Merge pull request #469 from sfackler/hostname

pub const X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: c_int = 53;

pub const X509_V_OK: c_int = 0;

#[cfg(not(ossl101))]

pub const X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT: c_uint = 0x1;

#[cfg(not(ossl101))]

pub const X509_CHECK_FLAG_NO_WILDCARDS: c_uint = 0x2;

#[cfg(not(ossl101))]

pub const X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS: c_uint = 0x4;

#[cfg(not(ossl101))]

pub const X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS: c_uint = 0x8;

#[cfg(not(ossl101))]

pub const X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS: c_uint = 0x10;

pub const GEN_OTHERNAME: c_int = 0;

pub const GEN_EMAIL: c_int = 1;

pub const GEN_DNS: c_int = 2;

                          verify_callback: Option<extern fn(c_int, *mut X509_STORE_CTX) -> c_int>);

    pub fn SSL_set_ex_data(ssl: *mut SSL, idx: c_int, data: *mut c_void) -> c_int;

    pub fn SSL_get_ex_data(ssl: *const SSL, idx: c_int) -> *mut c_void;

    pub fn SSL_get_servername(ssl: *const SSL, name_type: c_int) -> *const c_char;

    pub fn SSL_get_current_cipher(ssl: *const SSL) -> *const SSL_CIPHER;

    #[cfg(not(ossl101))]

    pub fn SSL_get0_param(ssl: *mut ::SSL) -> *mut X509_VERIFY_PARAM;

    pub fn SSL_COMP_get_name(comp: *const COMP_METHOD) -> *const c_char;

    pub fn SSL_get_current_cipher(ssl: *const SSL) -> *const SSL_CIPHER;

    pub fn SSL_CIPHER_get_name(cipher: *const SSL_CIPHER) -> *const c_char;

    pub fn SSL_CIPHER_get_bits(cipher: *const SSL_CIPHER, alg_bits: *mut c_int) -> c_int;

    pub fn SSL_CIPHER_description(cipher: *const SSL_CIPHER, buf: *mut c_char, size: c_int) -> *mut c_char;

    pub fn X509_REQ_add_extensions(req: *mut X509_REQ, exts: *mut stack_st_X509_EXTENSION) -> c_int;

    pub fn X509_REQ_sign(x: *mut X509_REQ, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> c_int;

    #[cfg(not(ossl101))]

    pub fn X509_VERIFY_PARAM_set_hostflags(param: *mut X509_VERIFY_PARAM, flags: c_uint);

    #[cfg(not(ossl101))]

    pub fn X509_VERIFY_PARAM_set1_host(param: *mut X509_VERIFY_PARAM,

                                       name: *const c_char,

                                       namelen: size_t) -> c_int;

    pub fn d2i_X509(a: *mut *mut X509, pp: *mut *const c_uchar, length: c_long) -> *mut X509;

    pub fn i2d_X509_bio(b: *mut BIO, x: *mut X509) -> c_int;

    pub fn i2d_X509_REQ_bio(b: *mut BIO, x: *mut X509_REQ) -> c_int;

use std::sync::{Once, ONCE_INIT};

use std::mem;

use libc::{c_int, c_char, c_void, c_long, c_uchar, size_t, c_uint, c_ulong};

use libc::{c_int, c_char, c_void, c_long, c_uchar, size_t, c_uint, c_ulong, time_t};

#[repr(C)]

pub struct stack_st_ASN1_OBJECT {

    pub stack: _STACK,

}

#[repr(C)]

pub struct stack_st_X509 {

    srp_Mask: c_ulong,

}

#[repr(C)]

#[cfg(not(ossl101))]

pub struct X509_VERIFY_PARAM {

    pub name: *mut c_char,

    pub check_time: time_t,

    pub inh_flags: c_ulong,

    pub flags: c_ulong,

    pub purpose: c_int,

    pub trust: c_int,

    pub depth: c_int,

    pub policies: *mut stack_st_ASN1_OBJECT,

    pub id: *mut X509_VERIFY_PARAM_ID,

}

#[cfg(not(ossl101))]

pub enum X509_VERIFY_PARAM_ID {}

pub const SSL_CTRL_OPTIONS: c_int = 32;

pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77;

#[cfg(ossl102)]

use libc::{c_int, c_void, c_char, c_uchar, c_ulong, c_long};

use libc::{c_int, c_void, c_char, c_uchar, c_ulong, c_long, c_uint};

pub enum stack_st_X509 {}

pub enum stack_st_X509_ATTRIBUTE {}

pub enum stack_st_X509_EXTENSION {}

pub enum stack_st_GENERAL_NAME {}

pub enum stack_st_void {}

pub enum _STACK {}

pub enum BIO_METHOD {}

pub enum RSA {}

pub enum DSA {}

pub enum EVP_PKEY {}

pub enum BIGNUM {}

pub enum BIO {}

pub enum BIO_METHOD {}

pub enum CRYPTO_EX_DATA {}

pub enum EVP_MD_CTX {}

pub enum DH {}

pub enum DSA {}

pub enum EVP_CIPHER {}

pub enum EVP_MD_CTX {}

pub enum EVP_PKEY {}

pub enum HMAC_CTX {}

pub enum BIGNUM {}

pub enum OPENSSL_STACK {}

pub enum DH {}

pub enum X509 {}

pub enum RSA {}

pub enum SSL_CTX {}

pub enum _STACK {}

pub enum stack_st_ASN1_OBJECT {}

pub enum stack_st_GENERAL_NAME {}

pub enum stack_st_OPENSSL_STRING {}

pub enum stack_st_void {}

pub enum stack_st_X509 {}

pub enum stack_st_X509_ATTRIBUTE {}

pub enum stack_st_X509_EXTENSION {}

pub enum X509 {}

pub enum X509_VERIFY_PARAM {}

pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_ulong =                   0x00000000;

pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_ulong =                  0x00000000;

pub const CRYPTO_EX_INDEX_SSL: c_int = 0;

pub const CRYPTO_EX_INDEX_SSL_CTX: c_int = 1;

pub const X509_CHECK_FLAG_NEVER_CHECK_SUBJECT: c_uint = 0x20;

pub fn init() {}

extern {

use init;

use dh::DH;

use x509::{X509StoreContext, X509FileType, X509, X509Ref};

#[cfg(feature = "openssl-102")]

use x509::verify::X509VerifyParamRef;

use crypto::pkey::PKey;

use error::ErrorStack;

            SslContextRef::from_ptr(ssl_ctx)

        }

    }

    /// Returns the X509 verification configuration.

    ///

    /// Requires the `openssl-102` feature.

    #[cfg(feature = "openssl-102")]

    pub fn param(&mut self) -> X509VerifyParamRef<'a> {

        unsafe {

            X509VerifyParamRef::from_ptr(ffi::SSL_get0_param(self.as_ptr()))

        }

    }

}

pub struct Ssl(SslRef<'static>);

use ssl::{SslMethod, HandshakeError};

use ssl::error::Error;

use ssl::{SslContext, SslStream};

#[cfg(feature = "openssl-102")]

use ssl::IntoSsl;

use x509::X509StoreContext;

use x509::X509FileType;

use x509::X509;

#[cfg(feature = "openssl-102")]

use x509::verify::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS;

use crypto::pkey::PKey;

use std::net::UdpSocket;

    let mut ctx = SslContext::new(SslMethod::Tls).unwrap();

    ctx.add_extra_chain_cert(&cert).unwrap();

}

#[test]

#[cfg_attr(windows, ignore)] // don't have a trusted CA list easily available :(

#[cfg(feature = "openssl-102")]

fn valid_hostname() {

    let mut ctx = SslContext::new(SslMethod::Tls).unwrap();

    ctx.set_default_verify_paths().unwrap();

    ctx.set_verify(SSL_VERIFY_PEER);

    let mut ssl = ctx.into_ssl().unwrap();

    ssl.param().set_hostflags(X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);

    ssl.param().set_host("google.com").unwrap();

    let s = TcpStream::connect("google.com:443").unwrap();

    let mut socket = SslStream::connect(ssl, s).unwrap();

    socket.write_all(b"GET / HTTP/1.0\r\n\r\n").unwrap();

    let mut result = vec![];

    socket.read_to_end(&mut result).unwrap();

    println!("{}", String::from_utf8_lossy(&result));

    assert!(result.starts_with(b"HTTP/1.0"));

    assert!(result.ends_with(b"</HTML>\r\n") || result.ends_with(b"</html>"));

}

#[test]

#[cfg_attr(windows, ignore)] // don't have a trusted CA list easily available :(

#[cfg(feature = "openssl-102")]

fn invalid_hostname() {

    let mut ctx = SslContext::new(SslMethod::Tls).unwrap();

    ctx.set_default_verify_paths().unwrap();

    ctx.set_verify(SSL_VERIFY_PEER);

    let mut ssl = ctx.into_ssl().unwrap();

    ssl.param().set_hostflags(X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);

    ssl.param().set_host("foobar.com").unwrap();

    let s = TcpStream::connect("google.com:443").unwrap();

    assert!(SslStream::connect(ssl, s).is_err());

}