From 03e4908c13cf2c5443fcdaf496ee1b7b223bbcf9 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Mon, 26 Oct 2015 21:09:30 -0700 Subject: [PATCH] Move SSL methods to Ssl object, add getter --- openssl/src/ssl/mod.rs | 152 +++++++++++------------------------ openssl/src/ssl/tests/mod.rs | 38 ++++----- 2 files changed, 66 insertions(+), 124 deletions(-) diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index aacc5edc..735255e4 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -704,7 +704,7 @@ unsafe impl Sync for Ssl {} impl fmt::Debug for Ssl { fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result { fmt.debug_struct("Ssl") - .field("state", &self.get_state_string_long()) + .field("state", &self.state_string_long()) .finish() } } @@ -722,24 +722,6 @@ impl Ssl { Ok(ssl) } - pub fn get_state_string(&self) -> &'static str { - let state = unsafe { - let ptr = ffi::SSL_state_string(self.ssl); - CStr::from_ptr(ptr) - }; - - str::from_utf8(state.to_bytes()).unwrap() - } - - pub fn get_state_string_long(&self) -> &'static str { - let state = unsafe { - let ptr = ffi::SSL_state_string_long(self.ssl); - CStr::from_ptr(ptr) - }; - - str::from_utf8(state.to_bytes()).unwrap() - } - fn get_rbio<'a>(&'a self) -> MemBioRef<'a> { unsafe { self.wrap_bio(ffi::SSL_get_rbio(self.ssl)) } } @@ -782,7 +764,25 @@ impl Ssl { } } - /// Set the host name to be used with SNI (Server Name Indication). + pub fn state_string(&self) -> &'static str { + let state = unsafe { + let ptr = ffi::SSL_state_string(self.ssl); + CStr::from_ptr(ptr) + }; + + str::from_utf8(state.to_bytes()).unwrap() + } + + pub fn state_string_long(&self) -> &'static str { + let state = unsafe { + let ptr = ffi::SSL_state_string_long(self.ssl); + CStr::from_ptr(ptr) + }; + + str::from_utf8(state.to_bytes()).unwrap() + } + + /// Sets the host name to be used with SNI (Server Name Indication). pub fn set_hostname(&self, hostname: &str) -> Result<(), SslError> { let cstr = CString::new(hostname).unwrap(); let ret = unsafe { ffi::SSL_set_tlsext_host_name(self.ssl, cstr.as_ptr()) }; @@ -795,7 +795,8 @@ impl Ssl { } } - pub fn get_peer_certificate(&self) -> Option { + /// Returns the certificate of the peer, if present. + pub fn peer_certificate(&self) -> Option { unsafe { let ptr = ffi::SSL_get_peer_certificate(self.ssl); if ptr.is_null() { @@ -813,7 +814,7 @@ impl Ssl { /// /// This method needs the `npn` feature. #[cfg(feature = "npn")] - pub fn get_selected_npn_protocol(&self) -> Option<&[u8]> { + pub fn selected_npn_protocol(&self) -> Option<&[u8]> { unsafe { let mut data: *const c_uchar = ptr::null(); let mut len: c_uint = 0; @@ -836,7 +837,7 @@ impl Ssl { /// /// This method needs the `alpn` feature. #[cfg(feature = "alpn")] - pub fn get_selected_alpn_protocol(&self) -> Option<&[u8]> { + pub fn selected_alpn_protocol(&self) -> Option<&[u8]> { unsafe { let mut data: *const c_uchar = ptr::null(); let mut len: c_uint = 0; @@ -852,13 +853,32 @@ impl Ssl { } } - /// pending() takes into account only bytes from the TLS/SSL record that is currently being processed (if any). + /// Returns the number of bytes remaining in the currently processed TLS + /// record. pub fn pending(&self) -> usize { unsafe { ffi::SSL_pending(self.ssl) as usize } } + /// Returns the compression currently in use. + /// + /// The result will be either None, indicating no compression is in use, or + /// a string with the compression name. + pub fn compression(&self) -> Option { + let ptr = unsafe { ffi::SSL_get_current_compression(self.ssl) }; + if ptr == ptr::null() { + return None; + } + + let meth = unsafe { ffi::SSL_COMP_get_name(ptr) }; + let s = unsafe { + String::from_utf8(CStr::from_ptr(meth).to_bytes().to_vec()).unwrap() + }; + + Some(s) + } + pub fn get_ssl_method(&self) -> Option { unsafe { let method = ffi::SSL_get_ssl_method(self.ssl); @@ -1277,42 +1297,11 @@ impl SslStream { }) } - /// # Deprecated - pub fn new_server(ssl: &SslContext, stream: S) -> Result, SslError> { - SslStream::accept_generic(ssl, stream) - } - - /// # Deprecated - pub fn new_server_from(ssl: Ssl, stream: S) -> Result, SslError> { - SslStream::accept_generic(ssl, stream) - } - - /// # Deprecated - pub fn new_from(ssl: Ssl, stream: S) -> Result, SslError> { - SslStream::connect_generic(ssl, stream) - } - - /// # Deprecated - pub fn new(ctx: &SslContext, stream: S) -> Result, SslError> { - SslStream::connect_generic(ctx, stream) - } - - /// # Deprecated - #[doc(hidden)] - pub fn get_inner(&mut self) -> &mut S { - self.get_mut() - } - /// Returns a reference to the underlying stream. pub fn get_ref(&self) -> &S { self.kind.stream() } - /// Return the certificate of the peer - pub fn get_peer_certificate(&self) -> Option { - self.kind.ssl().get_peer_certificate() - } - /// Returns a mutable reference to the underlying stream. /// /// ## Warning @@ -1323,56 +1312,9 @@ impl SslStream { self.kind.mut_stream() } - /// Get the compression currently in use. The result will be - /// either None, indicating no compression is in use, or a string - /// with the compression name. - pub fn get_compression(&self) -> Option { - let ptr = unsafe { ffi::SSL_get_current_compression(self.kind.ssl().ssl) }; - if ptr == ptr::null() { - return None; - } - - let meth = unsafe { ffi::SSL_COMP_get_name(ptr) }; - let s = unsafe { - String::from_utf8(CStr::from_ptr(meth).to_bytes().to_vec()).unwrap() - }; - - Some(s) - } - - /// Returns the protocol selected by performing Next Protocol Negotiation, if any. - /// - /// The protocol's name is returned is an opaque sequence of bytes. It is up to the client - /// to interpret it. - /// - /// This method needs the `npn` feature. - #[cfg(feature = "npn")] - pub fn get_selected_npn_protocol(&self) -> Option<&[u8]> { - self.kind.ssl().get_selected_npn_protocol() - } - - /// Returns the protocol selected by performing ALPN, if any. - /// - /// The protocol's name is returned is an opaque sequence of bytes. It is up to the client - /// to interpret it. - /// - /// This method needs the `alpn` feature. - #[cfg(feature = "alpn")] - pub fn get_selected_alpn_protocol(&self) -> Option<&[u8]> { - self.kind.ssl().get_selected_alpn_protocol() - } - - /// pending() takes into account only bytes from the TLS/SSL record that is currently being processed (if any). - pub fn pending(&self) -> usize { - self.kind.ssl().pending() - } - - pub fn get_state_string(&self) -> &'static str { - self.kind.ssl().get_state_string() - } - - pub fn get_state_string_long(&self) -> &'static str { - self.kind.ssl().get_state_string_long() + /// Returns the OpenSSL `Ssl` object associated with this stream. + pub fn ssl(&self) -> &Ssl { + self.kind.ssl() } } diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs index 233abd91..025a45a8 100644 --- a/openssl/src/ssl/tests/mod.rs +++ b/openssl/src/ssl/tests/mod.rs @@ -455,7 +455,7 @@ fn test_write_direct() { run_test!(get_peer_certificate, |method, stream| { let stream = SslStream::connect_generic(&SslContext::new(method).unwrap(), stream).unwrap(); - let cert = stream.get_peer_certificate().unwrap(); + let cert = stream.ssl().peer_certificate().unwrap(); let fingerprint = cert.fingerprint(SHA256).unwrap(); let node_hash_str = "db400bb62f1b1f29c3b8f323b8f7d9dea724fdcd67104ef549c772ae3749655b"; let node_id = node_hash_str.from_hex().unwrap(); @@ -504,14 +504,14 @@ fn test_pending() { let mut buf = [0u8; 16*1024]; stream.read(&mut buf[..1]).unwrap(); - let pending = stream.pending(); + let pending = stream.ssl().pending(); let len = stream.read(&mut buf[1..]).unwrap(); assert_eq!(pending, len); stream.read(&mut buf[..1]).unwrap(); - let pending = stream.pending(); + let pending = stream.ssl().pending(); let len = stream.read(&mut buf[1..]).unwrap(); assert_eq!(pending, len); } @@ -520,8 +520,8 @@ fn test_pending() { fn test_state() { let (_s, tcp) = Server::new(); let stream = SslStream::connect_generic(&SslContext::new(Sslv23).unwrap(), tcp).unwrap(); - assert_eq!(stream.get_state_string(), "SSLOK "); - assert_eq!(stream.get_state_string_long(), "SSL negotiation finished successfully"); + assert_eq!(stream.ssl().state_string(), "SSLOK "); + assert_eq!(stream.ssl().state_string_long(), "SSL negotiation finished successfully"); } /// Tests that connecting with the client using ALPN, but the server not does not @@ -537,13 +537,13 @@ fn test_connect_with_unilateral_alpn() { Ok(_) => {} Err(err) => panic!("Unexpected error {:?}", err) } - let stream = match SslStream::new(&ctx, stream) { + let stream = match SslStream::connect(&ctx, stream) { Ok(stream) => stream, Err(err) => panic!("Expected success, got {:?}", err) }; // Since the socket to which we connected is not configured to use ALPN, // there should be no selected protocol... - assert!(stream.get_selected_alpn_protocol().is_none()); + assert!(stream.ssl().selected_alpn_protocol().is_none()); } /// Tests that connecting with the client using NPN, but the server not does not @@ -565,7 +565,7 @@ fn test_connect_with_unilateral_npn() { }; // Since the socket to which we connected is not configured to use NPN, // there should be no selected protocol... - assert!(stream.get_selected_npn_protocol().is_none()); + assert!(stream.ssl().selected_npn_protocol().is_none()); } /// Tests that when both the client as well as the server use ALPN and their @@ -581,13 +581,13 @@ fn test_connect_with_alpn_successful_multiple_matching() { Ok(_) => {} Err(err) => panic!("Unexpected error {:?}", err) } - let stream = match SslStream::new(&ctx, stream) { + let stream = match SslStream::connect(&ctx, stream) { Ok(stream) => stream, Err(err) => panic!("Expected success, got {:?}", err) }; // The server prefers "http/1.1", so that is chosen, even though the client // would prefer "spdy/3.1" - assert_eq!(b"http/1.1", stream.get_selected_alpn_protocol().unwrap()); + assert_eq!(b"http/1.1", stream.ssl().selected_alpn_protocol().unwrap()); } /// Tests that when both the client as well as the server use NPN and their @@ -609,7 +609,7 @@ fn test_connect_with_npn_successful_multiple_matching() { }; // The server prefers "http/1.1", so that is chosen, even though the client // would prefer "spdy/3.1" - assert_eq!(b"http/1.1", stream.get_selected_npn_protocol().unwrap()); + assert_eq!(b"http/1.1", stream.ssl().selected_npn_protocol().unwrap()); } /// Tests that when both the client as well as the server use ALPN and their @@ -626,13 +626,13 @@ fn test_connect_with_alpn_successful_single_match() { Ok(_) => {} Err(err) => panic!("Unexpected error {:?}", err) } - let stream = match SslStream::new(&ctx, stream) { + let stream = match SslStream::connect(&ctx, stream) { Ok(stream) => stream, Err(err) => panic!("Expected success, got {:?}", err) }; // The client now only supports one of the server's protocols, so that one // is used. - assert_eq!(b"spdy/3.1", stream.get_selected_alpn_protocol().unwrap()); + assert_eq!(b"spdy/3.1", stream.ssl().selected_alpn_protocol().unwrap()); } @@ -656,7 +656,7 @@ fn test_connect_with_npn_successful_single_match() { }; // The client now only supports one of the server's protocols, so that one // is used. - assert_eq!(b"spdy/3.1", stream.get_selected_npn_protocol().unwrap()); + assert_eq!(b"spdy/3.1", stream.ssl().selected_npn_protocol().unwrap()); } /// Tests that when the `SslStream` is created as a server stream, the protocols @@ -697,7 +697,7 @@ fn test_npn_server_advertise_multiple() { Err(err) => panic!("Expected success, got {:?}", err) }; // SPDY is selected since that's the only thing the client supports. - assert_eq!(b"spdy/3.1", stream.get_selected_npn_protocol().unwrap()); + assert_eq!(b"spdy/3.1", stream.ssl().selected_npn_protocol().unwrap()); } /// Tests that when the `SslStream` is created as a server stream, the protocols @@ -733,12 +733,12 @@ fn test_alpn_server_advertise_multiple() { } // Now connect to the socket and make sure the protocol negotiation works... let stream = TcpStream::connect(localhost).unwrap(); - let stream = match SslStream::new(&ctx, stream) { + let stream = match SslStream::connect(&ctx, stream) { Ok(stream) => stream, Err(err) => panic!("Expected success, got {:?}", err) }; // SPDY is selected since that's the only thing the client supports. - assert_eq!(b"spdy/3.1", stream.get_selected_alpn_protocol().unwrap()); + assert_eq!(b"spdy/3.1", stream.ssl().selected_alpn_protocol().unwrap()); } /// Test that Servers supporting ALPN don't report a protocol when none of their protocols match @@ -774,13 +774,13 @@ fn test_alpn_server_select_none() { } // Now connect to the socket and make sure the protocol negotiation works... let stream = TcpStream::connect(localhost).unwrap(); - let stream = match SslStream::new(&ctx, stream) { + let stream = match SslStream::connect(&ctx, stream) { Ok(stream) => stream, Err(err) => panic!("Expected success, got {:?}", err) }; // Since the protocols from the server and client don't overlap at all, no protocol is selected - assert_eq!(None, stream.get_selected_alpn_protocol()); + assert_eq!(None, stream.ssl().selected_alpn_protocol()); }