Loading openssl/src/dh/mod.rs +4 −5 Original line number Diff line number Diff line Loading @@ -88,13 +88,12 @@ mod compat { mod tests { use super::DH; use bn::BigNum; use ssl::SslContext; use ssl::SslMethod::Tls; use ssl::{SslMethod, SslContext}; #[test] #[cfg(feature = "openssl-102")] fn test_dh_rfc5114() { let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); let dh1 = DH::get_1024_160().unwrap(); ctx.set_tmp_dh(&dh1).unwrap(); let dh2 = DH::get_2048_224().unwrap(); Loading @@ -105,7 +104,7 @@ mod tests { #[test] fn test_dh() { let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); let p = BigNum::from_hex_str("87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F25D2CEED4435\ E3B00E00DF8F1D61957D4FAF7DF4561B2AA3016C3D91134096FAA3BF429\ 6D830E9A7C209E0C6497517ABD5A8A9D306BCF67ED91F9E6725B4758C02\ Loading Loading @@ -135,7 +134,7 @@ mod tests { #[test] fn test_dh_from_pem() { let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); let params = include_bytes!("../../test/dhparams.pem"); let dh = DH::from_pem(params).ok().expect("Failed to load PEM"); ctx.set_tmp_dh(&dh).unwrap(); Loading openssl/src/ssl/mod.rs +45 −28 Original line number Diff line number Diff line Loading @@ -76,13 +76,29 @@ bitflags! { } } /// Determines the SSL method supported #[derive(Copy, Clone, Debug, Hash, PartialEq, Eq)] pub enum SslMethod { /// Support the TLS protocol Tls, /// Support DTLS protocol Dtls, #[derive(Copy, Clone)] pub struct SslMethod(*const ffi::SSL_METHOD); impl SslMethod { /// Support all versions of the TLS protocol. /// /// This corresponds to `TLS_method` on OpenSSL 1.1.0 and `SSLv23_method` /// on OpenSSL 1.0.x. pub fn tls() -> SslMethod { SslMethod(compat::tls_method()) } /// Support all versions of the DTLS protocol. /// /// This corresponds to `DTLS_method` on OpenSSL 1.1.0 and `DTLSv1_method` /// on OpenSSL 1.0.x. pub fn dtls() -> SslMethod { SslMethod(compat::dtls_method()) } pub fn as_ptr(&self) -> *const ffi::SSL_METHOD { self.0 } } /// Determines the type of certificate verification used Loading Loading @@ -653,15 +669,10 @@ impl SslContext { init(); let mut ctx = unsafe { let method = compat::get_method(method); let ctx = try_ssl_null!(ffi::SSL_CTX_new(method)); let ctx = try_ssl_null!(ffi::SSL_CTX_new(method.as_ptr())); SslContext::from_ptr(ctx) }; match method { SslMethod::Dtls => ctx.set_read_ahead(1), _ => {} } // this is a bit dubious (?) try!(ctx.set_mode(ffi::SSL_MODE_AUTO_RETRY | ffi::SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)); Loading Loading @@ -1374,8 +1385,6 @@ mod compat { pub use ffi::{SSL_CTX_get_options, SSL_CTX_set_options}; pub use ffi::{SSL_CTX_clear_options, SSL_CTX_up_ref}; use super::SslMethod; pub unsafe fn get_new_idx(f: ffi::CRYPTO_EX_free) -> c_int { ffi::CRYPTO_get_ex_new_index(ffi::CRYPTO_EX_INDEX_SSL_CTX, 0, Loading @@ -1394,10 +1403,15 @@ mod compat { Some(f)) } pub unsafe fn get_method(method: SslMethod) -> *const ffi::SSL_METHOD { match method { SslMethod::Tls => ffi::TLS_method(), SslMethod::Dtls => ffi::DTLS_method(), pub fn tls_method() -> *const ffi::SSL_METHOD { unsafe { ffi::TLS_method() } } pub fn dtls_method() -> *const ffi::SSL_METHOD { unsafe { ffi::DTLS_method() } } } Loading @@ -1410,8 +1424,6 @@ mod compat { use ffi; use libc::{self, c_long, c_ulong, c_int}; use super::SslMethod; pub unsafe fn SSL_CTX_get_options(ctx: *const ffi::SSL_CTX) -> c_ulong { ffi::SSL_CTX_ctrl(ctx as *mut _, ffi::SSL_CTRL_OPTIONS, Loading Loading @@ -1451,13 +1463,6 @@ mod compat { Some(f)) } pub unsafe fn get_method(method: SslMethod) -> *const ffi::SSL_METHOD { match method { SslMethod::Tls => ffi::SSLv23_method(), SslMethod::Dtls => ffi::DTLSv1_method(), } } pub unsafe fn SSL_CTX_up_ref(ssl: *mut ffi::SSL_CTX) -> libc::c_int { ffi::CRYPTO_add_lock(&mut (*ssl).references, 1, Loading @@ -1466,4 +1471,16 @@ mod compat { line!() as libc::c_int); 0 } pub fn tls_method() -> *const ffi::SSL_METHOD { unsafe { ffi::SSLv23_method() } } pub fn dtls_method() -> *const ffi::SSL_METHOD { unsafe { ffi::DTLSv1_method() } } } openssl/src/ssl/tests/mod.rs +39 −44 Original line number Diff line number Diff line Loading @@ -17,7 +17,6 @@ use tempdir::TempDir; use crypto::hash::MessageDigest; use ssl; use ssl::SSL_VERIFY_PEER; use ssl::SslMethod::Tls; use ssl::{SslMethod, HandshakeError}; use ssl::error::Error; use ssl::{SslContext, SslStream}; Loading @@ -31,7 +30,6 @@ use x509::verify::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS; use crypto::pkey::PKey; use std::net::UdpSocket; use ssl::SslMethod::Dtls; mod select; Loading Loading @@ -179,14 +177,14 @@ macro_rules! run_test( #[test] fn sslv23() { let (_s, stream) = Server::new(); $blk(SslMethod::Tls, stream); $blk(SslMethod::tls(), stream); } #[test] #[cfg_attr(any(windows, target_arch = "arm"), ignore)] // FIXME(#467) fn dtlsv1() { let (_s, stream) = Server::new_dtlsv1(Some("hello")); $blk(SslMethod::Dtls, stream); $blk(SslMethod::dtls(), stream); } } ); Loading Loading @@ -364,7 +362,7 @@ fn test_write_hits_stream() { let addr = listener.local_addr().unwrap(); let guard = thread::spawn(move || { let ctx = SslContext::new(Tls).unwrap(); let ctx = SslContext::new(SslMethod::tls()).unwrap(); let stream = TcpStream::connect(addr).unwrap(); let mut stream = SslStream::connect(&ctx, stream).unwrap(); Loading @@ -372,7 +370,7 @@ fn test_write_hits_stream() { stream }); let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM).unwrap(); ctx.set_private_key_file(&Path::new("test/key.pem"), X509FileType::PEM).unwrap(); Loading @@ -392,7 +390,7 @@ fn test_set_certificate_and_private_key() { let cert = include_bytes!("../../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_private_key(&key).unwrap(); ctx.set_certificate(&cert).unwrap(); Loading Loading @@ -420,7 +418,7 @@ run_test!(clear_ctx_options, |method, _| { #[test] fn test_write() { let (_s, stream) = Server::new(); let mut stream = SslStream::connect(&SslContext::new(Tls).unwrap(), stream).unwrap(); let mut stream = SslStream::connect(&SslContext::new(SslMethod::tls()).unwrap(), stream).unwrap(); stream.write_all("hello".as_bytes()).unwrap(); stream.flush().unwrap(); stream.write_all(" there".as_bytes()).unwrap(); Loading @@ -430,7 +428,7 @@ fn test_write() { #[test] fn test_write_direct() { let (_s, stream) = Server::new(); let mut stream = SslStream::connect(&SslContext::new(Tls).unwrap(), stream).unwrap(); let mut stream = SslStream::connect(&SslContext::new(SslMethod::tls()).unwrap(), stream).unwrap(); stream.write_all("hello".as_bytes()).unwrap(); stream.flush().unwrap(); stream.write_all(" there".as_bytes()).unwrap(); Loading @@ -451,7 +449,7 @@ run_test!(get_peer_certificate, |method, stream| { fn test_write_dtlsv1() { let (_s, stream) = Server::new_dtlsv1(iter::repeat("y\n")); let mut stream = SslStream::connect(&SslContext::new(Dtls).unwrap(), stream).unwrap(); let mut stream = SslStream::connect(&SslContext::new(SslMethod::dtls()).unwrap(), stream).unwrap(); stream.write_all(b"hello").unwrap(); stream.flush().unwrap(); stream.write_all(b" there").unwrap(); Loading @@ -461,7 +459,7 @@ fn test_write_dtlsv1() { #[test] fn test_read() { let (_s, tcp) = Server::new(); let mut stream = SslStream::connect(&SslContext::new(Tls).unwrap(), tcp).unwrap(); let mut stream = SslStream::connect(&SslContext::new(SslMethod::tls()).unwrap(), tcp).unwrap(); stream.write_all("GET /\r\n\r\n".as_bytes()).unwrap(); stream.flush().unwrap(); io::copy(&mut stream, &mut io::sink()).ok().expect("read error"); Loading @@ -470,7 +468,7 @@ fn test_read() { #[test] fn test_read_direct() { let (_s, tcp) = Server::new(); let mut stream = SslStream::connect(&SslContext::new(Tls).unwrap(), tcp).unwrap(); let mut stream = SslStream::connect(&SslContext::new(SslMethod::tls()).unwrap(), tcp).unwrap(); stream.write_all("GET /\r\n\r\n".as_bytes()).unwrap(); stream.flush().unwrap(); io::copy(&mut stream, &mut io::sink()).ok().expect("read error"); Loading @@ -479,7 +477,7 @@ fn test_read_direct() { #[test] fn test_pending() { let (_s, tcp) = Server::new(); let mut stream = SslStream::connect(&SslContext::new(Tls).unwrap(), tcp).unwrap(); let mut stream = SslStream::connect(&SslContext::new(SslMethod::tls()).unwrap(), tcp).unwrap(); stream.write_all("GET /\r\n\r\n".as_bytes()).unwrap(); stream.flush().unwrap(); Loading @@ -502,7 +500,7 @@ fn test_pending() { #[test] fn test_state() { let (_s, tcp) = Server::new(); let stream = SslStream::connect(&SslContext::new(Tls).unwrap(), tcp).unwrap(); let stream = SslStream::connect(&SslContext::new(SslMethod::tls()).unwrap(), tcp).unwrap(); assert_eq!(stream.ssl().state_string(), "SSLOK "); assert_eq!(stream.ssl().state_string_long(), "SSL negotiation finished successfully"); Loading @@ -514,7 +512,7 @@ fn test_state() { #[cfg(feature = "openssl-102")] fn test_connect_with_unilateral_alpn() { let (_s, stream) = Server::new(); let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); ctx.set_alpn_protocols(&[b"http/1.1", b"spdy/3.1"]); match ctx.set_CA_file(&Path::new("test/root-ca.pem")) { Loading @@ -535,7 +533,7 @@ fn test_connect_with_unilateral_alpn() { #[test] fn test_connect_with_unilateral_npn() { let (_s, stream) = Server::new(); let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); ctx.set_npn_protocols(&[b"http/1.1", b"spdy/3.1"]); match ctx.set_CA_file(&Path::new("test/root-ca.pem")) { Loading @@ -557,7 +555,7 @@ fn test_connect_with_unilateral_npn() { #[cfg(feature = "openssl-102")] fn test_connect_with_alpn_successful_multiple_matching() { let (_s, stream) = Server::new_alpn(); let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); ctx.set_alpn_protocols(&[b"spdy/3.1", b"http/1.1"]); match ctx.set_CA_file(&Path::new("test/root-ca.pem")) { Loading @@ -579,7 +577,7 @@ fn test_connect_with_alpn_successful_multiple_matching() { #[cfg(feature = "openssl-102")] fn test_connect_with_npn_successful_multiple_matching() { let (_s, stream) = Server::new_alpn(); let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); ctx.set_npn_protocols(&[b"spdy/3.1", b"http/1.1"]); match ctx.set_CA_file(&Path::new("test/root-ca.pem")) { Loading @@ -602,7 +600,7 @@ fn test_connect_with_npn_successful_multiple_matching() { #[cfg(feature = "openssl-102")] fn test_connect_with_alpn_successful_single_match() { let (_s, stream) = Server::new_alpn(); let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); ctx.set_alpn_protocols(&[b"spdy/3.1"]); match ctx.set_CA_file(&Path::new("test/root-ca.pem")) { Loading @@ -626,7 +624,7 @@ fn test_connect_with_alpn_successful_single_match() { #[cfg(feature = "openssl-102")] fn test_connect_with_npn_successful_single_match() { let (_s, stream) = Server::new_alpn(); let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); ctx.set_npn_protocols(&[b"spdy/3.1"]); match ctx.set_CA_file(&Path::new("test/root-ca.pem")) { Loading @@ -650,7 +648,7 @@ fn test_npn_server_advertise_multiple() { let localhost = listener.local_addr().unwrap(); // We create a different context instance for the server... let listener_ctx = { let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); ctx.set_npn_protocols(&[b"http/1.1", b"spdy/3.1"]); assert!(ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM) Loading @@ -665,7 +663,7 @@ fn test_npn_server_advertise_multiple() { let _ = SslStream::accept(&listener_ctx, stream).unwrap(); }); let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); ctx.set_npn_protocols(&[b"spdy/3.1"]); match ctx.set_CA_file(&Path::new("test/root-ca.pem")) { Loading @@ -691,7 +689,7 @@ fn test_alpn_server_advertise_multiple() { let localhost = listener.local_addr().unwrap(); // We create a different context instance for the server... let listener_ctx = { let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); ctx.set_alpn_protocols(&[b"http/1.1", b"spdy/3.1"]); assert!(ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM) Loading @@ -706,7 +704,7 @@ fn test_alpn_server_advertise_multiple() { let _ = SslStream::accept(&listener_ctx, stream).unwrap(); }); let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); ctx.set_alpn_protocols(&[b"spdy/3.1"]); match ctx.set_CA_file(&Path::new("test/root-ca.pem")) { Loading @@ -732,7 +730,7 @@ fn test_alpn_server_select_none() { let localhost = listener.local_addr().unwrap(); // We create a different context instance for the server... let listener_ctx = { let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); ctx.set_alpn_protocols(&[b"http/1.1", b"spdy/3.1"]); assert!(ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM) Loading @@ -747,7 +745,7 @@ fn test_alpn_server_select_none() { let _ = SslStream::accept(&listener_ctx, stream).unwrap(); }); let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); ctx.set_alpn_protocols(&[b"http/2"]); ctx.set_CA_file(&Path::new("test/root-ca.pem")).unwrap(); Loading @@ -767,7 +765,7 @@ fn test_alpn_server_select_none() { let localhost = listener.local_addr().unwrap(); // We create a different context instance for the server... let listener_ctx = { let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); ctx.set_alpn_protocols(&[b"http/1.1", b"spdy/3.1"]); assert!(ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM) Loading @@ -782,7 +780,7 @@ fn test_alpn_server_select_none() { assert!(SslStream::accept(&listener_ctx, stream).is_err()); }); let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); ctx.set_alpn_protocols(&[b"http/2"]); ctx.set_CA_file(&Path::new("test/root-ca.pem")).unwrap(); Loading @@ -799,16 +797,13 @@ mod dtlsv1 { use crypto::hash::MessageDigest; use ssl::SslMethod; use ssl::SslMethod::Dtls; use ssl::{SslContext, SslStream}; use ssl::SSL_VERIFY_PEER; use x509::X509StoreContext; const PROTOCOL: SslMethod = Dtls; #[test] fn test_new_ctx() { SslContext::new(PROTOCOL).unwrap(); SslContext::new(SslMethod::dtls()).unwrap(); } } Loading @@ -817,7 +812,7 @@ mod dtlsv1 { fn test_read_dtlsv1() { let (_s, stream) = Server::new_dtlsv1(Some("hello")); let mut stream = SslStream::connect(&SslContext::new(Dtls).unwrap(), stream).unwrap(); let mut stream = SslStream::connect(&SslContext::new(SslMethod::dtls()).unwrap(), stream).unwrap(); let mut buf = [0u8; 100]; assert!(stream.read(&mut buf).is_ok()); } Loading Loading @@ -857,7 +852,7 @@ fn handshake(res: Result<SslStream<TcpStream>, HandshakeError<TcpStream>>) fn test_write_nonblocking() { let (_s, stream) = Server::new(); stream.set_nonblocking(true).unwrap(); let cx = SslContext::new(Tls).unwrap(); let cx = SslContext::new(SslMethod::tls()).unwrap(); let mut stream = handshake(SslStream::connect(&cx, stream)); let mut iterations = 0; Loading Loading @@ -895,7 +890,7 @@ fn test_write_nonblocking() { fn test_read_nonblocking() { let (_s, stream) = Server::new(); stream.set_nonblocking(true).unwrap(); let cx = SslContext::new(Tls).unwrap(); let cx = SslContext::new(SslMethod::tls()).unwrap(); let mut stream = handshake(SslStream::connect(&cx, stream)); let mut iterations = 0; Loading Loading @@ -969,7 +964,7 @@ fn write_panic() { let (_s, stream) = Server::new(); let stream = ExplodingStream(stream); let ctx = SslContext::new(SslMethod::Tls).unwrap(); let ctx = SslContext::new(SslMethod::tls()).unwrap(); let _ = SslStream::connect(&ctx, stream); } Loading Loading @@ -997,7 +992,7 @@ fn read_panic() { let (_s, stream) = Server::new(); let stream = ExplodingStream(stream); let ctx = SslContext::new(SslMethod::Tls).unwrap(); let ctx = SslContext::new(SslMethod::tls()).unwrap(); let _ = SslStream::connect(&ctx, stream); } Loading Loading @@ -1025,7 +1020,7 @@ fn flush_panic() { let (_s, stream) = Server::new(); let stream = ExplodingStream(stream); let ctx = SslContext::new(SslMethod::Tls).unwrap(); let ctx = SslContext::new(SslMethod::tls()).unwrap(); let mut stream = SslStream::connect(&ctx, stream).ok().unwrap(); let _ = stream.flush(); } Loading @@ -1033,12 +1028,12 @@ fn flush_panic() { #[test] fn refcount_ssl_context() { let mut ssl = { let ctx = SslContext::new(SslMethod::Tls).unwrap(); let ctx = SslContext::new(SslMethod::tls()).unwrap(); ssl::Ssl::new(&ctx).unwrap() }; { let new_ctx_a = SslContext::new(SslMethod::Tls).unwrap(); let new_ctx_a = SslContext::new(SslMethod::tls()).unwrap(); let _new_ctx_b = ssl.set_ssl_context(&new_ctx_a); } } Loading @@ -1046,7 +1041,7 @@ fn refcount_ssl_context() { #[test] #[cfg_attr(windows, ignore)] // don't have a trusted CA list easily available :( fn default_verify_paths() { let mut ctx = SslContext::new(SslMethod::Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_default_verify_paths().unwrap(); ctx.set_verify(SSL_VERIFY_PEER); let s = TcpStream::connect("google.com:443").unwrap(); Loading @@ -1065,7 +1060,7 @@ fn default_verify_paths() { fn add_extra_chain_cert() { let cert = include_bytes!("../../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); let mut ctx = SslContext::new(SslMethod::Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.add_extra_chain_cert(&cert).unwrap(); } Loading @@ -1073,7 +1068,7 @@ fn add_extra_chain_cert() { #[cfg_attr(windows, ignore)] // don't have a trusted CA list easily available :( #[cfg(feature = "openssl-102")] fn valid_hostname() { let mut ctx = SslContext::new(SslMethod::Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_default_verify_paths().unwrap(); ctx.set_verify(SSL_VERIFY_PEER); Loading @@ -1097,7 +1092,7 @@ fn valid_hostname() { #[cfg_attr(windows, ignore)] // don't have a trusted CA list easily available :( #[cfg(feature = "openssl-102")] fn invalid_hostname() { let mut ctx = SslContext::new(SslMethod::Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_default_verify_paths().unwrap(); ctx.set_verify(SSL_VERIFY_PEER); Loading Loading
openssl/src/dh/mod.rs +4 −5 Original line number Diff line number Diff line Loading @@ -88,13 +88,12 @@ mod compat { mod tests { use super::DH; use bn::BigNum; use ssl::SslContext; use ssl::SslMethod::Tls; use ssl::{SslMethod, SslContext}; #[test] #[cfg(feature = "openssl-102")] fn test_dh_rfc5114() { let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); let dh1 = DH::get_1024_160().unwrap(); ctx.set_tmp_dh(&dh1).unwrap(); let dh2 = DH::get_2048_224().unwrap(); Loading @@ -105,7 +104,7 @@ mod tests { #[test] fn test_dh() { let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); let p = BigNum::from_hex_str("87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F25D2CEED4435\ E3B00E00DF8F1D61957D4FAF7DF4561B2AA3016C3D91134096FAA3BF429\ 6D830E9A7C209E0C6497517ABD5A8A9D306BCF67ED91F9E6725B4758C02\ Loading Loading @@ -135,7 +134,7 @@ mod tests { #[test] fn test_dh_from_pem() { let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); let params = include_bytes!("../../test/dhparams.pem"); let dh = DH::from_pem(params).ok().expect("Failed to load PEM"); ctx.set_tmp_dh(&dh).unwrap(); Loading
openssl/src/ssl/mod.rs +45 −28 Original line number Diff line number Diff line Loading @@ -76,13 +76,29 @@ bitflags! { } } /// Determines the SSL method supported #[derive(Copy, Clone, Debug, Hash, PartialEq, Eq)] pub enum SslMethod { /// Support the TLS protocol Tls, /// Support DTLS protocol Dtls, #[derive(Copy, Clone)] pub struct SslMethod(*const ffi::SSL_METHOD); impl SslMethod { /// Support all versions of the TLS protocol. /// /// This corresponds to `TLS_method` on OpenSSL 1.1.0 and `SSLv23_method` /// on OpenSSL 1.0.x. pub fn tls() -> SslMethod { SslMethod(compat::tls_method()) } /// Support all versions of the DTLS protocol. /// /// This corresponds to `DTLS_method` on OpenSSL 1.1.0 and `DTLSv1_method` /// on OpenSSL 1.0.x. pub fn dtls() -> SslMethod { SslMethod(compat::dtls_method()) } pub fn as_ptr(&self) -> *const ffi::SSL_METHOD { self.0 } } /// Determines the type of certificate verification used Loading Loading @@ -653,15 +669,10 @@ impl SslContext { init(); let mut ctx = unsafe { let method = compat::get_method(method); let ctx = try_ssl_null!(ffi::SSL_CTX_new(method)); let ctx = try_ssl_null!(ffi::SSL_CTX_new(method.as_ptr())); SslContext::from_ptr(ctx) }; match method { SslMethod::Dtls => ctx.set_read_ahead(1), _ => {} } // this is a bit dubious (?) try!(ctx.set_mode(ffi::SSL_MODE_AUTO_RETRY | ffi::SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)); Loading Loading @@ -1374,8 +1385,6 @@ mod compat { pub use ffi::{SSL_CTX_get_options, SSL_CTX_set_options}; pub use ffi::{SSL_CTX_clear_options, SSL_CTX_up_ref}; use super::SslMethod; pub unsafe fn get_new_idx(f: ffi::CRYPTO_EX_free) -> c_int { ffi::CRYPTO_get_ex_new_index(ffi::CRYPTO_EX_INDEX_SSL_CTX, 0, Loading @@ -1394,10 +1403,15 @@ mod compat { Some(f)) } pub unsafe fn get_method(method: SslMethod) -> *const ffi::SSL_METHOD { match method { SslMethod::Tls => ffi::TLS_method(), SslMethod::Dtls => ffi::DTLS_method(), pub fn tls_method() -> *const ffi::SSL_METHOD { unsafe { ffi::TLS_method() } } pub fn dtls_method() -> *const ffi::SSL_METHOD { unsafe { ffi::DTLS_method() } } } Loading @@ -1410,8 +1424,6 @@ mod compat { use ffi; use libc::{self, c_long, c_ulong, c_int}; use super::SslMethod; pub unsafe fn SSL_CTX_get_options(ctx: *const ffi::SSL_CTX) -> c_ulong { ffi::SSL_CTX_ctrl(ctx as *mut _, ffi::SSL_CTRL_OPTIONS, Loading Loading @@ -1451,13 +1463,6 @@ mod compat { Some(f)) } pub unsafe fn get_method(method: SslMethod) -> *const ffi::SSL_METHOD { match method { SslMethod::Tls => ffi::SSLv23_method(), SslMethod::Dtls => ffi::DTLSv1_method(), } } pub unsafe fn SSL_CTX_up_ref(ssl: *mut ffi::SSL_CTX) -> libc::c_int { ffi::CRYPTO_add_lock(&mut (*ssl).references, 1, Loading @@ -1466,4 +1471,16 @@ mod compat { line!() as libc::c_int); 0 } pub fn tls_method() -> *const ffi::SSL_METHOD { unsafe { ffi::SSLv23_method() } } pub fn dtls_method() -> *const ffi::SSL_METHOD { unsafe { ffi::DTLSv1_method() } } }
openssl/src/ssl/tests/mod.rs +39 −44 Original line number Diff line number Diff line Loading @@ -17,7 +17,6 @@ use tempdir::TempDir; use crypto::hash::MessageDigest; use ssl; use ssl::SSL_VERIFY_PEER; use ssl::SslMethod::Tls; use ssl::{SslMethod, HandshakeError}; use ssl::error::Error; use ssl::{SslContext, SslStream}; Loading @@ -31,7 +30,6 @@ use x509::verify::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS; use crypto::pkey::PKey; use std::net::UdpSocket; use ssl::SslMethod::Dtls; mod select; Loading Loading @@ -179,14 +177,14 @@ macro_rules! run_test( #[test] fn sslv23() { let (_s, stream) = Server::new(); $blk(SslMethod::Tls, stream); $blk(SslMethod::tls(), stream); } #[test] #[cfg_attr(any(windows, target_arch = "arm"), ignore)] // FIXME(#467) fn dtlsv1() { let (_s, stream) = Server::new_dtlsv1(Some("hello")); $blk(SslMethod::Dtls, stream); $blk(SslMethod::dtls(), stream); } } ); Loading Loading @@ -364,7 +362,7 @@ fn test_write_hits_stream() { let addr = listener.local_addr().unwrap(); let guard = thread::spawn(move || { let ctx = SslContext::new(Tls).unwrap(); let ctx = SslContext::new(SslMethod::tls()).unwrap(); let stream = TcpStream::connect(addr).unwrap(); let mut stream = SslStream::connect(&ctx, stream).unwrap(); Loading @@ -372,7 +370,7 @@ fn test_write_hits_stream() { stream }); let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM).unwrap(); ctx.set_private_key_file(&Path::new("test/key.pem"), X509FileType::PEM).unwrap(); Loading @@ -392,7 +390,7 @@ fn test_set_certificate_and_private_key() { let cert = include_bytes!("../../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_private_key(&key).unwrap(); ctx.set_certificate(&cert).unwrap(); Loading Loading @@ -420,7 +418,7 @@ run_test!(clear_ctx_options, |method, _| { #[test] fn test_write() { let (_s, stream) = Server::new(); let mut stream = SslStream::connect(&SslContext::new(Tls).unwrap(), stream).unwrap(); let mut stream = SslStream::connect(&SslContext::new(SslMethod::tls()).unwrap(), stream).unwrap(); stream.write_all("hello".as_bytes()).unwrap(); stream.flush().unwrap(); stream.write_all(" there".as_bytes()).unwrap(); Loading @@ -430,7 +428,7 @@ fn test_write() { #[test] fn test_write_direct() { let (_s, stream) = Server::new(); let mut stream = SslStream::connect(&SslContext::new(Tls).unwrap(), stream).unwrap(); let mut stream = SslStream::connect(&SslContext::new(SslMethod::tls()).unwrap(), stream).unwrap(); stream.write_all("hello".as_bytes()).unwrap(); stream.flush().unwrap(); stream.write_all(" there".as_bytes()).unwrap(); Loading @@ -451,7 +449,7 @@ run_test!(get_peer_certificate, |method, stream| { fn test_write_dtlsv1() { let (_s, stream) = Server::new_dtlsv1(iter::repeat("y\n")); let mut stream = SslStream::connect(&SslContext::new(Dtls).unwrap(), stream).unwrap(); let mut stream = SslStream::connect(&SslContext::new(SslMethod::dtls()).unwrap(), stream).unwrap(); stream.write_all(b"hello").unwrap(); stream.flush().unwrap(); stream.write_all(b" there").unwrap(); Loading @@ -461,7 +459,7 @@ fn test_write_dtlsv1() { #[test] fn test_read() { let (_s, tcp) = Server::new(); let mut stream = SslStream::connect(&SslContext::new(Tls).unwrap(), tcp).unwrap(); let mut stream = SslStream::connect(&SslContext::new(SslMethod::tls()).unwrap(), tcp).unwrap(); stream.write_all("GET /\r\n\r\n".as_bytes()).unwrap(); stream.flush().unwrap(); io::copy(&mut stream, &mut io::sink()).ok().expect("read error"); Loading @@ -470,7 +468,7 @@ fn test_read() { #[test] fn test_read_direct() { let (_s, tcp) = Server::new(); let mut stream = SslStream::connect(&SslContext::new(Tls).unwrap(), tcp).unwrap(); let mut stream = SslStream::connect(&SslContext::new(SslMethod::tls()).unwrap(), tcp).unwrap(); stream.write_all("GET /\r\n\r\n".as_bytes()).unwrap(); stream.flush().unwrap(); io::copy(&mut stream, &mut io::sink()).ok().expect("read error"); Loading @@ -479,7 +477,7 @@ fn test_read_direct() { #[test] fn test_pending() { let (_s, tcp) = Server::new(); let mut stream = SslStream::connect(&SslContext::new(Tls).unwrap(), tcp).unwrap(); let mut stream = SslStream::connect(&SslContext::new(SslMethod::tls()).unwrap(), tcp).unwrap(); stream.write_all("GET /\r\n\r\n".as_bytes()).unwrap(); stream.flush().unwrap(); Loading @@ -502,7 +500,7 @@ fn test_pending() { #[test] fn test_state() { let (_s, tcp) = Server::new(); let stream = SslStream::connect(&SslContext::new(Tls).unwrap(), tcp).unwrap(); let stream = SslStream::connect(&SslContext::new(SslMethod::tls()).unwrap(), tcp).unwrap(); assert_eq!(stream.ssl().state_string(), "SSLOK "); assert_eq!(stream.ssl().state_string_long(), "SSL negotiation finished successfully"); Loading @@ -514,7 +512,7 @@ fn test_state() { #[cfg(feature = "openssl-102")] fn test_connect_with_unilateral_alpn() { let (_s, stream) = Server::new(); let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); ctx.set_alpn_protocols(&[b"http/1.1", b"spdy/3.1"]); match ctx.set_CA_file(&Path::new("test/root-ca.pem")) { Loading @@ -535,7 +533,7 @@ fn test_connect_with_unilateral_alpn() { #[test] fn test_connect_with_unilateral_npn() { let (_s, stream) = Server::new(); let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); ctx.set_npn_protocols(&[b"http/1.1", b"spdy/3.1"]); match ctx.set_CA_file(&Path::new("test/root-ca.pem")) { Loading @@ -557,7 +555,7 @@ fn test_connect_with_unilateral_npn() { #[cfg(feature = "openssl-102")] fn test_connect_with_alpn_successful_multiple_matching() { let (_s, stream) = Server::new_alpn(); let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); ctx.set_alpn_protocols(&[b"spdy/3.1", b"http/1.1"]); match ctx.set_CA_file(&Path::new("test/root-ca.pem")) { Loading @@ -579,7 +577,7 @@ fn test_connect_with_alpn_successful_multiple_matching() { #[cfg(feature = "openssl-102")] fn test_connect_with_npn_successful_multiple_matching() { let (_s, stream) = Server::new_alpn(); let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); ctx.set_npn_protocols(&[b"spdy/3.1", b"http/1.1"]); match ctx.set_CA_file(&Path::new("test/root-ca.pem")) { Loading @@ -602,7 +600,7 @@ fn test_connect_with_npn_successful_multiple_matching() { #[cfg(feature = "openssl-102")] fn test_connect_with_alpn_successful_single_match() { let (_s, stream) = Server::new_alpn(); let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); ctx.set_alpn_protocols(&[b"spdy/3.1"]); match ctx.set_CA_file(&Path::new("test/root-ca.pem")) { Loading @@ -626,7 +624,7 @@ fn test_connect_with_alpn_successful_single_match() { #[cfg(feature = "openssl-102")] fn test_connect_with_npn_successful_single_match() { let (_s, stream) = Server::new_alpn(); let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); ctx.set_npn_protocols(&[b"spdy/3.1"]); match ctx.set_CA_file(&Path::new("test/root-ca.pem")) { Loading @@ -650,7 +648,7 @@ fn test_npn_server_advertise_multiple() { let localhost = listener.local_addr().unwrap(); // We create a different context instance for the server... let listener_ctx = { let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); ctx.set_npn_protocols(&[b"http/1.1", b"spdy/3.1"]); assert!(ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM) Loading @@ -665,7 +663,7 @@ fn test_npn_server_advertise_multiple() { let _ = SslStream::accept(&listener_ctx, stream).unwrap(); }); let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); ctx.set_npn_protocols(&[b"spdy/3.1"]); match ctx.set_CA_file(&Path::new("test/root-ca.pem")) { Loading @@ -691,7 +689,7 @@ fn test_alpn_server_advertise_multiple() { let localhost = listener.local_addr().unwrap(); // We create a different context instance for the server... let listener_ctx = { let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); ctx.set_alpn_protocols(&[b"http/1.1", b"spdy/3.1"]); assert!(ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM) Loading @@ -706,7 +704,7 @@ fn test_alpn_server_advertise_multiple() { let _ = SslStream::accept(&listener_ctx, stream).unwrap(); }); let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); ctx.set_alpn_protocols(&[b"spdy/3.1"]); match ctx.set_CA_file(&Path::new("test/root-ca.pem")) { Loading @@ -732,7 +730,7 @@ fn test_alpn_server_select_none() { let localhost = listener.local_addr().unwrap(); // We create a different context instance for the server... let listener_ctx = { let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); ctx.set_alpn_protocols(&[b"http/1.1", b"spdy/3.1"]); assert!(ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM) Loading @@ -747,7 +745,7 @@ fn test_alpn_server_select_none() { let _ = SslStream::accept(&listener_ctx, stream).unwrap(); }); let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); ctx.set_alpn_protocols(&[b"http/2"]); ctx.set_CA_file(&Path::new("test/root-ca.pem")).unwrap(); Loading @@ -767,7 +765,7 @@ fn test_alpn_server_select_none() { let localhost = listener.local_addr().unwrap(); // We create a different context instance for the server... let listener_ctx = { let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); ctx.set_alpn_protocols(&[b"http/1.1", b"spdy/3.1"]); assert!(ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM) Loading @@ -782,7 +780,7 @@ fn test_alpn_server_select_none() { assert!(SslStream::accept(&listener_ctx, stream).is_err()); }); let mut ctx = SslContext::new(Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); ctx.set_alpn_protocols(&[b"http/2"]); ctx.set_CA_file(&Path::new("test/root-ca.pem")).unwrap(); Loading @@ -799,16 +797,13 @@ mod dtlsv1 { use crypto::hash::MessageDigest; use ssl::SslMethod; use ssl::SslMethod::Dtls; use ssl::{SslContext, SslStream}; use ssl::SSL_VERIFY_PEER; use x509::X509StoreContext; const PROTOCOL: SslMethod = Dtls; #[test] fn test_new_ctx() { SslContext::new(PROTOCOL).unwrap(); SslContext::new(SslMethod::dtls()).unwrap(); } } Loading @@ -817,7 +812,7 @@ mod dtlsv1 { fn test_read_dtlsv1() { let (_s, stream) = Server::new_dtlsv1(Some("hello")); let mut stream = SslStream::connect(&SslContext::new(Dtls).unwrap(), stream).unwrap(); let mut stream = SslStream::connect(&SslContext::new(SslMethod::dtls()).unwrap(), stream).unwrap(); let mut buf = [0u8; 100]; assert!(stream.read(&mut buf).is_ok()); } Loading Loading @@ -857,7 +852,7 @@ fn handshake(res: Result<SslStream<TcpStream>, HandshakeError<TcpStream>>) fn test_write_nonblocking() { let (_s, stream) = Server::new(); stream.set_nonblocking(true).unwrap(); let cx = SslContext::new(Tls).unwrap(); let cx = SslContext::new(SslMethod::tls()).unwrap(); let mut stream = handshake(SslStream::connect(&cx, stream)); let mut iterations = 0; Loading Loading @@ -895,7 +890,7 @@ fn test_write_nonblocking() { fn test_read_nonblocking() { let (_s, stream) = Server::new(); stream.set_nonblocking(true).unwrap(); let cx = SslContext::new(Tls).unwrap(); let cx = SslContext::new(SslMethod::tls()).unwrap(); let mut stream = handshake(SslStream::connect(&cx, stream)); let mut iterations = 0; Loading Loading @@ -969,7 +964,7 @@ fn write_panic() { let (_s, stream) = Server::new(); let stream = ExplodingStream(stream); let ctx = SslContext::new(SslMethod::Tls).unwrap(); let ctx = SslContext::new(SslMethod::tls()).unwrap(); let _ = SslStream::connect(&ctx, stream); } Loading Loading @@ -997,7 +992,7 @@ fn read_panic() { let (_s, stream) = Server::new(); let stream = ExplodingStream(stream); let ctx = SslContext::new(SslMethod::Tls).unwrap(); let ctx = SslContext::new(SslMethod::tls()).unwrap(); let _ = SslStream::connect(&ctx, stream); } Loading Loading @@ -1025,7 +1020,7 @@ fn flush_panic() { let (_s, stream) = Server::new(); let stream = ExplodingStream(stream); let ctx = SslContext::new(SslMethod::Tls).unwrap(); let ctx = SslContext::new(SslMethod::tls()).unwrap(); let mut stream = SslStream::connect(&ctx, stream).ok().unwrap(); let _ = stream.flush(); } Loading @@ -1033,12 +1028,12 @@ fn flush_panic() { #[test] fn refcount_ssl_context() { let mut ssl = { let ctx = SslContext::new(SslMethod::Tls).unwrap(); let ctx = SslContext::new(SslMethod::tls()).unwrap(); ssl::Ssl::new(&ctx).unwrap() }; { let new_ctx_a = SslContext::new(SslMethod::Tls).unwrap(); let new_ctx_a = SslContext::new(SslMethod::tls()).unwrap(); let _new_ctx_b = ssl.set_ssl_context(&new_ctx_a); } } Loading @@ -1046,7 +1041,7 @@ fn refcount_ssl_context() { #[test] #[cfg_attr(windows, ignore)] // don't have a trusted CA list easily available :( fn default_verify_paths() { let mut ctx = SslContext::new(SslMethod::Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_default_verify_paths().unwrap(); ctx.set_verify(SSL_VERIFY_PEER); let s = TcpStream::connect("google.com:443").unwrap(); Loading @@ -1065,7 +1060,7 @@ fn default_verify_paths() { fn add_extra_chain_cert() { let cert = include_bytes!("../../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); let mut ctx = SslContext::new(SslMethod::Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.add_extra_chain_cert(&cert).unwrap(); } Loading @@ -1073,7 +1068,7 @@ fn add_extra_chain_cert() { #[cfg_attr(windows, ignore)] // don't have a trusted CA list easily available :( #[cfg(feature = "openssl-102")] fn valid_hostname() { let mut ctx = SslContext::new(SslMethod::Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_default_verify_paths().unwrap(); ctx.set_verify(SSL_VERIFY_PEER); Loading @@ -1097,7 +1092,7 @@ fn valid_hostname() { #[cfg_attr(windows, ignore)] // don't have a trusted CA list easily available :( #[cfg(feature = "openssl-102")] fn invalid_hostname() { let mut ctx = SslContext::new(SslMethod::Tls).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); ctx.set_default_verify_paths().unwrap(); ctx.set_verify(SSL_VERIFY_PEER); Loading
