Loading openssl/src/ssl/mod.rs +45 −77 Original line number Diff line number Diff line Loading @@ -780,18 +780,6 @@ impl<'a> SslRef<'a> { unsafe { ffi::SSL_get_rbio(self.as_ptr()) } } fn connect(&mut self) -> c_int { unsafe { ffi::SSL_connect(self.as_ptr()) } } fn accept(&mut self) -> c_int { unsafe { ffi::SSL_accept(self.as_ptr()) } } fn handshake(&mut self) -> c_int { unsafe { ffi::SSL_do_handshake(self.as_ptr()) } } fn read(&mut self, buf: &mut [u8]) -> c_int { let len = cmp::min(c_int::max_value() as usize, buf.len()) as c_int; unsafe { ffi::SSL_read(self.as_ptr(), buf.as_ptr() as *mut c_void, len) } Loading Loading @@ -1057,6 +1045,50 @@ impl Ssl { pub unsafe fn from_ptr(ssl: *mut ffi::SSL) -> Ssl { Ssl(SslRef::from_ptr(ssl)) } /// Creates an SSL/TLS client operating over the provided stream. pub fn connect<S>(self, stream: S) -> Result<SslStream<S>, HandshakeError<S>> where S: Read + Write { let mut stream = SslStream::new_base(self, stream); let ret = unsafe { ffi::SSL_connect(stream.ssl.as_ptr()) }; if ret > 0 { Ok(stream) } else { match stream.make_error(ret) { e @ Error::WantWrite(_) | e @ Error::WantRead(_) => { Err(HandshakeError::Interrupted(MidHandshakeSslStream { stream: stream, error: e, })) } err => Err(HandshakeError::Failure(err)), } } } /// Creates an SSL/TLS server operating over the provided stream. pub fn accept<S>(self, stream: S) -> Result<SslStream<S>, HandshakeError<S>> where S: Read + Write { let mut stream = SslStream::new_base(self, stream); let ret = unsafe { ffi::SSL_accept(stream.ssl.as_ptr()) }; if ret > 0 { Ok(stream) } else { match stream.make_error(ret) { e @ Error::WantWrite(_) | e @ Error::WantRead(_) => { Err(HandshakeError::Interrupted(MidHandshakeSslStream { stream: stream, error: e, })) } err => Err(HandshakeError::Failure(err)), } } } } /// A stream wrapper which handles SSL encryption for an underlying stream. Loading Loading @@ -1093,54 +1125,6 @@ impl<S: Read + Write> SslStream<S> { } } /// Creates an SSL/TLS client operating over the provided stream. pub fn connect<T: IntoSsl>(ssl: T, stream: S) -> Result<Self, HandshakeError<S>>{ let ssl = try!(ssl.into_ssl().map_err(|e| { HandshakeError::Failure(Error::Ssl(e)) })); let mut stream = Self::new_base(ssl, stream); let ret = stream.ssl.connect(); if ret > 0 { Ok(stream) } else { match stream.make_error(ret) { e @ Error::WantWrite(_) | e @ Error::WantRead(_) => { Err(HandshakeError::Interrupted(MidHandshakeSslStream { stream: stream, error: e, })) } err => Err(HandshakeError::Failure(err)), } } } /// Creates an SSL/TLS server operating over the provided stream. pub fn accept<T: IntoSsl>(ssl: T, stream: S) -> Result<Self, HandshakeError<S>> { let ssl = try!(ssl.into_ssl().map_err(|e| { HandshakeError::Failure(Error::Ssl(e)) })); let mut stream = Self::new_base(ssl, stream); let ret = stream.ssl.accept(); if ret > 0 { Ok(stream) } else { match stream.make_error(ret) { e @ Error::WantWrite(_) | e @ Error::WantRead(_) => { Err(HandshakeError::Interrupted(MidHandshakeSslStream { stream: stream, error: e, })) } err => Err(HandshakeError::Failure(err)), } } } /// Like `read`, but returns an `ssl::Error` rather than an `io::Error`. /// /// This is particularly useful with a nonblocking socket, where the error Loading Loading @@ -1233,7 +1217,7 @@ impl<S> MidHandshakeSslStream<S> { /// Restarts the handshake process. pub fn handshake(mut self) -> Result<SslStream<S>, HandshakeError<S>> { let ret = self.stream.ssl.handshake(); let ret = unsafe { ffi::SSL_do_handshake(self.stream.ssl.as_ptr()) }; if ret > 0 { Ok(self.stream) } else { Loading Loading @@ -1352,22 +1336,6 @@ impl<S: Read + Write> Write for SslStream<S> { } } pub trait IntoSsl { fn into_ssl(self) -> Result<Ssl, ErrorStack>; } impl IntoSsl for Ssl { fn into_ssl(self) -> Result<Ssl, ErrorStack> { Ok(self) } } impl<'a> IntoSsl for &'a SslContext { fn into_ssl(self) -> Result<Ssl, ErrorStack> { Ssl::new(self) } } #[cfg(ossl110)] mod compat { use std::ptr; Loading openssl/src/ssl/tests/mod.rs +53 −73 Original line number Diff line number Diff line Loading @@ -19,9 +19,7 @@ use ssl; use ssl::SSL_VERIFY_PEER; use ssl::{SslMethod, HandshakeError}; use ssl::error::Error; use ssl::{SslContext, SslStream}; #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] use ssl::IntoSsl; use ssl::{SslContext, SslStream, Ssl}; use x509::X509StoreContext; use x509::X509FileType; use x509::X509; Loading Loading @@ -194,15 +192,11 @@ run_test!(new_ctx, |method, _| { SslContext::new(method).unwrap(); }); run_test!(new_sslstream, |method, stream| { SslStream::connect(&SslContext::new(method).unwrap(), stream).unwrap(); }); run_test!(verify_untrusted, |method, stream| { let mut ctx = SslContext::new(method).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); match SslStream::connect(&ctx, stream) { match Ssl::new(&ctx).unwrap().connect(stream) { Ok(_) => panic!("expected failure"), Err(err) => println!("error {:?}", err), } Loading @@ -216,7 +210,7 @@ run_test!(verify_trusted, |method, stream| { Ok(_) => {} Err(err) => panic!("Unexpected error {:?}", err), } match SslStream::connect(&ctx, stream) { match Ssl::new(&ctx).unwrap().connect(stream) { Ok(_) => (), Err(err) => panic!("Expected success, got {:?}", err), } Loading @@ -226,7 +220,7 @@ run_test!(verify_untrusted_callback_override_ok, |method, stream| { let mut ctx = SslContext::new(method).unwrap(); ctx.set_verify_callback(SSL_VERIFY_PEER, |_, _| true); match SslStream::connect(&ctx, stream) { match Ssl::new(&ctx).unwrap().connect(stream) { Ok(_) => (), Err(err) => panic!("Expected success, got {:?}", err), } Loading @@ -236,7 +230,7 @@ run_test!(verify_untrusted_callback_override_bad, |method, stream| { let mut ctx = SslContext::new(method).unwrap(); ctx.set_verify_callback(SSL_VERIFY_PEER, |_, _| false); assert!(SslStream::connect(&ctx, stream).is_err()); assert!(Ssl::new(&ctx).unwrap().connect(stream).is_err()); }); run_test!(verify_trusted_callback_override_ok, |method, stream| { Loading @@ -247,7 +241,7 @@ run_test!(verify_trusted_callback_override_ok, |method, stream| { Ok(_) => {} Err(err) => panic!("Unexpected error {:?}", err), } match SslStream::connect(&ctx, stream) { match Ssl::new(&ctx).unwrap().connect(stream) { Ok(_) => (), Err(err) => panic!("Expected success, got {:?}", err), } Loading @@ -261,7 +255,7 @@ run_test!(verify_trusted_callback_override_bad, |method, stream| { Ok(_) => {} Err(err) => panic!("Unexpected error {:?}", err), } assert!(SslStream::connect(&ctx, stream).is_err()); assert!(Ssl::new(&ctx).unwrap().connect(stream).is_err()); }); run_test!(verify_callback_load_certs, |method, stream| { Loading @@ -271,7 +265,7 @@ run_test!(verify_callback_load_certs, |method, stream| { true }); assert!(SslStream::connect(&ctx, stream).is_ok()); assert!(Ssl::new(&ctx).unwrap().connect(stream).is_ok()); }); run_test!(verify_trusted_get_error_ok, |method, stream| { Loading @@ -285,7 +279,7 @@ run_test!(verify_trusted_get_error_ok, |method, stream| { Ok(_) => {} Err(err) => panic!("Unexpected error {:?}", err), } assert!(SslStream::connect(&ctx, stream).is_ok()); assert!(Ssl::new(&ctx).unwrap().connect(stream).is_ok()); }); run_test!(verify_trusted_get_error_err, |method, stream| { Loading @@ -295,7 +289,7 @@ run_test!(verify_trusted_get_error_err, |method, stream| { false }); assert!(SslStream::connect(&ctx, stream).is_err()); assert!(Ssl::new(&ctx).unwrap().connect(stream).is_err()); }); run_test!(verify_callback_data, |method, stream| { Loading @@ -319,7 +313,7 @@ run_test!(verify_callback_data, |method, stream| { }); ctx.set_verify_depth(1); match SslStream::connect(&ctx, stream) { match Ssl::new(&ctx).unwrap().connect(stream) { Ok(_) => (), Err(err) => panic!("Expected success, got {:?}", err), } Loading @@ -327,12 +321,11 @@ run_test!(verify_callback_data, |method, stream| { run_test!(ssl_verify_callback, |method, stream| { use std::sync::atomic::{AtomicUsize, ATOMIC_USIZE_INIT, Ordering}; use ssl::IntoSsl; static CHECKED: AtomicUsize = ATOMIC_USIZE_INIT; let ctx = SslContext::new(method).unwrap(); let mut ssl = ctx.into_ssl().unwrap(); let mut ssl = Ssl::new(&ctx).unwrap(); let node_hash_str = "59172d9313e84459bcff27f967e79e6e9217e584"; let node_id = node_hash_str.from_hex().unwrap(); Loading @@ -347,7 +340,7 @@ run_test!(ssl_verify_callback, |method, stream| { } }); match SslStream::connect(ssl, stream) { match ssl.connect(stream) { Ok(_) => (), Err(err) => panic!("Expected success, got {:?}", err), } Loading @@ -364,7 +357,7 @@ fn test_write_hits_stream() { let guard = thread::spawn(move || { let ctx = SslContext::new(SslMethod::tls()).unwrap(); let stream = TcpStream::connect(addr).unwrap(); let mut stream = SslStream::connect(&ctx, stream).unwrap(); let mut stream = Ssl::new(&ctx).unwrap().connect(stream).unwrap(); stream.write_all(b"hello").unwrap(); stream Loading @@ -375,7 +368,7 @@ fn test_write_hits_stream() { ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM).unwrap(); ctx.set_private_key_file(&Path::new("test/key.pem"), X509FileType::PEM).unwrap(); let stream = listener.accept().unwrap().0; let mut stream = SslStream::accept(&ctx, stream).unwrap(); let mut stream = Ssl::new(&ctx).unwrap().accept(stream).unwrap(); let mut buf = [0; 5]; assert_eq!(5, stream.read(&mut buf).unwrap()); Loading Loading @@ -418,17 +411,8 @@ run_test!(clear_ctx_options, |method, _| { #[test] fn test_write() { let (_s, stream) = Server::new(); let mut stream = SslStream::connect(&SslContext::new(SslMethod::tls()).unwrap(), stream).unwrap(); stream.write_all("hello".as_bytes()).unwrap(); stream.flush().unwrap(); stream.write_all(" there".as_bytes()).unwrap(); stream.flush().unwrap(); } #[test] fn test_write_direct() { let (_s, stream) = Server::new(); let mut stream = SslStream::connect(&SslContext::new(SslMethod::tls()).unwrap(), stream).unwrap(); let ctx = SslContext::new(SslMethod::tls()).unwrap(); let mut stream = Ssl::new(&ctx).unwrap().connect(stream).unwrap(); stream.write_all("hello".as_bytes()).unwrap(); stream.flush().unwrap(); stream.write_all(" there".as_bytes()).unwrap(); Loading @@ -436,7 +420,8 @@ fn test_write_direct() { } run_test!(get_peer_certificate, |method, stream| { let stream = SslStream::connect(&SslContext::new(method).unwrap(), stream).unwrap(); let ctx = SslContext::new(method).unwrap(); let stream = Ssl::new(&ctx).unwrap().connect(stream).unwrap(); let cert = stream.ssl().peer_certificate().unwrap(); let fingerprint = cert.fingerprint(MessageDigest::sha1()).unwrap(); let node_hash_str = "59172d9313e84459bcff27f967e79e6e9217e584"; Loading @@ -448,8 +433,8 @@ run_test!(get_peer_certificate, |method, stream| { #[cfg_attr(any(windows, target_arch = "arm"), ignore)] // FIXME(#467) fn test_write_dtlsv1() { let (_s, stream) = Server::new_dtlsv1(iter::repeat("y\n")); let mut stream = SslStream::connect(&SslContext::new(SslMethod::dtls()).unwrap(), stream).unwrap(); let ctx = SslContext::new(SslMethod::dtls()).unwrap(); let mut stream = Ssl::new(&ctx).unwrap().connect(stream).unwrap(); stream.write_all(b"hello").unwrap(); stream.flush().unwrap(); stream.write_all(b" there").unwrap(); Loading @@ -459,16 +444,8 @@ fn test_write_dtlsv1() { #[test] fn test_read() { let (_s, tcp) = Server::new(); let mut stream = SslStream::connect(&SslContext::new(SslMethod::tls()).unwrap(), tcp).unwrap(); stream.write_all("GET /\r\n\r\n".as_bytes()).unwrap(); stream.flush().unwrap(); io::copy(&mut stream, &mut io::sink()).ok().expect("read error"); } #[test] fn test_read_direct() { let (_s, tcp) = Server::new(); let mut stream = SslStream::connect(&SslContext::new(SslMethod::tls()).unwrap(), tcp).unwrap(); let ctx = SslContext::new(SslMethod::tls()).unwrap(); let mut stream = Ssl::new(&ctx).unwrap().connect(tcp).unwrap(); stream.write_all("GET /\r\n\r\n".as_bytes()).unwrap(); stream.flush().unwrap(); io::copy(&mut stream, &mut io::sink()).ok().expect("read error"); Loading @@ -477,7 +454,8 @@ fn test_read_direct() { #[test] fn test_pending() { let (_s, tcp) = Server::new(); let mut stream = SslStream::connect(&SslContext::new(SslMethod::tls()).unwrap(), tcp).unwrap(); let ctx = SslContext::new(SslMethod::tls()).unwrap(); let mut stream = Ssl::new(&ctx).unwrap().connect(tcp).unwrap(); stream.write_all("GET /\r\n\r\n".as_bytes()).unwrap(); stream.flush().unwrap(); Loading @@ -500,7 +478,8 @@ fn test_pending() { #[test] fn test_state() { let (_s, tcp) = Server::new(); let stream = SslStream::connect(&SslContext::new(SslMethod::tls()).unwrap(), tcp).unwrap(); let ctx = SslContext::new(SslMethod::tls()).unwrap(); let mut stream = Ssl::new(&ctx).unwrap().connect(tcp).unwrap(); assert_eq!(stream.ssl().state_string(), "SSLOK "); assert_eq!(stream.ssl().state_string_long(), "SSL negotiation finished successfully"); Loading @@ -519,7 +498,7 @@ fn test_connect_with_unilateral_alpn() { Ok(_) => {} Err(err) => panic!("Unexpected error {:?}", err), } let stream = match SslStream::connect(&ctx, stream) { let stream = match Ssl::new(&ctx).unwrap().connect(stream) { Ok(stream) => stream, Err(err) => panic!("Expected success, got {:?}", err), }; Loading @@ -540,7 +519,7 @@ fn test_connect_with_unilateral_npn() { Ok(_) => {} Err(err) => panic!("Unexpected error {:?}", err), } let stream = match SslStream::connect(&ctx, stream) { let stream = match Ssl::new(&ctx).unwrap().connect(stream) { Ok(stream) => stream, Err(err) => panic!("Expected success, got {:?}", err), }; Loading @@ -562,7 +541,7 @@ fn test_connect_with_alpn_successful_multiple_matching() { Ok(_) => {} Err(err) => panic!("Unexpected error {:?}", err), } let stream = match SslStream::connect(&ctx, stream) { let stream = match Ssl::new(&ctx).unwrap().connect(stream) { Ok(stream) => stream, Err(err) => panic!("Expected success, got {:?}", err), }; Loading @@ -584,7 +563,7 @@ fn test_connect_with_npn_successful_multiple_matching() { Ok(_) => {} Err(err) => panic!("Unexpected error {:?}", err), } let stream = match SslStream::connect(&ctx, stream) { let stream = match Ssl::new(&ctx).unwrap().connect(stream) { Ok(stream) => stream, Err(err) => panic!("Expected success, got {:?}", err), }; Loading @@ -607,7 +586,7 @@ fn test_connect_with_alpn_successful_single_match() { Ok(_) => {} Err(err) => panic!("Unexpected error {:?}", err), } let stream = match SslStream::connect(&ctx, stream) { let stream = match Ssl::new(&ctx).unwrap().connect(stream) { Ok(stream) => stream, Err(err) => panic!("Expected success, got {:?}", err), }; Loading @@ -631,7 +610,7 @@ fn test_connect_with_npn_successful_single_match() { Ok(_) => {} Err(err) => panic!("Unexpected error {:?}", err), } let stream = match SslStream::connect(&ctx, stream) { let stream = match Ssl::new(&ctx).unwrap().connect(stream) { Ok(stream) => stream, Err(err) => panic!("Expected success, got {:?}", err), }; Loading Loading @@ -660,7 +639,7 @@ fn test_npn_server_advertise_multiple() { // Have the listener wait on the connection in a different thread. thread::spawn(move || { let (stream, _) = listener.accept().unwrap(); let _ = SslStream::accept(&listener_ctx, stream).unwrap(); Ssl::new(&listener_ctx).unwrap().accept(stream).unwrap(); }); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); Loading @@ -672,7 +651,7 @@ fn test_npn_server_advertise_multiple() { } // Now connect to the socket and make sure the protocol negotiation works... let stream = TcpStream::connect(localhost).unwrap(); let stream = match SslStream::connect(&ctx, stream) { let stream = match Ssl::new(&ctx).unwrap().connect(stream) { Ok(stream) => stream, Err(err) => panic!("Expected success, got {:?}", err), }; Loading Loading @@ -701,7 +680,7 @@ fn test_alpn_server_advertise_multiple() { // Have the listener wait on the connection in a different thread. thread::spawn(move || { let (stream, _) = listener.accept().unwrap(); let _ = SslStream::accept(&listener_ctx, stream).unwrap(); Ssl::new(&listener_ctx).unwrap().accept(stream).unwrap(); }); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); Loading @@ -713,7 +692,7 @@ fn test_alpn_server_advertise_multiple() { } // Now connect to the socket and make sure the protocol negotiation works... let stream = TcpStream::connect(localhost).unwrap(); let stream = match SslStream::connect(&ctx, stream) { let stream = match Ssl::new(&ctx).unwrap().connect(stream) { Ok(stream) => stream, Err(err) => panic!("Expected success, got {:?}", err), }; Loading Loading @@ -742,7 +721,7 @@ fn test_alpn_server_select_none() { // Have the listener wait on the connection in a different thread. thread::spawn(move || { let (stream, _) = listener.accept().unwrap(); let _ = SslStream::accept(&listener_ctx, stream).unwrap(); Ssl::new(&listener_ctx).unwrap().accept(stream).unwrap(); }); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); Loading @@ -751,7 +730,7 @@ fn test_alpn_server_select_none() { ctx.set_CA_file(&Path::new("test/root-ca.pem")).unwrap(); // Now connect to the socket and make sure the protocol negotiation works... let stream = TcpStream::connect(localhost).unwrap(); let stream = SslStream::connect(&ctx, stream).unwrap(); let stream = Ssl::new(&ctx).unwrap().connect(stream).unwrap(); // Since the protocols from the server and client don't overlap at all, no protocol is selected assert_eq!(None, stream.ssl().selected_alpn_protocol()); Loading @@ -777,7 +756,7 @@ fn test_alpn_server_select_none() { // Have the listener wait on the connection in a different thread. thread::spawn(move || { let (stream, _) = listener.accept().unwrap(); assert!(SslStream::accept(&listener_ctx, stream).is_err()); assert!(Ssl::new(&listener_ctx).unwrap().accept(stream).is_err()); }); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); Loading @@ -786,7 +765,7 @@ fn test_alpn_server_select_none() { ctx.set_CA_file(&Path::new("test/root-ca.pem")).unwrap(); // Now connect to the socket and make sure the protocol negotiation works... let stream = TcpStream::connect(localhost).unwrap(); assert!(SslStream::connect(&ctx, stream).is_err()); assert!(Ssl::new(&ctx).unwrap().connect(stream).is_err()); } #[cfg(test)] Loading @@ -812,7 +791,8 @@ mod dtlsv1 { fn test_read_dtlsv1() { let (_s, stream) = Server::new_dtlsv1(Some("hello")); let mut stream = SslStream::connect(&SslContext::new(SslMethod::dtls()).unwrap(), stream).unwrap(); let ctx = SslContext::new(SslMethod::dtls()).unwrap(); let mut stream = Ssl::new(&ctx).unwrap().connect(stream).unwrap(); let mut buf = [0u8; 100]; assert!(stream.read(&mut buf).is_ok()); } Loading Loading @@ -853,7 +833,7 @@ fn test_write_nonblocking() { let (_s, stream) = Server::new(); stream.set_nonblocking(true).unwrap(); let cx = SslContext::new(SslMethod::tls()).unwrap(); let mut stream = handshake(SslStream::connect(&cx, stream)); let mut stream = handshake(Ssl::new(&cx).unwrap().connect(stream)); let mut iterations = 0; loop { Loading Loading @@ -891,7 +871,7 @@ fn test_read_nonblocking() { let (_s, stream) = Server::new(); stream.set_nonblocking(true).unwrap(); let cx = SslContext::new(SslMethod::tls()).unwrap(); let mut stream = handshake(SslStream::connect(&cx, stream)); let mut stream = handshake(Ssl::new(&cx).unwrap().connect(stream)); let mut iterations = 0; loop { Loading Loading @@ -965,7 +945,7 @@ fn write_panic() { let stream = ExplodingStream(stream); let ctx = SslContext::new(SslMethod::tls()).unwrap(); let _ = SslStream::connect(&ctx, stream); let _ = Ssl::new(&ctx).unwrap().connect(stream); } #[test] Loading Loading @@ -993,7 +973,7 @@ fn read_panic() { let stream = ExplodingStream(stream); let ctx = SslContext::new(SslMethod::tls()).unwrap(); let _ = SslStream::connect(&ctx, stream); let _ = Ssl::new(&ctx).unwrap().connect(stream); } #[test] Loading Loading @@ -1021,7 +1001,7 @@ fn flush_panic() { let stream = ExplodingStream(stream); let ctx = SslContext::new(SslMethod::tls()).unwrap(); let mut stream = SslStream::connect(&ctx, stream).ok().unwrap(); let mut stream = Ssl::new(&ctx).unwrap().connect(stream).ok().unwrap(); let _ = stream.flush(); } Loading @@ -1045,7 +1025,7 @@ fn default_verify_paths() { ctx.set_default_verify_paths().unwrap(); ctx.set_verify(SSL_VERIFY_PEER); let s = TcpStream::connect("google.com:443").unwrap(); let mut socket = SslStream::connect(&ctx, s).unwrap(); let mut socket = Ssl::new(&ctx).unwrap().connect(s).unwrap(); socket.write_all(b"GET / HTTP/1.0\r\n\r\n").unwrap(); let mut result = vec![]; Loading @@ -1072,12 +1052,12 @@ fn valid_hostname() { ctx.set_default_verify_paths().unwrap(); ctx.set_verify(SSL_VERIFY_PEER); let mut ssl = ctx.into_ssl().unwrap(); let mut ssl = Ssl::new(&ctx).unwrap(); ssl.param().set_hostflags(X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); ssl.param().set_host("google.com").unwrap(); let s = TcpStream::connect("google.com:443").unwrap(); let mut socket = SslStream::connect(ssl, s).unwrap(); let mut socket = ssl.connect(s).unwrap(); socket.write_all(b"GET / HTTP/1.0\r\n\r\n").unwrap(); let mut result = vec![]; Loading @@ -1096,10 +1076,10 @@ fn invalid_hostname() { ctx.set_default_verify_paths().unwrap(); ctx.set_verify(SSL_VERIFY_PEER); let mut ssl = ctx.into_ssl().unwrap(); let mut ssl = Ssl::new(&ctx).unwrap(); ssl.param().set_hostflags(X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); ssl.param().set_host("foobar.com").unwrap(); let s = TcpStream::connect("google.com:443").unwrap(); assert!(SslStream::connect(ssl, s).is_err()); assert!(ssl.connect(s).is_err()); } Loading
openssl/src/ssl/mod.rs +45 −77 Original line number Diff line number Diff line Loading @@ -780,18 +780,6 @@ impl<'a> SslRef<'a> { unsafe { ffi::SSL_get_rbio(self.as_ptr()) } } fn connect(&mut self) -> c_int { unsafe { ffi::SSL_connect(self.as_ptr()) } } fn accept(&mut self) -> c_int { unsafe { ffi::SSL_accept(self.as_ptr()) } } fn handshake(&mut self) -> c_int { unsafe { ffi::SSL_do_handshake(self.as_ptr()) } } fn read(&mut self, buf: &mut [u8]) -> c_int { let len = cmp::min(c_int::max_value() as usize, buf.len()) as c_int; unsafe { ffi::SSL_read(self.as_ptr(), buf.as_ptr() as *mut c_void, len) } Loading Loading @@ -1057,6 +1045,50 @@ impl Ssl { pub unsafe fn from_ptr(ssl: *mut ffi::SSL) -> Ssl { Ssl(SslRef::from_ptr(ssl)) } /// Creates an SSL/TLS client operating over the provided stream. pub fn connect<S>(self, stream: S) -> Result<SslStream<S>, HandshakeError<S>> where S: Read + Write { let mut stream = SslStream::new_base(self, stream); let ret = unsafe { ffi::SSL_connect(stream.ssl.as_ptr()) }; if ret > 0 { Ok(stream) } else { match stream.make_error(ret) { e @ Error::WantWrite(_) | e @ Error::WantRead(_) => { Err(HandshakeError::Interrupted(MidHandshakeSslStream { stream: stream, error: e, })) } err => Err(HandshakeError::Failure(err)), } } } /// Creates an SSL/TLS server operating over the provided stream. pub fn accept<S>(self, stream: S) -> Result<SslStream<S>, HandshakeError<S>> where S: Read + Write { let mut stream = SslStream::new_base(self, stream); let ret = unsafe { ffi::SSL_accept(stream.ssl.as_ptr()) }; if ret > 0 { Ok(stream) } else { match stream.make_error(ret) { e @ Error::WantWrite(_) | e @ Error::WantRead(_) => { Err(HandshakeError::Interrupted(MidHandshakeSslStream { stream: stream, error: e, })) } err => Err(HandshakeError::Failure(err)), } } } } /// A stream wrapper which handles SSL encryption for an underlying stream. Loading Loading @@ -1093,54 +1125,6 @@ impl<S: Read + Write> SslStream<S> { } } /// Creates an SSL/TLS client operating over the provided stream. pub fn connect<T: IntoSsl>(ssl: T, stream: S) -> Result<Self, HandshakeError<S>>{ let ssl = try!(ssl.into_ssl().map_err(|e| { HandshakeError::Failure(Error::Ssl(e)) })); let mut stream = Self::new_base(ssl, stream); let ret = stream.ssl.connect(); if ret > 0 { Ok(stream) } else { match stream.make_error(ret) { e @ Error::WantWrite(_) | e @ Error::WantRead(_) => { Err(HandshakeError::Interrupted(MidHandshakeSslStream { stream: stream, error: e, })) } err => Err(HandshakeError::Failure(err)), } } } /// Creates an SSL/TLS server operating over the provided stream. pub fn accept<T: IntoSsl>(ssl: T, stream: S) -> Result<Self, HandshakeError<S>> { let ssl = try!(ssl.into_ssl().map_err(|e| { HandshakeError::Failure(Error::Ssl(e)) })); let mut stream = Self::new_base(ssl, stream); let ret = stream.ssl.accept(); if ret > 0 { Ok(stream) } else { match stream.make_error(ret) { e @ Error::WantWrite(_) | e @ Error::WantRead(_) => { Err(HandshakeError::Interrupted(MidHandshakeSslStream { stream: stream, error: e, })) } err => Err(HandshakeError::Failure(err)), } } } /// Like `read`, but returns an `ssl::Error` rather than an `io::Error`. /// /// This is particularly useful with a nonblocking socket, where the error Loading Loading @@ -1233,7 +1217,7 @@ impl<S> MidHandshakeSslStream<S> { /// Restarts the handshake process. pub fn handshake(mut self) -> Result<SslStream<S>, HandshakeError<S>> { let ret = self.stream.ssl.handshake(); let ret = unsafe { ffi::SSL_do_handshake(self.stream.ssl.as_ptr()) }; if ret > 0 { Ok(self.stream) } else { Loading Loading @@ -1352,22 +1336,6 @@ impl<S: Read + Write> Write for SslStream<S> { } } pub trait IntoSsl { fn into_ssl(self) -> Result<Ssl, ErrorStack>; } impl IntoSsl for Ssl { fn into_ssl(self) -> Result<Ssl, ErrorStack> { Ok(self) } } impl<'a> IntoSsl for &'a SslContext { fn into_ssl(self) -> Result<Ssl, ErrorStack> { Ssl::new(self) } } #[cfg(ossl110)] mod compat { use std::ptr; Loading
openssl/src/ssl/tests/mod.rs +53 −73 Original line number Diff line number Diff line Loading @@ -19,9 +19,7 @@ use ssl; use ssl::SSL_VERIFY_PEER; use ssl::{SslMethod, HandshakeError}; use ssl::error::Error; use ssl::{SslContext, SslStream}; #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] use ssl::IntoSsl; use ssl::{SslContext, SslStream, Ssl}; use x509::X509StoreContext; use x509::X509FileType; use x509::X509; Loading Loading @@ -194,15 +192,11 @@ run_test!(new_ctx, |method, _| { SslContext::new(method).unwrap(); }); run_test!(new_sslstream, |method, stream| { SslStream::connect(&SslContext::new(method).unwrap(), stream).unwrap(); }); run_test!(verify_untrusted, |method, stream| { let mut ctx = SslContext::new(method).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); match SslStream::connect(&ctx, stream) { match Ssl::new(&ctx).unwrap().connect(stream) { Ok(_) => panic!("expected failure"), Err(err) => println!("error {:?}", err), } Loading @@ -216,7 +210,7 @@ run_test!(verify_trusted, |method, stream| { Ok(_) => {} Err(err) => panic!("Unexpected error {:?}", err), } match SslStream::connect(&ctx, stream) { match Ssl::new(&ctx).unwrap().connect(stream) { Ok(_) => (), Err(err) => panic!("Expected success, got {:?}", err), } Loading @@ -226,7 +220,7 @@ run_test!(verify_untrusted_callback_override_ok, |method, stream| { let mut ctx = SslContext::new(method).unwrap(); ctx.set_verify_callback(SSL_VERIFY_PEER, |_, _| true); match SslStream::connect(&ctx, stream) { match Ssl::new(&ctx).unwrap().connect(stream) { Ok(_) => (), Err(err) => panic!("Expected success, got {:?}", err), } Loading @@ -236,7 +230,7 @@ run_test!(verify_untrusted_callback_override_bad, |method, stream| { let mut ctx = SslContext::new(method).unwrap(); ctx.set_verify_callback(SSL_VERIFY_PEER, |_, _| false); assert!(SslStream::connect(&ctx, stream).is_err()); assert!(Ssl::new(&ctx).unwrap().connect(stream).is_err()); }); run_test!(verify_trusted_callback_override_ok, |method, stream| { Loading @@ -247,7 +241,7 @@ run_test!(verify_trusted_callback_override_ok, |method, stream| { Ok(_) => {} Err(err) => panic!("Unexpected error {:?}", err), } match SslStream::connect(&ctx, stream) { match Ssl::new(&ctx).unwrap().connect(stream) { Ok(_) => (), Err(err) => panic!("Expected success, got {:?}", err), } Loading @@ -261,7 +255,7 @@ run_test!(verify_trusted_callback_override_bad, |method, stream| { Ok(_) => {} Err(err) => panic!("Unexpected error {:?}", err), } assert!(SslStream::connect(&ctx, stream).is_err()); assert!(Ssl::new(&ctx).unwrap().connect(stream).is_err()); }); run_test!(verify_callback_load_certs, |method, stream| { Loading @@ -271,7 +265,7 @@ run_test!(verify_callback_load_certs, |method, stream| { true }); assert!(SslStream::connect(&ctx, stream).is_ok()); assert!(Ssl::new(&ctx).unwrap().connect(stream).is_ok()); }); run_test!(verify_trusted_get_error_ok, |method, stream| { Loading @@ -285,7 +279,7 @@ run_test!(verify_trusted_get_error_ok, |method, stream| { Ok(_) => {} Err(err) => panic!("Unexpected error {:?}", err), } assert!(SslStream::connect(&ctx, stream).is_ok()); assert!(Ssl::new(&ctx).unwrap().connect(stream).is_ok()); }); run_test!(verify_trusted_get_error_err, |method, stream| { Loading @@ -295,7 +289,7 @@ run_test!(verify_trusted_get_error_err, |method, stream| { false }); assert!(SslStream::connect(&ctx, stream).is_err()); assert!(Ssl::new(&ctx).unwrap().connect(stream).is_err()); }); run_test!(verify_callback_data, |method, stream| { Loading @@ -319,7 +313,7 @@ run_test!(verify_callback_data, |method, stream| { }); ctx.set_verify_depth(1); match SslStream::connect(&ctx, stream) { match Ssl::new(&ctx).unwrap().connect(stream) { Ok(_) => (), Err(err) => panic!("Expected success, got {:?}", err), } Loading @@ -327,12 +321,11 @@ run_test!(verify_callback_data, |method, stream| { run_test!(ssl_verify_callback, |method, stream| { use std::sync::atomic::{AtomicUsize, ATOMIC_USIZE_INIT, Ordering}; use ssl::IntoSsl; static CHECKED: AtomicUsize = ATOMIC_USIZE_INIT; let ctx = SslContext::new(method).unwrap(); let mut ssl = ctx.into_ssl().unwrap(); let mut ssl = Ssl::new(&ctx).unwrap(); let node_hash_str = "59172d9313e84459bcff27f967e79e6e9217e584"; let node_id = node_hash_str.from_hex().unwrap(); Loading @@ -347,7 +340,7 @@ run_test!(ssl_verify_callback, |method, stream| { } }); match SslStream::connect(ssl, stream) { match ssl.connect(stream) { Ok(_) => (), Err(err) => panic!("Expected success, got {:?}", err), } Loading @@ -364,7 +357,7 @@ fn test_write_hits_stream() { let guard = thread::spawn(move || { let ctx = SslContext::new(SslMethod::tls()).unwrap(); let stream = TcpStream::connect(addr).unwrap(); let mut stream = SslStream::connect(&ctx, stream).unwrap(); let mut stream = Ssl::new(&ctx).unwrap().connect(stream).unwrap(); stream.write_all(b"hello").unwrap(); stream Loading @@ -375,7 +368,7 @@ fn test_write_hits_stream() { ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM).unwrap(); ctx.set_private_key_file(&Path::new("test/key.pem"), X509FileType::PEM).unwrap(); let stream = listener.accept().unwrap().0; let mut stream = SslStream::accept(&ctx, stream).unwrap(); let mut stream = Ssl::new(&ctx).unwrap().accept(stream).unwrap(); let mut buf = [0; 5]; assert_eq!(5, stream.read(&mut buf).unwrap()); Loading Loading @@ -418,17 +411,8 @@ run_test!(clear_ctx_options, |method, _| { #[test] fn test_write() { let (_s, stream) = Server::new(); let mut stream = SslStream::connect(&SslContext::new(SslMethod::tls()).unwrap(), stream).unwrap(); stream.write_all("hello".as_bytes()).unwrap(); stream.flush().unwrap(); stream.write_all(" there".as_bytes()).unwrap(); stream.flush().unwrap(); } #[test] fn test_write_direct() { let (_s, stream) = Server::new(); let mut stream = SslStream::connect(&SslContext::new(SslMethod::tls()).unwrap(), stream).unwrap(); let ctx = SslContext::new(SslMethod::tls()).unwrap(); let mut stream = Ssl::new(&ctx).unwrap().connect(stream).unwrap(); stream.write_all("hello".as_bytes()).unwrap(); stream.flush().unwrap(); stream.write_all(" there".as_bytes()).unwrap(); Loading @@ -436,7 +420,8 @@ fn test_write_direct() { } run_test!(get_peer_certificate, |method, stream| { let stream = SslStream::connect(&SslContext::new(method).unwrap(), stream).unwrap(); let ctx = SslContext::new(method).unwrap(); let stream = Ssl::new(&ctx).unwrap().connect(stream).unwrap(); let cert = stream.ssl().peer_certificate().unwrap(); let fingerprint = cert.fingerprint(MessageDigest::sha1()).unwrap(); let node_hash_str = "59172d9313e84459bcff27f967e79e6e9217e584"; Loading @@ -448,8 +433,8 @@ run_test!(get_peer_certificate, |method, stream| { #[cfg_attr(any(windows, target_arch = "arm"), ignore)] // FIXME(#467) fn test_write_dtlsv1() { let (_s, stream) = Server::new_dtlsv1(iter::repeat("y\n")); let mut stream = SslStream::connect(&SslContext::new(SslMethod::dtls()).unwrap(), stream).unwrap(); let ctx = SslContext::new(SslMethod::dtls()).unwrap(); let mut stream = Ssl::new(&ctx).unwrap().connect(stream).unwrap(); stream.write_all(b"hello").unwrap(); stream.flush().unwrap(); stream.write_all(b" there").unwrap(); Loading @@ -459,16 +444,8 @@ fn test_write_dtlsv1() { #[test] fn test_read() { let (_s, tcp) = Server::new(); let mut stream = SslStream::connect(&SslContext::new(SslMethod::tls()).unwrap(), tcp).unwrap(); stream.write_all("GET /\r\n\r\n".as_bytes()).unwrap(); stream.flush().unwrap(); io::copy(&mut stream, &mut io::sink()).ok().expect("read error"); } #[test] fn test_read_direct() { let (_s, tcp) = Server::new(); let mut stream = SslStream::connect(&SslContext::new(SslMethod::tls()).unwrap(), tcp).unwrap(); let ctx = SslContext::new(SslMethod::tls()).unwrap(); let mut stream = Ssl::new(&ctx).unwrap().connect(tcp).unwrap(); stream.write_all("GET /\r\n\r\n".as_bytes()).unwrap(); stream.flush().unwrap(); io::copy(&mut stream, &mut io::sink()).ok().expect("read error"); Loading @@ -477,7 +454,8 @@ fn test_read_direct() { #[test] fn test_pending() { let (_s, tcp) = Server::new(); let mut stream = SslStream::connect(&SslContext::new(SslMethod::tls()).unwrap(), tcp).unwrap(); let ctx = SslContext::new(SslMethod::tls()).unwrap(); let mut stream = Ssl::new(&ctx).unwrap().connect(tcp).unwrap(); stream.write_all("GET /\r\n\r\n".as_bytes()).unwrap(); stream.flush().unwrap(); Loading @@ -500,7 +478,8 @@ fn test_pending() { #[test] fn test_state() { let (_s, tcp) = Server::new(); let stream = SslStream::connect(&SslContext::new(SslMethod::tls()).unwrap(), tcp).unwrap(); let ctx = SslContext::new(SslMethod::tls()).unwrap(); let mut stream = Ssl::new(&ctx).unwrap().connect(tcp).unwrap(); assert_eq!(stream.ssl().state_string(), "SSLOK "); assert_eq!(stream.ssl().state_string_long(), "SSL negotiation finished successfully"); Loading @@ -519,7 +498,7 @@ fn test_connect_with_unilateral_alpn() { Ok(_) => {} Err(err) => panic!("Unexpected error {:?}", err), } let stream = match SslStream::connect(&ctx, stream) { let stream = match Ssl::new(&ctx).unwrap().connect(stream) { Ok(stream) => stream, Err(err) => panic!("Expected success, got {:?}", err), }; Loading @@ -540,7 +519,7 @@ fn test_connect_with_unilateral_npn() { Ok(_) => {} Err(err) => panic!("Unexpected error {:?}", err), } let stream = match SslStream::connect(&ctx, stream) { let stream = match Ssl::new(&ctx).unwrap().connect(stream) { Ok(stream) => stream, Err(err) => panic!("Expected success, got {:?}", err), }; Loading @@ -562,7 +541,7 @@ fn test_connect_with_alpn_successful_multiple_matching() { Ok(_) => {} Err(err) => panic!("Unexpected error {:?}", err), } let stream = match SslStream::connect(&ctx, stream) { let stream = match Ssl::new(&ctx).unwrap().connect(stream) { Ok(stream) => stream, Err(err) => panic!("Expected success, got {:?}", err), }; Loading @@ -584,7 +563,7 @@ fn test_connect_with_npn_successful_multiple_matching() { Ok(_) => {} Err(err) => panic!("Unexpected error {:?}", err), } let stream = match SslStream::connect(&ctx, stream) { let stream = match Ssl::new(&ctx).unwrap().connect(stream) { Ok(stream) => stream, Err(err) => panic!("Expected success, got {:?}", err), }; Loading @@ -607,7 +586,7 @@ fn test_connect_with_alpn_successful_single_match() { Ok(_) => {} Err(err) => panic!("Unexpected error {:?}", err), } let stream = match SslStream::connect(&ctx, stream) { let stream = match Ssl::new(&ctx).unwrap().connect(stream) { Ok(stream) => stream, Err(err) => panic!("Expected success, got {:?}", err), }; Loading @@ -631,7 +610,7 @@ fn test_connect_with_npn_successful_single_match() { Ok(_) => {} Err(err) => panic!("Unexpected error {:?}", err), } let stream = match SslStream::connect(&ctx, stream) { let stream = match Ssl::new(&ctx).unwrap().connect(stream) { Ok(stream) => stream, Err(err) => panic!("Expected success, got {:?}", err), }; Loading Loading @@ -660,7 +639,7 @@ fn test_npn_server_advertise_multiple() { // Have the listener wait on the connection in a different thread. thread::spawn(move || { let (stream, _) = listener.accept().unwrap(); let _ = SslStream::accept(&listener_ctx, stream).unwrap(); Ssl::new(&listener_ctx).unwrap().accept(stream).unwrap(); }); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); Loading @@ -672,7 +651,7 @@ fn test_npn_server_advertise_multiple() { } // Now connect to the socket and make sure the protocol negotiation works... let stream = TcpStream::connect(localhost).unwrap(); let stream = match SslStream::connect(&ctx, stream) { let stream = match Ssl::new(&ctx).unwrap().connect(stream) { Ok(stream) => stream, Err(err) => panic!("Expected success, got {:?}", err), }; Loading Loading @@ -701,7 +680,7 @@ fn test_alpn_server_advertise_multiple() { // Have the listener wait on the connection in a different thread. thread::spawn(move || { let (stream, _) = listener.accept().unwrap(); let _ = SslStream::accept(&listener_ctx, stream).unwrap(); Ssl::new(&listener_ctx).unwrap().accept(stream).unwrap(); }); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); Loading @@ -713,7 +692,7 @@ fn test_alpn_server_advertise_multiple() { } // Now connect to the socket and make sure the protocol negotiation works... let stream = TcpStream::connect(localhost).unwrap(); let stream = match SslStream::connect(&ctx, stream) { let stream = match Ssl::new(&ctx).unwrap().connect(stream) { Ok(stream) => stream, Err(err) => panic!("Expected success, got {:?}", err), }; Loading Loading @@ -742,7 +721,7 @@ fn test_alpn_server_select_none() { // Have the listener wait on the connection in a different thread. thread::spawn(move || { let (stream, _) = listener.accept().unwrap(); let _ = SslStream::accept(&listener_ctx, stream).unwrap(); Ssl::new(&listener_ctx).unwrap().accept(stream).unwrap(); }); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); Loading @@ -751,7 +730,7 @@ fn test_alpn_server_select_none() { ctx.set_CA_file(&Path::new("test/root-ca.pem")).unwrap(); // Now connect to the socket and make sure the protocol negotiation works... let stream = TcpStream::connect(localhost).unwrap(); let stream = SslStream::connect(&ctx, stream).unwrap(); let stream = Ssl::new(&ctx).unwrap().connect(stream).unwrap(); // Since the protocols from the server and client don't overlap at all, no protocol is selected assert_eq!(None, stream.ssl().selected_alpn_protocol()); Loading @@ -777,7 +756,7 @@ fn test_alpn_server_select_none() { // Have the listener wait on the connection in a different thread. thread::spawn(move || { let (stream, _) = listener.accept().unwrap(); assert!(SslStream::accept(&listener_ctx, stream).is_err()); assert!(Ssl::new(&listener_ctx).unwrap().accept(stream).is_err()); }); let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); Loading @@ -786,7 +765,7 @@ fn test_alpn_server_select_none() { ctx.set_CA_file(&Path::new("test/root-ca.pem")).unwrap(); // Now connect to the socket and make sure the protocol negotiation works... let stream = TcpStream::connect(localhost).unwrap(); assert!(SslStream::connect(&ctx, stream).is_err()); assert!(Ssl::new(&ctx).unwrap().connect(stream).is_err()); } #[cfg(test)] Loading @@ -812,7 +791,8 @@ mod dtlsv1 { fn test_read_dtlsv1() { let (_s, stream) = Server::new_dtlsv1(Some("hello")); let mut stream = SslStream::connect(&SslContext::new(SslMethod::dtls()).unwrap(), stream).unwrap(); let ctx = SslContext::new(SslMethod::dtls()).unwrap(); let mut stream = Ssl::new(&ctx).unwrap().connect(stream).unwrap(); let mut buf = [0u8; 100]; assert!(stream.read(&mut buf).is_ok()); } Loading Loading @@ -853,7 +833,7 @@ fn test_write_nonblocking() { let (_s, stream) = Server::new(); stream.set_nonblocking(true).unwrap(); let cx = SslContext::new(SslMethod::tls()).unwrap(); let mut stream = handshake(SslStream::connect(&cx, stream)); let mut stream = handshake(Ssl::new(&cx).unwrap().connect(stream)); let mut iterations = 0; loop { Loading Loading @@ -891,7 +871,7 @@ fn test_read_nonblocking() { let (_s, stream) = Server::new(); stream.set_nonblocking(true).unwrap(); let cx = SslContext::new(SslMethod::tls()).unwrap(); let mut stream = handshake(SslStream::connect(&cx, stream)); let mut stream = handshake(Ssl::new(&cx).unwrap().connect(stream)); let mut iterations = 0; loop { Loading Loading @@ -965,7 +945,7 @@ fn write_panic() { let stream = ExplodingStream(stream); let ctx = SslContext::new(SslMethod::tls()).unwrap(); let _ = SslStream::connect(&ctx, stream); let _ = Ssl::new(&ctx).unwrap().connect(stream); } #[test] Loading Loading @@ -993,7 +973,7 @@ fn read_panic() { let stream = ExplodingStream(stream); let ctx = SslContext::new(SslMethod::tls()).unwrap(); let _ = SslStream::connect(&ctx, stream); let _ = Ssl::new(&ctx).unwrap().connect(stream); } #[test] Loading Loading @@ -1021,7 +1001,7 @@ fn flush_panic() { let stream = ExplodingStream(stream); let ctx = SslContext::new(SslMethod::tls()).unwrap(); let mut stream = SslStream::connect(&ctx, stream).ok().unwrap(); let mut stream = Ssl::new(&ctx).unwrap().connect(stream).ok().unwrap(); let _ = stream.flush(); } Loading @@ -1045,7 +1025,7 @@ fn default_verify_paths() { ctx.set_default_verify_paths().unwrap(); ctx.set_verify(SSL_VERIFY_PEER); let s = TcpStream::connect("google.com:443").unwrap(); let mut socket = SslStream::connect(&ctx, s).unwrap(); let mut socket = Ssl::new(&ctx).unwrap().connect(s).unwrap(); socket.write_all(b"GET / HTTP/1.0\r\n\r\n").unwrap(); let mut result = vec![]; Loading @@ -1072,12 +1052,12 @@ fn valid_hostname() { ctx.set_default_verify_paths().unwrap(); ctx.set_verify(SSL_VERIFY_PEER); let mut ssl = ctx.into_ssl().unwrap(); let mut ssl = Ssl::new(&ctx).unwrap(); ssl.param().set_hostflags(X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); ssl.param().set_host("google.com").unwrap(); let s = TcpStream::connect("google.com:443").unwrap(); let mut socket = SslStream::connect(ssl, s).unwrap(); let mut socket = ssl.connect(s).unwrap(); socket.write_all(b"GET / HTTP/1.0\r\n\r\n").unwrap(); let mut result = vec![]; Loading @@ -1096,10 +1076,10 @@ fn invalid_hostname() { ctx.set_default_verify_paths().unwrap(); ctx.set_verify(SSL_VERIFY_PEER); let mut ssl = ctx.into_ssl().unwrap(); let mut ssl = Ssl::new(&ctx).unwrap(); ssl.param().set_hostflags(X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); ssl.param().set_host("foobar.com").unwrap(); let s = TcpStream::connect("google.com:443").unwrap(); assert!(SslStream::connect(ssl, s).is_err()); assert!(ssl.connect(s).is_err()); }
