_custom_ext`].
///
/// [`SSL_CTX_add_custom_ext`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_add_custom_ext.html
- #[cfg(all(feature = "v111", ossl111))]
+ #[cfg(ossl111)]
pub fn add_custom_ext<AddFn, ParseFn, T>(
&mut self,
ext_type: u16,
@@ -1632,13 +1622,12 @@ impl SslContext {
impl SslContextRef {
/// Returns the certificate associated with this `SslContext`, if present.
///
- /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
+ /// Requires OpenSSL 1.0.2 or newer.
///
/// This corresponds to [`SSL_CTX_get0_certificate`].
///
/// [`SSL_CTX_get0_certificate`]: https://www.openssl.org/docs/man1.1.0/ssl/ssl.html
- #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
- all(feature = "v111", ossl111)))]
+ #[cfg(any(ossl102, ossl110))]
pub fn certificate(&self) -> Option<&X509Ref> {
unsafe {
let ptr = ffi::SSL_CTX_get0_certificate(self.as_ptr());
@@ -1652,13 +1641,12 @@ impl SslContextRef {
/// Returns the private key associated with this `SslContext`, if present.
///
- /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
+ /// Requires OpenSSL 1.0.2 or newer.
///
/// This corresponds to [`SSL_CTX_get0_privatekey`].
///
/// [`SSL_CTX_get0_privatekey`]: https://www.openssl.org/docs/man1.1.0/ssl/ssl.html
- #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
- all(feature = "v111", ossl111)))]
+ #[cfg(any(ossl102, ossl110))]
pub fn private_key(&self) -> Option<&PKeyRef<Private>> {
unsafe {
let ptr = ffi::SSL_CTX_get0_privatekey(self.as_ptr());
@@ -1819,26 +1807,38 @@ impl SslCipherRef {
/// Returns the handshake digest of the cipher.
///
- /// Available as of OpenSSL 1.1.1. This corresponds to [`SSL_CIPHER_get_handshake_digest`].
+ /// Requires OpenSSL 1.1.1 or newer.
+ ///
+ /// This corresponds to [`SSL_CIPHER_get_handshake_digest`].
///
/// [`SSL_CIPHER_get_handshake_digest`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CIPHER_get_handshake_digest.html
- #[cfg(all(feature = "v111", ossl111))]
+ #[cfg(ossl111)]
pub fn handshake_digest(&self) -> Option<MessageDigest> {
unsafe {
let ptr = ffi::SSL_CIPHER_get_handshake_digest(self.as_ptr());
- if ptr.is_null() { None } else { Some(MessageDigest::from_ptr(ptr)) }
+ if ptr.is_null() {
+ None
+ } else {
+ Some(MessageDigest::from_ptr(ptr))
+ }
}
}
/// Returns the NID corresponding to the cipher.
///
- /// Available as of OpenSSL 1.1.0. This corresponds to [`SSL_CIPHER_get_cipher_nid`]
+ /// Requires OpenSSL 1.1.0 or newer.
+ ///
+ /// This corresponds to [`SSL_CIPHER_get_cipher_nid`].
///
/// [`SSL_CIPHER_get_cipher_nid`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CIPHER_get_cipher_nid.html
- #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
+ #[cfg(any(ossl110))]
pub fn cipher_nid(&self) -> Option<Nid> {
let n = unsafe { ffi::SSL_CIPHER_get_cipher_nid(self.as_ptr()) };
- if n == 0 { None } else { Some(Nid::from_raw(n)) }
+ if n == 0 {
+ None
+ } else {
+ Some(Nid::from_raw(n))
+ }
}
}
@@ -2053,12 +2053,12 @@ impl SslRef {
/// Like [`SslContextBuilder::set_tmp_ecdh_callback`].
///
- /// Requires the `v101` feature and OpenSSL 1.0.1, or the `v102` feature and OpenSSL 1.0.2.
+ /// Requires OpenSSL 1.0.1 or 1.0.2.
///
/// This corresponds to `SSL_set_tmp_ecdh_callback`.
///
/// [`SslContextBuilder::set_tmp_ecdh_callback`]: struct.SslContextBuilder.html#method.set_tmp_ecdh_callback
- #[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))]
+ #[cfg(any(ossl101, ossl102))]
pub fn set_tmp_ecdh_callback<F>(&mut self, callback: F)
where
F: Fn(&mut SslRef, bool, u32) -> Result<EcKey<Params>, ErrorStack> + 'static + Sync + Send,
@@ -2077,13 +2077,13 @@ impl SslRef {
/// Like [`SslContextBuilder::set_ecdh_auto`].
///
- /// Requires the `v102` feature and OpenSSL 1.0.2.
+ /// Requires OpenSSL 1.0.2.
///
/// This corresponds to [`SSL_set_ecdh_auto`].
///
/// [`SslContextBuilder::set_tmp_ecdh`]: struct.SslContextBuilder.html#method.set_tmp_ecdh
/// [`SSL_set_ecdh_auto`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_set_ecdh_auto.html
- #[cfg(all(feature = "v102", ossl102))]
+ #[cfg(ossl102)]
pub fn set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> {
unsafe { cvt(ffi::SSL_set_ecdh_auto(self.as_ptr(), onoff as c_int)).map(|_| ()) }
}
@@ -2255,13 +2255,12 @@ impl SslRef {
/// The protocol's name is returned is an opaque sequence of bytes. It is up to the client
/// to interpret it.
///
- /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
+ /// Requires OpenSSL 1.0.2 or newer.
///
/// This corresponds to [`SSL_get0_alpn_selected`].
///
/// [`SSL_get0_alpn_selected`]: https://www.openssl.org/docs/manmaster/man3/SSL_get0_next_proto_negotiated.html
- #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
- all(feature = "v111", ossl111)))]
+ #[cfg(any(ossl102, ossl110))]
pub fn selected_alpn_protocol(&self) -> Option<&[u8]> {
unsafe {
let mut data: *const c_uchar = ptr::null();
@@ -2331,19 +2330,13 @@ impl SslRef {
/// Returns a mutable reference to the X509 verification configuration.
///
- /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
+ /// Requires OpenSSL 1.0.2 or newer.
///
/// This corresponds to [`SSL_get0_param`].
///
/// [`SSL_get0_param`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_get0_param.html
- #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
- all(feature = "v111", ossl111)))]
- pub fn param_mut(&mut self) -> &mut X509VerifyParamRef {
- self._param_mut()
- }
-
#[cfg(any(ossl102, ossl110))]
- fn _param_mut(&mut self) -> &mut X509VerifyParamRef {
+ pub fn param_mut(&mut self) -> &mut X509VerifyParamRef {
unsafe { X509VerifyParamRef::from_ptr_mut(ffi::SSL_get0_param(self.as_ptr())) }
}
@@ -2377,12 +2370,12 @@ impl SslRef {
/// Returns the number of bytes copied, or if the buffer is empty, the size of the client_random
/// value.
///
- /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
+ /// Requires OpenSSL 1.1.0 or newer.
///
/// This corresponds to [`SSL_get_client_random`].
///
/// [`SSL_get_client_random`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_get_client_random.html
- #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
+ #[cfg(any(ossl110))]
pub fn client_random(&self, buf: &mut [u8]) -> usize {
unsafe {
ffi::SSL_get_client_random(self.as_ptr(), buf.as_mut_ptr() as *mut c_uchar, buf.len())
@@ -2394,12 +2387,12 @@ impl SslRef {
/// Returns the number of bytes copied, or if the buffer is empty, the size of the server_random
/// value.
///
- /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
+ /// Requires OpenSSL 1.1.0 or newer.
///
/// This corresponds to [`SSL_get_server_random`].
///
/// [`SSL_get_server_random`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_get_client_random.html
- #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
+ #[cfg(any(ossl110))]
pub fn server_random(&self, buf: &mut [u8]) -> usize {
unsafe {
ffi::SSL_get_server_random(self.as_ptr(), buf.as_mut_ptr() as *mut c_uchar, buf.len())
diff --git a/openssl/src/ssl/test.rs b/openssl/src/ssl/test.rs
index 8be3e4d69aa94f1883201941b4a5e5e03a302170..c732f3fc932983a5126a1e8821e137da1e680f3b 100644
--- a/openssl/src/ssl/test.rs
+++ b/openssl/src/ssl/test.rs
@@ -20,11 +20,10 @@ use ocsp::{OcspResponse, OcspResponseStatus};
use ssl;
use ssl::{Error, HandshakeError, ShutdownResult, Ssl, SslAcceptor, SslConnector, SslContext,
SslFiletype, SslMethod, SslSessionCacheMode, SslStream, SslVerifyMode, StatusType};
-#[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
+#[cfg(any(ossl110))]
use ssl::SslVersion;
use x509::{X509, X509Name, X509StoreContext, X509VerifyResult};
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
- all(feature = "v111", ossl111)))]
+#[cfg(any(ossl102, ossl110))]
use x509::verify::X509CheckFlags;
use pkey::PKey;
@@ -138,17 +137,14 @@ macro_rules! run_test(
use ssl::{SslContext, Ssl, SslStream, SslVerifyMode, SslOptions};
use hash::MessageDigest;
use x509::{X509StoreContext, X509VerifyResult};
- #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
- all(feature = "v111", ossl111)))]
+ #[cfg(any(ossl102, ossl110))]
use x509::X509;
- #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
- all(feature = "v111", ossl111)))]
+ #[cfg(any(ossl102, ossl110))]
use x509::store::X509StoreBuilder;
use hex::FromHex;
use foreign_types::ForeignTypeRef;
use super::Server;
- #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
- all(feature = "v111", ossl111)))]
+ #[cfg(any(ossl102, ossl110))]
use super::ROOT_CERT;
#[test]
@@ -188,8 +184,7 @@ run_test!(verify_trusted, |method, stream| {
}
});
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
- all(feature = "v111", ossl111)))]
+#[cfg(any(ossl102, ossl110))]
run_test!(verify_trusted_with_set_cert, |method, stream| {
let x509 = X509::from_pem(ROOT_CERT).unwrap();
let mut store = X509StoreBuilder::new().unwrap();
@@ -484,8 +479,7 @@ fn test_state() {
/// Tests that connecting with the client using ALPN, but the server not does not
/// break the existing connection behavior.
#[test]
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
- all(feature = "v111", ossl111)))]
+#[cfg(any(ossl102, ossl110))]
fn test_connect_with_unilateral_alpn() {
let (_s, stream) = Server::new();
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
@@ -507,8 +501,7 @@ fn test_connect_with_unilateral_alpn() {
/// Tests that when both the client as well as the server use ALPN and their
/// lists of supported protocols have an overlap, the correct protocol is chosen.
#[test]
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
- all(feature = "v111", ossl111)))]
+#[cfg(any(ossl102, ossl110))]
fn test_connect_with_alpn_successful_multiple_matching() {
let (_s, stream) = Server::new_alpn();
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
@@ -531,8 +524,7 @@ fn test_connect_with_alpn_successful_multiple_matching() {
/// lists of supported protocols have an overlap -- with only ONE protocol
/// being valid for both.
#[test]
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
- all(feature = "v111", ossl111)))]
+#[cfg(any(ossl102, ossl110))]
fn test_connect_with_alpn_successful_single_match() {
let (_s, stream) = Server::new_alpn();
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
@@ -554,8 +546,7 @@ fn test_connect_with_alpn_successful_single_match() {
/// Tests that when the `SslStream` is created as a server stream, the protocols
/// are correctly advertised to the client.
#[test]
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
- all(feature = "v111", ossl111)))]
+#[cfg(any(ossl102, ossl110))]
fn test_alpn_server_advertise_multiple() {
let listener = TcpListener::bind("127.0.0.1:0").unwrap();
let localhost = listener.local_addr().unwrap();
@@ -597,7 +588,7 @@ fn test_alpn_server_advertise_multiple() {
}
#[test]
-#[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
+#[cfg(any(ossl110))]
fn test_alpn_server_select_none_fatal() {
let listener = TcpListener::bind("127.0.0.1:0").unwrap();
let localhost = listener.local_addr().unwrap();
@@ -631,8 +622,7 @@ fn test_alpn_server_select_none_fatal() {
}
#[test]
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
- all(feature = "v111", ossl111)))]
+#[cfg(any(ossl102, ossl110))]
fn test_alpn_server_select_none() {
let listener = TcpListener::bind("127.0.0.1:0").unwrap();
let localhost = listener.local_addr().unwrap();
@@ -799,8 +789,7 @@ fn add_extra_chain_cert() {
}
#[test]
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
- all(feature = "v111", ossl111)))]
+#[cfg(any(ossl102, ossl110))]
fn verify_valid_hostname() {
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
ctx.set_default_verify_paths().unwrap();
@@ -825,8 +814,7 @@ fn verify_valid_hostname() {
}
#[test]
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
- all(feature = "v111", ossl111)))]
+#[cfg(any(ossl102, ossl110))]
fn verify_invalid_hostname() {
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
ctx.set_default_verify_paths().unwrap();
@@ -1070,8 +1058,7 @@ fn tmp_dh_callback() {
}
#[test]
-#[cfg(any(all(feature = "v101", ossl101, not(any(libressl261, libressl262, libressl26x))),
- all(feature = "v102", ossl102)))]
+#[cfg(any(all(ossl101, not(libressl)), ossl102))]
fn tmp_ecdh_callback() {
use ec::EcKey;
use nid::Nid;
@@ -1145,8 +1132,7 @@ fn tmp_dh_callback_ssl() {
}
#[test]
-#[cfg(any(all(feature = "v101", ossl101, not(any(libressl261, libressl262, libressl26x))),
- all(feature = "v102", ossl102)))]
+#[cfg(any(all(ossl101, not(libressl)), ossl102))]
fn tmp_ecdh_callback_ssl() {
use ec::EcKey;
use nid::Nid;
@@ -1323,7 +1309,7 @@ fn keying_export() {
}
#[test]
-#[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
+#[cfg(any(ossl110))]
fn no_version_overlap() {
let listener = TcpListener::bind("127.0.0.1:0").unwrap();
let addr = listener.local_addr().unwrap();
@@ -1354,7 +1340,7 @@ fn no_version_overlap() {
}
#[test]
-#[cfg(all(feature = "v111", ossl111))]
+#[cfg(ossl111)]
fn custom_extensions() {
static FOUND_EXTENSION: AtomicBool = ATOMIC_BOOL_INIT;
@@ -1369,9 +1355,13 @@ fn custom_extensions() {
ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM)
.unwrap();
ctx.add_custom_ext(
- 12345, ssl::ExtensionContext::CLIENT_HELLO,
+ 12345,
+ ssl::ExtensionContext::CLIENT_HELLO,
|_, _, _| -> Result<Option<&'static [u8]>, _> { unreachable!() },
- |_, _, data, _| { FOUND_EXTENSION.store(data == b"hello", Ordering::SeqCst); Ok(()) }
+ |_, _, data, _| {
+ FOUND_EXTENSION.store(data == b"hello", Ordering::SeqCst);
+ Ok(())
+ },
).unwrap();
let ssl = Ssl::new(&ctx.build()).unwrap();
ssl.accept(stream).unwrap();
@@ -1380,9 +1370,10 @@ fn custom_extensions() {
let stream = TcpStream::connect(addr).unwrap();
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
ctx.add_custom_ext(
- 12345, ssl::ExtensionContext::CLIENT_HELLO,
+ 12345,
+ ssl::ExtensionContext::CLIENT_HELLO,
|_, _, _| Ok(Some(b"hello")),
- |_, _, _, _| unreachable!()
+ |_, _, _, _| unreachable!(),
).unwrap();
let ssl = Ssl::new(&ctx.build()).unwrap();
ssl.connect(stream).unwrap();
diff --git a/openssl/src/symm.rs b/openssl/src/symm.rs
index a70685847f980c08592e20ad4324892c1a664623..1937dbc7fbce05b515f07b5260b8bdd6ba8ff349 100644
--- a/openssl/src/symm.rs
+++ b/openssl/src/symm.rs
@@ -83,7 +83,11 @@ impl Cipher {
/// [`EVP_get_cipherbynid`]: https://www.openssl.org/docs/man1.0.2/crypto/EVP_get_cipherbyname.html
pub fn from_nid(nid: Nid) -> Option<Cipher> {
let ptr = unsafe { ffi::EVP_get_cipherbyname(ffi::OBJ_nid2sn(nid.as_raw())) };
- if ptr.is_null() { None } else { Some(Cipher(ptr)) }
+ if ptr.is_null() {
+ None
+ } else {
+ Some(Cipher(ptr))
+ }
}
pub fn aes_128_ecb() -> Cipher {
@@ -194,14 +198,14 @@ impl Cipher {
unsafe { Cipher(ffi::EVP_rc4()) }
}
- /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
- #[cfg(any(all(ossl110, feature = "v110"), all(ossl111, feature = "v111")))]
+ /// Requires OpenSSL 1.1.0 or newer.
+ #[cfg(any(ossl110))]
pub fn chacha20() -> Cipher {
unsafe { Cipher(ffi::EVP_chacha20()) }
}
- /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
- #[cfg(any(all(ossl110, feature = "v110"), all(ossl111, feature = "v111")))]
+ /// Requires OpenSSL 1.1.0 or newer.
+ #[cfg(any(ossl110))]
pub fn chacha20_poly1305() -> Cipher {
unsafe { Cipher(ffi::EVP_chacha20_poly1305()) }
}
@@ -439,7 +443,7 @@ impl Crypter {
///
/// The total plaintext or ciphertext length MUST be passed to the cipher when it operates in
/// CCM mode.
- pub fn set_data_len(&mut self, data_len: usize)-> Result<(), ErrorStack> {
+ pub fn set_data_len(&mut self, data_len: usize) -> Result<(), ErrorStack> {
unsafe {
assert!(data_len <= c_int::max_value() as usize);
let mut len = 0;
@@ -1203,7 +1207,7 @@ mod tests {
}
#[test]
- #[cfg(any(all(ossl110, feature = "v110"), all(ossl111, feature = "v111")))]
+ #[cfg(any(ossl110))]
fn test_chacha20() {
let key = "0000000000000000000000000000000000000000000000000000000000000000";
let iv = "00000000000000000000000000000000";
@@ -1218,7 +1222,7 @@ mod tests {
}
#[test]
- #[cfg(any(all(ossl110, feature = "v110"), all(ossl111, feature = "v111")))]
+ #[cfg(any(ossl110))]
fn test_chacha20_poly1305() {
let key = "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f";
let iv = "070000004041424344454647";
diff --git a/openssl/src/verify.rs b/openssl/src/verify.rs
index de76f61fb1e7c099b6572dcec12b2e0425f22acf..19e57c1789c78b1856d6d6c25c3ce4766a0a7321 100644
--- a/openssl/src/verify.rs
+++ b/openssl/src/verify.rs
@@ -15,8 +15,8 @@ bitflags! {
const MULTI_LABEL_WILDCARDS = ffi::X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS;
const SINGLE_LABEL_SUBDOMAINS
= ffi::X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS;
- /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
- #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
+ /// Requires OpenSSL 1.1.0 or newer.
+ #[cfg(any(ossl110))]
const NEVER_CHECK_SUBJECT = ffi::X509_CHECK_FLAG_NEVER_CHECK_SUBJECT;
}
}
diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs
index ef4b57e55dd8bbadc3e80645a58074085ff60e78..d4714f88b686d836695b5544ea708a505fe18732 100644
--- a/openssl/src/x509/mod.rs
+++ b/openssl/src/x509/mod.rs
@@ -40,8 +40,7 @@ use ffi::{ASN1_STRING_get0_data as ASN1_STRING_data,
X509_STORE_CTX_get0_chain as X509_STORE_CTX_get_chain,
X509_set1_notAfter as X509_set_notAfter, X509_set1_notBefore as X509_set_notBefore};
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
- all(feature = "v111", ossl111)))]
+#[cfg(any(ossl102, ossl110))]
pub mod verify;
pub mod extension;