Fix for changes in OpenSSL 1.1.0f (98d343dd) · Commits · Public Repositories / Rust Openssl

.travis.yml

+3 −3

Original line number	Diff line number	Diff line
		@@ -29,7 +29,7 @@ matrix:
		- binfmt-support
		- env: >
		TARGET=arm-unknown-linux-gnueabihf
		BUILD_OPENSSL_VERSION=1.1.0e
		BUILD_OPENSSL_VERSION=1.1.0f
		CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER=arm-linux-gnueabihf-gcc
		QEMU_LD_PREFIX=/usr/arm-linux-gnueabihf
		RUST_TEST_THREADS=1
		@@ -50,7 +50,7 @@ matrix:

		# 64-bit version compat
		- env: BUILD_OPENSSL_VERSION=1.0.2k
		- env: BUILD_OPENSSL_VERSION=1.1.0e
		- env: BUILD_OPENSSL_VERSION=1.1.0f

		# 32-bit version compat
		- env: TARGET=i686-unknown-linux-gnu BUILD_OPENSSL_VERSION=1.0.1u
		@@ -63,7 +63,7 @@ matrix:
		apt:
		packages:
		- gcc-multilib
		- env: TARGET=i686-unknown-linux-gnu BUILD_OPENSSL_VERSION=1.1.0e
		- env: TARGET=i686-unknown-linux-gnu BUILD_OPENSSL_VERSION=1.1.0f
		addons:
		apt:
		packages:

appveyor.yml

+4 −4

Original line number	Diff line number	Diff line
		@@ -5,20 +5,20 @@ environment:
		- TARGET: i686-pc-windows-gnu
		BITS: 32
		MSYS2: 1
		OPENSSL_VERSION: 1_1_0e
		OPENSSL_VERSION: 1_1_0f
		- TARGET: x86_64-pc-windows-msvc
		BITS: 64
		OPENSSL_VERSION: 1_1_0e
		OPENSSL_VERSION: 1_1_0f
		OPENSSL_DIR: C:\OpenSSL

		# 1.0.2, 64/32 bit
		- TARGET: x86_64-pc-windows-gnu
		BITS: 64
		MSYS2: 1
		OPENSSL_VERSION: 1_0_2k
		OPENSSL_VERSION: 1_0_2L
		- TARGET: i686-pc-windows-msvc
		BITS: 32
		OPENSSL_VERSION: 1_0_2k
		OPENSSL_VERSION: 1_0_2L
		OPENSSL_DIR: C:\OpenSSL
		install:
		# install OpenSSL

openssl-sys/build.rs

+8 −0

Original line number	Diff line number	Diff line
		@@ -253,6 +253,8 @@ RUST_LIBRESSL_250
		RUST_LIBRESSL_OLD
		#elif OPENSSL_VERSION_NUMBER >= 0x10101000
		RUST_OPENSSL_NEW
		#elif OPENSSL_VERSION_NUMBER >= 0x10100060
		RUST_OPENSSL_110F
		#elif OPENSSL_VERSION_NUMBER >= 0x10100000
		RUST_OPENSSL_110
		#elif OPENSSL_VERSION_NUMBER >= 0x10002000
		@@ -348,6 +350,12 @@ See rust-openssl README for more information:
		println!("cargo:libressl=true");
		println!("cargo:version=101");
		Version::Libressl
		} else if expanded.contains("RUST_OPENSSL_110F") {
		println!("cargo:rustc-cfg=ossl110");
		println!("cargo:rustc-cfg=ossl110f");
		println!("cargo:version=110");
		println!("cargo:patch=f");
		Version::Openssl110
		} else if expanded.contains("RUST_OPENSSL_110") {
		println!("cargo:rustc-cfg=ossl110");
		println!("cargo:version=110");

openssl-sys/src/lib.rs

+13 −1

Original line number	Diff line number	Diff line
		@@ -1205,8 +1205,18 @@ pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2;
		#[cfg(not(ossl101))]
		pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x00000010;
		pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: c_ulong = 0x00000800;
		pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x80000000;
		pub const SSL_OP_LEGACY_SERVER_CONNECT: c_ulong = 0x00000004;
		#[cfg(not(libressl))]
		pub const SSL_OP_SAFARI_ECDHE_ECDSA_BUG: c_ulong = 0x00000040;
		#[cfg(not(any(libressl, ossl110f)))]
		pub const SSL_OP_ALL: c_ulong = 0x80000BFF;
		#[cfg(ossl110f)]
		pub const SSL_OP_ALL: c_ulong = SSL_OP_CRYPTOPRO_TLSEXT_BUG \|
		SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS \|
		SSL_OP_LEGACY_SERVER_CONNECT \|
		SSL_OP_TLSEXT_PADDING \|
		SSL_OP_SAFARI_ECDHE_ECDSA_BUG;
		pub const SSL_OP_NO_QUERY_MTU: c_ulong = 0x00001000;
		pub const SSL_OP_COOKIE_EXCHANGE: c_ulong = 0x00002000;
		pub const SSL_OP_NO_TICKET: c_ulong = 0x00004000;
		@@ -2264,8 +2274,10 @@ extern "C" {
		len: *mut c_uint);
		pub fn SSL_get_session(s: const SSL) -> mut SSL_SESSION;
		pub fn SSL_set_session(ssl: mut SSL, session: mut SSL_SESSION) -> c_int;
		#[cfg(not(any(ossl101, libressl)))]
		#[cfg(not(any(ossl101, libressl, ossl110f)))]
		pub fn SSL_is_server(s: *mut SSL) -> c_int;
		#[cfg(ossl110f)]
		pub fn SSL_is_server(s: *const SSL) -> c_int;

		pub fn SSL_SESSION_free(s: *mut SSL_SESSION);
		pub fn SSL_SESSION_get_id(s: const SSL_SESSION, len: mut c_uint) -> *const c_uchar;

openssl/src/ssl/tests/mod.rs

+2 −34

Original line number	Diff line number	Diff line
		@@ -743,7 +743,7 @@ fn test_alpn_server_advertise_multiple() {
		/// Test that Servers supporting ALPN don't report a protocol when none of their protocols match
		/// the client's reported protocol.
		#[test]
		#[cfg(all(feature = "v102", ossl102))]
		#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
		fn test_alpn_server_select_none() {
		let listener = TcpListener::bind("127.0.0.1:0").unwrap();
		let localhost = listener.local_addr().unwrap();
		@@ -776,38 +776,6 @@ fn test_alpn_server_select_none() {
		assert_eq!(None, stream.ssl().selected_alpn_protocol());
		}

		// In 1.1.0, ALPN negotiation failure is a fatal error
		#[test]
		#[cfg(all(feature = "v110", ossl110))]
		fn test_alpn_server_select_none() {
		let listener = TcpListener::bind("127.0.0.1:0").unwrap();
		let localhost = listener.local_addr().unwrap();
		// We create a different context instance for the server...
		let listener_ctx = {
		let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
		ctx.set_verify(SSL_VERIFY_PEER);
		ctx.set_alpn_protocols(&[b"http/1.1", b"spdy/3.1"]).unwrap();
		assert!(ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM)
		.is_ok());
		ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM)
		.unwrap();
		ctx.build()
		};
		// Have the listener wait on the connection in a different thread.
		thread::spawn(move \|\| {
		let (stream, _) = listener.accept().unwrap();
		assert!(Ssl::new(&listener_ctx).unwrap().accept(stream).is_err());
		});

		let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
		ctx.set_verify(SSL_VERIFY_PEER);
		ctx.set_alpn_protocols(&[b"http/2"]).unwrap();
		ctx.set_ca_file(&Path::new("test/root-ca.pem")).unwrap();
		// Now connect to the socket and make sure the protocol negotiation works...
		let stream = TcpStream::connect(localhost).unwrap();
		assert!(Ssl::new(&ctx.build()).unwrap().connect(stream).is_err());
		}

		#[test]
		#[cfg_attr(any(libressl, windows, target_arch = "arm"), ignore)] // FIXME(#467)
		fn test_read_dtlsv1() {