Merge pull request #938 from sfackler/verified-chain (a1cb6a73) · Commits · Public Repositories / Rust Openssl

openssl-sys/src/openssl/v110.rs

+1 −0

Original line number	Diff line number	Diff line
		@@ -280,6 +280,7 @@ extern "C" {
		);
		pub fn SSL_get_client_random(ssl: const SSL, out: mut c_uchar, len: size_t) -> size_t;
		pub fn SSL_get_server_random(ssl: const SSL, out: mut c_uchar, len: size_t) -> size_t;
		pub fn SSL_get0_verified_chain(ssl: const SSL) -> mut stack_st_X509;
		pub fn X509_getm_notAfter(x: const ::X509) -> mut ::ASN1_TIME;
		pub fn X509_getm_notBefore(x: const ::X509) -> mut ::ASN1_TIME;
		pub fn X509_get0_signature(

openssl/src/ssl/mod.rs

+26 −8

Original line number	Diff line number	Diff line
		@@ -1822,7 +1822,7 @@ impl SslCipherRef {
		}
		}

		foreign_type! {
		foreign_type_and_impl_send_sync! {
		type CType = ffi::SSL_SESSION;
		fn drop = ffi::SSL_SESSION_free;

		@@ -1837,9 +1837,6 @@ foreign_type! {
		pub struct SslSessionRef;
		}

		unsafe impl Sync for SslSession {}
		unsafe impl Send for SslSession {}

		impl Clone for SslSession {
		fn clone(&self) -> SslSession {
		SslSessionRef::to_owned(self)
		@@ -1927,7 +1924,7 @@ impl SslSessionRef {
		}
		}

		foreign_type! {
		foreign_type_and_impl_send_sync! {
		type CType = ffi::SSL;
		fn drop = ffi::SSL_free;

		@@ -1945,9 +1942,6 @@ foreign_type! {
		pub struct SslRef;
		}

		unsafe impl Sync for Ssl {}
		unsafe impl Send for Ssl {}

		impl fmt::Debug for Ssl {
		fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result {
		fmt::Debug::fmt(&**self, fmt)
		@@ -2254,6 +2248,30 @@ impl SslRef {
		}
		}

		/// Returns the verified certificate chani of the peer, including the leaf certificate.
		///
		/// If verification was not successful (i.e. [`verify_result`] does not return
		/// [`X509VerifyResult::OK`]), this chain may be incomplete or invalid.
		///
		/// Requires OpenSSL 1.1.0 or newer.
		///
		/// This corresponds to [`SSL_get0_verified_chain`].
		///
		/// [`verify_result`]: #method.verify_result
		/// [`X509VerifyResult::OK`]: ../x509/struct.X509VerifyResult.html#associatedconstant.OK
		/// [`SSL_get0_verified_chain`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_get0_verified_chain.html
		#[cfg(ossl110)]
		pub fn verified_chain(&self) -> Option<&StackRef<X509>> {
		unsafe {
		let ptr = ffi::SSL_get0_verified_chain(self.as_ptr());
		if ptr.is_null() {
		None
		} else {
		Some(StackRef::from_ptr(ptr))
		}
		}
		}

		/// Like [`SslContext::certificate`].
		///
		/// This corresponds to `SSL_get_certificate`.

openssl/src/x509/store.rs

+4 −6

Original line number	Diff line number	Diff line
		@@ -44,11 +44,11 @@ use ffi;
		use foreign_types::ForeignTypeRef;
		use std::mem;

		use {cvt, cvt_p};
		use error::ErrorStack;
		use x509::X509;
		use {cvt, cvt_p};

		foreign_type! {
		foreign_type_and_impl_send_sync! {
		type CType = ffi::X509_STORE;
		fn drop = ffi::X509_STORE_free;

		@@ -82,9 +82,7 @@ impl X509StoreBuilderRef {
		/// Adds a certificate to the certificate store.
		// FIXME should take an &X509Ref
		pub fn add_cert(&mut self, cert: X509) -> Result<(), ErrorStack> {
		unsafe {
		cvt(ffi::X509_STORE_add_cert(self.as_ptr(), cert.as_ptr())).map(\|_\| ())
		}
		unsafe { cvt(ffi::X509_STORE_add_cert(self.as_ptr(), cert.as_ptr())).map(\|_\| ()) }
		}

		/// Load certificates from their default locations.
		@@ -97,7 +95,7 @@ impl X509StoreBuilderRef {
		}
		}

		foreign_type! {
		foreign_type_and_impl_send_sync! {
		type CType = ffi::X509_STORE;
		fn drop = ffi::X509_STORE_free;