Loading openssl-sys/src/x509_vfy.rs +30 −0 Original line number Diff line number Diff line Loading @@ -95,6 +95,29 @@ cfg_if! { } } pub const X509_V_FLAG_CB_ISSUER_CHECK: c_ulong = 0x0; pub const X509_V_FLAG_USE_CHECK_TIME: c_ulong = 0x2; pub const X509_V_FLAG_CRL_CHECK: c_ulong = 0x4; pub const X509_V_FLAG_CRL_CHECK_ALL: c_ulong = 0x8; pub const X509_V_FLAG_IGNORE_CRITICAL: c_ulong = 0x10; pub const X509_V_FLAG_X509_STRICT: c_ulong = 0x20; pub const X509_V_FLAG_ALLOW_PROXY_CERTS: c_ulong = 0x40; pub const X509_V_FLAG_POLICY_CHECK: c_ulong = 0x80; pub const X509_V_FLAG_EXPLICIT_POLICY: c_ulong = 0x100; pub const X509_V_FLAG_INHIBIT_ANY: c_ulong = 0x200; pub const X509_V_FLAG_INHIBIT_MAP: c_ulong = 0x400; pub const X509_V_FLAG_NOTIFY_POLICY: c_ulong = 0x800; pub const X509_V_FLAG_EXTENDED_CRL_SUPPORT: c_ulong = 0x1000; pub const X509_V_FLAG_USE_DELTAS: c_ulong = 0x2000; pub const X509_V_FLAG_CHECK_SS_SIGNATURE: c_ulong = 0x4000; pub const X509_V_FLAG_TRUSTED_FIRST: c_ulong = 0x8000; pub const X509_V_FLAG_SUITEB_128_LOS_ONLY: c_ulong = 0x10000; pub const X509_V_FLAG_SUITEB_192_LOS: c_ulong = 0x20000; pub const X509_V_FLAG_SUITEB_128_LOS: c_ulong = 0x30000; pub const X509_V_FLAG_PARTIAL_CHAIN: c_ulong = 0x80000; pub const X509_V_FLAG_NO_ALT_CHAINS: c_ulong = 0x100000; pub const X509_V_FLAG_NO_CHECK_TIME: c_ulong = 0x200000; extern "C" { pub fn X509_STORE_new() -> *mut X509_STORE; pub fn X509_STORE_free(store: *mut X509_STORE); Loading Loading @@ -136,6 +159,13 @@ extern "C" { #[cfg(any(ossl102, libressl261))] pub fn X509_VERIFY_PARAM_free(param: *mut X509_VERIFY_PARAM); #[cfg(any(ossl102, libressl261))] pub fn X509_VERIFY_PARAM_set_flags(param: *mut X509_VERIFY_PARAM, flags: c_ulong) -> c_int; #[cfg(any(ossl102, libressl261))] pub fn X509_VERIFY_PARAM_clear_flags(param: *mut X509_VERIFY_PARAM, flags: c_ulong) -> c_int; #[cfg(any(ossl102, libressl261))] pub fn X509_VERIFY_PARAM_get_flags(param: *mut X509_VERIFY_PARAM) -> c_ulong; #[cfg(any(ossl102, libressl261))] pub fn X509_VERIFY_PARAM_set1_host( param: *mut X509_VERIFY_PARAM, Loading openssl/src/ssl/mod.rs +12 −12 Original line number Diff line number Diff line Loading @@ -1342,6 +1342,18 @@ impl SslContextBuilder { unsafe { X509StoreBuilderRef::from_ptr_mut(ffi::SSL_CTX_get_cert_store(self.as_ptr())) } } /// Returns a mutable reference to the X509 verification configuration. /// /// Requires OpenSSL 1.0.2 or newer. /// /// This corresponds to [`SSL_CTX_get0_param`]. /// /// [`SSL_CTX_get0_param`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_get0_param.html #[cfg(any(ossl102, libressl261))] pub fn verify_param_mut(&mut self) -> &mut X509VerifyParamRef { unsafe { X509VerifyParamRef::from_ptr_mut(ffi::SSL_CTX_get0_param(self.as_ptr())) } } /// Sets the callback dealing with OCSP stapling. /// /// On the client side, this callback is responsible for validating the OCSP status response Loading Loading @@ -1995,18 +2007,6 @@ impl SslContextRef { let mode = unsafe { ffi::SSL_CTX_get_verify_mode(self.as_ptr()) }; SslVerifyMode::from_bits(mode).expect("SSL_CTX_get_verify_mode returned invalid mode") } /// Returns a mutable reference to the X509 verification configuration. /// /// Requires OpenSSL 1.0.2 or newer. /// /// This corresponds to [`SSL_CTX_get0_param`]. /// /// [`SSL_CTX_get0_param`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_get0_param.html #[cfg(any(ossl102, libressl261))] pub fn param_mut(&mut self) -> &mut X509VerifyParamRef { unsafe { X509VerifyParamRef::from_ptr_mut(ffi::SSL_CTX_get0_param(self.as_ptr())) } } } /// Information about the state of a cipher. Loading openssl/src/x509/verify.rs +63 −1 Original line number Diff line number Diff line use ffi; use foreign_types::ForeignTypeRef; use libc::c_uint; use libc::{c_uint, c_ulong}; use std::net::IpAddr; use cvt; Loading @@ -23,6 +23,34 @@ bitflags! { } } bitflags! { /// Flags used to verify an `X509` certificate chain. pub struct X509VerifyFlags: c_ulong { const X509_V_FLAG_CB_ISSUER_CHECK = ffi::X509_V_FLAG_CB_ISSUER_CHECK; const X509_V_FLAG_USE_CHECK_TIME = ffi::X509_V_FLAG_USE_CHECK_TIME; const X509_V_FLAG_CRL_CHECK = ffi::X509_V_FLAG_CRL_CHECK; const X509_V_FLAG_CRL_CHECK_ALL = ffi::X509_V_FLAG_CRL_CHECK_ALL; const X509_V_FLAG_IGNORE_CRITICAL = ffi::X509_V_FLAG_X509_STRICT; const X509_V_FLAG_X509_STRICT = ffi::X509_V_FLAG_IGNORE_CRITICAL; const X509_V_FLAG_ALLOW_PROXY_CERTS = ffi::X509_V_FLAG_ALLOW_PROXY_CERTS; const X509_V_FLAG_POLICY_CHECK = ffi::X509_V_FLAG_POLICY_CHECK; const X509_V_FLAG_EXPLICIT_POLICY = ffi::X509_V_FLAG_EXPLICIT_POLICY; const X509_V_FLAG_INHIBIT_ANY = ffi::X509_V_FLAG_INHIBIT_ANY; const X509_V_FLAG_INHIBIT_MAP = ffi::X509_V_FLAG_INHIBIT_MAP; const X509_V_FLAG_NOTIFY_POLICY = ffi::X509_V_FLAG_NOTIFY_POLICY; const X509_V_FLAG_EXTENDED_CRL_SUPPORT = ffi::X509_V_FLAG_EXTENDED_CRL_SUPPORT; const X509_V_FLAG_USE_DELTAS = ffi::X509_V_FLAG_USE_DELTAS; const X509_V_FLAG_CHECK_SS_SIGNATURE = ffi::X509_V_FLAG_CHECK_SS_SIGNATURE; const X509_V_FLAG_TRUSTED_FIRST = ffi::X509_V_FLAG_TRUSTED_FIRST; const X509_V_FLAG_SUITEB_128_LOS_ONLY = ffi::X509_V_FLAG_SUITEB_128_LOS_ONLY; const X509_V_FLAG_SUITEB_192_LOS = ffi::X509_V_FLAG_SUITEB_128_LOS; const X509_V_FLAG_SUITEB_128_LOS = ffi::X509_V_FLAG_SUITEB_192_LOS; const X509_V_FLAG_PARTIAL_CHAIN = ffi::X509_V_FLAG_PARTIAL_CHAIN; const X509_V_FLAG_NO_ALT_CHAINS = ffi::X509_V_FLAG_NO_ALT_CHAINS; const X509_V_FLAG_NO_CHECK_TIME = ffi::X509_V_FLAG_NO_CHECK_TIME; } } foreign_type_and_impl_send_sync! { type CType = ffi::X509_VERIFY_PARAM; fn drop = ffi::X509_VERIFY_PARAM_free; Loading @@ -45,6 +73,40 @@ impl X509VerifyParamRef { } } /// Set verification flags. /// /// This corresponds to [`X509_VERIFY_PARAM_set_flags`]. /// /// [`X509_VERIFY_PARAM_set_flags`]: https://www.openssl.org/docs/man1.0.2/crypto/X509_VERIFY_PARAM_set_flags.html pub fn set_flags(&mut self, flags: X509VerifyFlags) -> Result<(), ErrorStack> { unsafe { cvt(ffi::X509_VERIFY_PARAM_set_flags(self.as_ptr(), flags.bits)).map(|_| ()) } } /// Clear verification flags. /// /// This corresponds to [`X509_VERIFY_PARAM_clear_flags`]. /// /// [`X509_VERIFY_PARAM_clear_flags`]: https://www.openssl.org/docs/man1.0.2/crypto/X509_VERIFY_PARAM_clear_flags.html pub fn clear_flags(&mut self, flags: X509VerifyFlags) -> Result<(), ErrorStack> { unsafe { cvt(ffi::X509_VERIFY_PARAM_clear_flags( self.as_ptr(), flags.bits, )) .map(|_| ()) } } /// Gets verification flags. /// /// This corresponds to [`X509_VERIFY_PARAM_get_flags`]. /// /// [`X509_VERIFY_PARAM_get_flags`]: https://www.openssl.org/docs/man1.0.2/crypto/X509_VERIFY_PARAM_get_flags.html pub fn get_flags(&mut self) -> X509VerifyFlags { let bits = unsafe { ffi::X509_VERIFY_PARAM_get_flags(self.as_ptr()) }; X509VerifyFlags { bits } } /// Set the expected DNS hostname. /// /// This corresponds to [`X509_VERIFY_PARAM_set1_host`]. Loading Loading
openssl-sys/src/x509_vfy.rs +30 −0 Original line number Diff line number Diff line Loading @@ -95,6 +95,29 @@ cfg_if! { } } pub const X509_V_FLAG_CB_ISSUER_CHECK: c_ulong = 0x0; pub const X509_V_FLAG_USE_CHECK_TIME: c_ulong = 0x2; pub const X509_V_FLAG_CRL_CHECK: c_ulong = 0x4; pub const X509_V_FLAG_CRL_CHECK_ALL: c_ulong = 0x8; pub const X509_V_FLAG_IGNORE_CRITICAL: c_ulong = 0x10; pub const X509_V_FLAG_X509_STRICT: c_ulong = 0x20; pub const X509_V_FLAG_ALLOW_PROXY_CERTS: c_ulong = 0x40; pub const X509_V_FLAG_POLICY_CHECK: c_ulong = 0x80; pub const X509_V_FLAG_EXPLICIT_POLICY: c_ulong = 0x100; pub const X509_V_FLAG_INHIBIT_ANY: c_ulong = 0x200; pub const X509_V_FLAG_INHIBIT_MAP: c_ulong = 0x400; pub const X509_V_FLAG_NOTIFY_POLICY: c_ulong = 0x800; pub const X509_V_FLAG_EXTENDED_CRL_SUPPORT: c_ulong = 0x1000; pub const X509_V_FLAG_USE_DELTAS: c_ulong = 0x2000; pub const X509_V_FLAG_CHECK_SS_SIGNATURE: c_ulong = 0x4000; pub const X509_V_FLAG_TRUSTED_FIRST: c_ulong = 0x8000; pub const X509_V_FLAG_SUITEB_128_LOS_ONLY: c_ulong = 0x10000; pub const X509_V_FLAG_SUITEB_192_LOS: c_ulong = 0x20000; pub const X509_V_FLAG_SUITEB_128_LOS: c_ulong = 0x30000; pub const X509_V_FLAG_PARTIAL_CHAIN: c_ulong = 0x80000; pub const X509_V_FLAG_NO_ALT_CHAINS: c_ulong = 0x100000; pub const X509_V_FLAG_NO_CHECK_TIME: c_ulong = 0x200000; extern "C" { pub fn X509_STORE_new() -> *mut X509_STORE; pub fn X509_STORE_free(store: *mut X509_STORE); Loading Loading @@ -136,6 +159,13 @@ extern "C" { #[cfg(any(ossl102, libressl261))] pub fn X509_VERIFY_PARAM_free(param: *mut X509_VERIFY_PARAM); #[cfg(any(ossl102, libressl261))] pub fn X509_VERIFY_PARAM_set_flags(param: *mut X509_VERIFY_PARAM, flags: c_ulong) -> c_int; #[cfg(any(ossl102, libressl261))] pub fn X509_VERIFY_PARAM_clear_flags(param: *mut X509_VERIFY_PARAM, flags: c_ulong) -> c_int; #[cfg(any(ossl102, libressl261))] pub fn X509_VERIFY_PARAM_get_flags(param: *mut X509_VERIFY_PARAM) -> c_ulong; #[cfg(any(ossl102, libressl261))] pub fn X509_VERIFY_PARAM_set1_host( param: *mut X509_VERIFY_PARAM, Loading
openssl/src/ssl/mod.rs +12 −12 Original line number Diff line number Diff line Loading @@ -1342,6 +1342,18 @@ impl SslContextBuilder { unsafe { X509StoreBuilderRef::from_ptr_mut(ffi::SSL_CTX_get_cert_store(self.as_ptr())) } } /// Returns a mutable reference to the X509 verification configuration. /// /// Requires OpenSSL 1.0.2 or newer. /// /// This corresponds to [`SSL_CTX_get0_param`]. /// /// [`SSL_CTX_get0_param`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_get0_param.html #[cfg(any(ossl102, libressl261))] pub fn verify_param_mut(&mut self) -> &mut X509VerifyParamRef { unsafe { X509VerifyParamRef::from_ptr_mut(ffi::SSL_CTX_get0_param(self.as_ptr())) } } /// Sets the callback dealing with OCSP stapling. /// /// On the client side, this callback is responsible for validating the OCSP status response Loading Loading @@ -1995,18 +2007,6 @@ impl SslContextRef { let mode = unsafe { ffi::SSL_CTX_get_verify_mode(self.as_ptr()) }; SslVerifyMode::from_bits(mode).expect("SSL_CTX_get_verify_mode returned invalid mode") } /// Returns a mutable reference to the X509 verification configuration. /// /// Requires OpenSSL 1.0.2 or newer. /// /// This corresponds to [`SSL_CTX_get0_param`]. /// /// [`SSL_CTX_get0_param`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_get0_param.html #[cfg(any(ossl102, libressl261))] pub fn param_mut(&mut self) -> &mut X509VerifyParamRef { unsafe { X509VerifyParamRef::from_ptr_mut(ffi::SSL_CTX_get0_param(self.as_ptr())) } } } /// Information about the state of a cipher. Loading
openssl/src/x509/verify.rs +63 −1 Original line number Diff line number Diff line use ffi; use foreign_types::ForeignTypeRef; use libc::c_uint; use libc::{c_uint, c_ulong}; use std::net::IpAddr; use cvt; Loading @@ -23,6 +23,34 @@ bitflags! { } } bitflags! { /// Flags used to verify an `X509` certificate chain. pub struct X509VerifyFlags: c_ulong { const X509_V_FLAG_CB_ISSUER_CHECK = ffi::X509_V_FLAG_CB_ISSUER_CHECK; const X509_V_FLAG_USE_CHECK_TIME = ffi::X509_V_FLAG_USE_CHECK_TIME; const X509_V_FLAG_CRL_CHECK = ffi::X509_V_FLAG_CRL_CHECK; const X509_V_FLAG_CRL_CHECK_ALL = ffi::X509_V_FLAG_CRL_CHECK_ALL; const X509_V_FLAG_IGNORE_CRITICAL = ffi::X509_V_FLAG_X509_STRICT; const X509_V_FLAG_X509_STRICT = ffi::X509_V_FLAG_IGNORE_CRITICAL; const X509_V_FLAG_ALLOW_PROXY_CERTS = ffi::X509_V_FLAG_ALLOW_PROXY_CERTS; const X509_V_FLAG_POLICY_CHECK = ffi::X509_V_FLAG_POLICY_CHECK; const X509_V_FLAG_EXPLICIT_POLICY = ffi::X509_V_FLAG_EXPLICIT_POLICY; const X509_V_FLAG_INHIBIT_ANY = ffi::X509_V_FLAG_INHIBIT_ANY; const X509_V_FLAG_INHIBIT_MAP = ffi::X509_V_FLAG_INHIBIT_MAP; const X509_V_FLAG_NOTIFY_POLICY = ffi::X509_V_FLAG_NOTIFY_POLICY; const X509_V_FLAG_EXTENDED_CRL_SUPPORT = ffi::X509_V_FLAG_EXTENDED_CRL_SUPPORT; const X509_V_FLAG_USE_DELTAS = ffi::X509_V_FLAG_USE_DELTAS; const X509_V_FLAG_CHECK_SS_SIGNATURE = ffi::X509_V_FLAG_CHECK_SS_SIGNATURE; const X509_V_FLAG_TRUSTED_FIRST = ffi::X509_V_FLAG_TRUSTED_FIRST; const X509_V_FLAG_SUITEB_128_LOS_ONLY = ffi::X509_V_FLAG_SUITEB_128_LOS_ONLY; const X509_V_FLAG_SUITEB_192_LOS = ffi::X509_V_FLAG_SUITEB_128_LOS; const X509_V_FLAG_SUITEB_128_LOS = ffi::X509_V_FLAG_SUITEB_192_LOS; const X509_V_FLAG_PARTIAL_CHAIN = ffi::X509_V_FLAG_PARTIAL_CHAIN; const X509_V_FLAG_NO_ALT_CHAINS = ffi::X509_V_FLAG_NO_ALT_CHAINS; const X509_V_FLAG_NO_CHECK_TIME = ffi::X509_V_FLAG_NO_CHECK_TIME; } } foreign_type_and_impl_send_sync! { type CType = ffi::X509_VERIFY_PARAM; fn drop = ffi::X509_VERIFY_PARAM_free; Loading @@ -45,6 +73,40 @@ impl X509VerifyParamRef { } } /// Set verification flags. /// /// This corresponds to [`X509_VERIFY_PARAM_set_flags`]. /// /// [`X509_VERIFY_PARAM_set_flags`]: https://www.openssl.org/docs/man1.0.2/crypto/X509_VERIFY_PARAM_set_flags.html pub fn set_flags(&mut self, flags: X509VerifyFlags) -> Result<(), ErrorStack> { unsafe { cvt(ffi::X509_VERIFY_PARAM_set_flags(self.as_ptr(), flags.bits)).map(|_| ()) } } /// Clear verification flags. /// /// This corresponds to [`X509_VERIFY_PARAM_clear_flags`]. /// /// [`X509_VERIFY_PARAM_clear_flags`]: https://www.openssl.org/docs/man1.0.2/crypto/X509_VERIFY_PARAM_clear_flags.html pub fn clear_flags(&mut self, flags: X509VerifyFlags) -> Result<(), ErrorStack> { unsafe { cvt(ffi::X509_VERIFY_PARAM_clear_flags( self.as_ptr(), flags.bits, )) .map(|_| ()) } } /// Gets verification flags. /// /// This corresponds to [`X509_VERIFY_PARAM_get_flags`]. /// /// [`X509_VERIFY_PARAM_get_flags`]: https://www.openssl.org/docs/man1.0.2/crypto/X509_VERIFY_PARAM_get_flags.html pub fn get_flags(&mut self) -> X509VerifyFlags { let bits = unsafe { ffi::X509_VERIFY_PARAM_get_flags(self.as_ptr()) }; X509VerifyFlags { bits } } /// Set the expected DNS hostname. /// /// This corresponds to [`X509_VERIFY_PARAM_set1_host`]. Loading
