min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Reduce SslStream constructor duplication

This commit is contained in:
Steven Fackler 2015-06-27 21:40:00 -07:00
parent a80a77bbb8
commit 0cff370f1d
4 changed files with 65 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
openssl-sys/src/lib.rs
View File

@ -271,6 +271,7 @@ extern "C" {
pub fn BIO_ctrl(b: *mut BIO, cmd: c_int, larg: c_long, parg: *mut c_void) -> c_long; pub fn BIO_ctrl(b: *mut BIO, cmd: c_int, larg: c_long, parg: *mut c_void) -> c_long;
pub fn BIO_free_all(b: *mut BIO); pub fn BIO_free_all(b: *mut BIO);
pub fn BIO_new(type_: *const BIO_METHOD) -> *mut BIO; pub fn BIO_new(type_: *const BIO_METHOD) -> *mut BIO;
pub fn BIO_new_socket(sock: c_int, close_flag: c_int) -> *mut BIO;
pub fn BIO_read(b: *mut BIO, buf: *mut c_void, len: c_int) -> c_int; pub fn BIO_read(b: *mut BIO, buf: *mut c_void, len: c_int) -> c_int;
pub fn BIO_write(b: *mut BIO, buf: *const c_void, len: c_int) -> c_int; pub fn BIO_write(b: *mut BIO, buf: *const c_void, len: c_int) -> c_int;
pub fn BIO_s_mem() -> *const BIO_METHOD; pub fn BIO_s_mem() -> *const BIO_METHOD;

6
openssl/src/bio/mod.rs
View File

@ -76,8 +76,7 @@ impl Read for MemBio {
if is_eof != 0 { if is_eof != 0 {
Ok(0) Ok(0)
} else { } else {
Err(io::Error::new(io::ErrorKind::Other, Err(io::Error::new(io::ErrorKind::Other, SslError::get()))
SslError::get()))
} }
} else { } else {
Ok(ret as usize) Ok(ret as usize)
@ -93,8 +92,7 @@ impl Write for MemBio {
}; };
if ret < 0 { if ret < 0 {
Err(io::Error::new(io::ErrorKind::Other, Err(io::Error::new(io::ErrorKind::Other, SslError::get()))
SslError::get()))
} else { } else {
Ok(ret as usize) Ok(ret as usize)
} }

57
openssl/src/ssl/mod.rs
View File

@ -496,7 +496,7 @@ impl SslContext {
pub fn set_cipher_list(&mut self, cipher_list: &str) -> Result<(),SslError> { pub fn set_cipher_list(&mut self, cipher_list: &str) -> Result<(),SslError> {
wrap_ssl_result( wrap_ssl_result(
unsafe { unsafe {
let cipher_list = CString::new(cipher_list.as_bytes()).unwrap(); let cipher_list = CString::new(cipher_list).unwrap();
ffi::SSL_CTX_set_cipher_list(self.ctx, cipher_list.as_ptr()) ffi::SSL_CTX_set_cipher_list(self.ctx, cipher_list.as_ptr())
}) })
} }
@ -766,36 +766,41 @@ impl<S> fmt::Debug for SslStream<S> where S: fmt::Debug {
} }
impl<S: Read+Write> SslStream<S> { impl<S: Read+Write> SslStream<S> {
fn new_base(ssl:Ssl, stream: S) -> SslStream<S> { fn new_base<T: IntoSsl>(ssl: T, stream: S) -> Result<SslStream<S>, SslError> {
SslStream { let ssl = try!(ssl.into_ssl());
Ok(SslStream {
stream: stream, stream: stream,
ssl: Arc::new(ssl), ssl: Arc::new(ssl),
// Maximum TLS record size is 16k // Maximum TLS record size is 16k
buf: iter::repeat(0).take(16 * 1024).collect(), buf: iter::repeat(0).take(16 * 1024).collect(),
} })
} }
pub fn new_client<T: IntoSsl>(ssl: T, stream: S) -> Result<SslStream<S>, SslError> {
let mut ssl = try!(SslStream::new_base(ssl, stream));
try!(ssl.in_retry_wrapper(|ssl| ssl.connect()));
Ok(ssl)
}
pub fn new_server<T: IntoSsl>(ssl: T, stream: S) -> Result<SslStream<S>, SslError> {
let mut ssl = try!(SslStream::new_base(ssl, stream));
try!(ssl.in_retry_wrapper(|ssl| ssl.accept()));
Ok(ssl)
}
/// # Deprecated
pub fn new_server_from(ssl: Ssl, stream: S) -> Result<SslStream<S>, SslError> { pub fn new_server_from(ssl: Ssl, stream: S) -> Result<SslStream<S>, SslError> {
let mut ssl = SslStream::new_base(ssl, stream); SslStream::new_server(ssl, stream)
ssl.in_retry_wrapper(|ssl| { ssl.accept() }).and(Ok(ssl))
} }
/// Attempts to create a new SSL stream from a given `Ssl` instance. /// # Deprecated
pub fn new_from(ssl: Ssl, stream: S) -> Result<SslStream<S>, SslError> { pub fn new_from(ssl: Ssl, stream: S) -> Result<SslStream<S>, SslError> {
let mut ssl = SslStream::new_base(ssl, stream); SslStream::new_client(ssl, stream)
ssl.in_retry_wrapper(|ssl| { ssl.connect() }).and(Ok(ssl))
} }
/// Creates a new SSL stream /// # Deprecated
pub fn new(ctx: &SslContext, stream: S) -> Result<SslStream<S>, SslError> { pub fn new(ctx: &SslContext, stream: S) -> Result<SslStream<S>, SslError> {
let ssl = try!(Ssl::new(ctx)); SslStream::new_client(ctx, stream)
SslStream::new_from(ssl, stream)
}
/// Creates a new SSL server stream
pub fn new_server(ctx: &SslContext, stream: S) -> Result<SslStream<S>, SslError> {
let ssl = try!(Ssl::new(ctx));
SslStream::new_server_from(ssl, stream)
} }
#[doc(hidden)] #[doc(hidden)]
@ -920,6 +925,22 @@ impl<S: Read+Write> Write for SslStream<S> {
} }
} }
pub trait IntoSsl {
fn into_ssl(self) -> Result<Ssl, SslError>;
}
impl IntoSsl for Ssl {
fn into_ssl(self) -> Result<Ssl, SslError> {
Ok(self)
}
}
impl<'a> IntoSsl for &'a SslContext {
fn into_ssl(self) -> Result<Ssl, SslError> {
Ssl::new(self)
}
}
/// A utility type to help in cases where the use of SSL is decided at runtime. /// A utility type to help in cases where the use of SSL is decided at runtime.
#[derive(Debug)] #[derive(Debug)]
pub enum MaybeSslStream<S> where S: Read+Write { pub enum MaybeSslStream<S> where S: Read+Write {

46
openssl/src/ssl/tests.rs
View File

@ -83,14 +83,14 @@ run_test!(new_ctx, |method, _| {
}); });
run_test!(new_sslstream, |method, stream| { run_test!(new_sslstream, |method, stream| {
SslStream::new(&SslContext::new(method).unwrap(), stream).unwrap(); SslStream::new_client(&SslContext::new(method).unwrap(), stream).unwrap();
}); });
run_test!(verify_untrusted, |method, stream| { run_test!(verify_untrusted, |method, stream| {
let mut ctx = SslContext::new(method).unwrap(); let mut ctx = SslContext::new(method).unwrap();
ctx.set_verify(SSL_VERIFY_PEER, None); ctx.set_verify(SSL_VERIFY_PEER, None);
match SslStream::new(&ctx, stream) { match SslStream::new_client(&ctx, stream) {
Ok(_) => panic!("expected failure"), Ok(_) => panic!("expected failure"),
Err(err) => println!("error {:?}", err) Err(err) => println!("error {:?}", err)
} }
@ -104,7 +104,7 @@ run_test!(verify_trusted, |method, stream| {
Ok(_) => {} Ok(_) => {}
Err(err) => panic!("Unexpected error {:?}", err) Err(err) => panic!("Unexpected error {:?}", err)
} }
match SslStream::new(&ctx, stream) { match SslStream::new_client(&ctx, stream) {
Ok(_) => (), Ok(_) => (),
Err(err) => panic!("Expected success, got {:?}", err) Err(err) => panic!("Expected success, got {:?}", err)
} }
@ -118,7 +118,7 @@ run_test!(verify_untrusted_callback_override_ok, |method, stream| {
let mut ctx = SslContext::new(method).unwrap(); let mut ctx = SslContext::new(method).unwrap();
ctx.set_verify(SSL_VERIFY_PEER, Some(callback as VerifyCallback)); ctx.set_verify(SSL_VERIFY_PEER, Some(callback as VerifyCallback));
match SslStream::new(&ctx, stream) { match SslStream::new_client(&ctx, stream) {
Ok(_) => (), Ok(_) => (),
Err(err) => panic!("Expected success, got {:?}", err) Err(err) => panic!("Expected success, got {:?}", err)
} }
@ -132,7 +132,7 @@ run_test!(verify_untrusted_callback_override_bad, |method, stream| {
let mut ctx = SslContext::new(method).unwrap(); let mut ctx = SslContext::new(method).unwrap();
ctx.set_verify(SSL_VERIFY_PEER, Some(callback as VerifyCallback)); ctx.set_verify(SSL_VERIFY_PEER, Some(callback as VerifyCallback));
assert!(SslStream::new(&ctx, stream).is_err()); assert!(SslStream::new_client(&ctx, stream).is_err());
}); });
run_test!(verify_trusted_callback_override_ok, |method, stream| { run_test!(verify_trusted_callback_override_ok, |method, stream| {
@ -147,7 +147,7 @@ run_test!(verify_trusted_callback_override_ok, |method, stream| {
Ok(_) => {} Ok(_) => {}
Err(err) => panic!("Unexpected error {:?}", err) Err(err) => panic!("Unexpected error {:?}", err)
} }
match SslStream::new(&ctx, stream) { match SslStream::new_client(&ctx, stream) {
Ok(_) => (), Ok(_) => (),
Err(err) => panic!("Expected success, got {:?}", err) Err(err) => panic!("Expected success, got {:?}", err)
} }
@ -165,7 +165,7 @@ run_test!(verify_trusted_callback_override_bad, |method, stream| {
Ok(_) => {} Ok(_) => {}
Err(err) => panic!("Unexpected error {:?}", err) Err(err) => panic!("Unexpected error {:?}", err)
} }
assert!(SslStream::new(&ctx, stream).is_err()); assert!(SslStream::new_client(&ctx, stream).is_err());
}); });
run_test!(verify_callback_load_certs, |method, stream| { run_test!(verify_callback_load_certs, |method, stream| {
@ -177,7 +177,7 @@ run_test!(verify_callback_load_certs, |method, stream| {
let mut ctx = SslContext::new(method).unwrap(); let mut ctx = SslContext::new(method).unwrap();
ctx.set_verify(SSL_VERIFY_PEER, Some(callback as VerifyCallback)); ctx.set_verify(SSL_VERIFY_PEER, Some(callback as VerifyCallback));
assert!(SslStream::new(&ctx, stream).is_ok()); assert!(SslStream::new_client(&ctx, stream).is_ok());
}); });
run_test!(verify_trusted_get_error_ok, |method, stream| { run_test!(verify_trusted_get_error_ok, |method, stream| {
@ -193,7 +193,7 @@ run_test!(verify_trusted_get_error_ok, |method, stream| {
Ok(_) => {} Ok(_) => {}
Err(err) => panic!("Unexpected error {:?}", err) Err(err) => panic!("Unexpected error {:?}", err)
} }
assert!(SslStream::new(&ctx, stream).is_ok()); assert!(SslStream::new_client(&ctx, stream).is_ok());
}); });
run_test!(verify_trusted_get_error_err, |method, stream| { run_test!(verify_trusted_get_error_err, |method, stream| {
@ -205,7 +205,7 @@ run_test!(verify_trusted_get_error_err, |method, stream| {
let mut ctx = SslContext::new(method).unwrap(); let mut ctx = SslContext::new(method).unwrap();
ctx.set_verify(SSL_VERIFY_PEER, Some(callback as VerifyCallback)); ctx.set_verify(SSL_VERIFY_PEER, Some(callback as VerifyCallback));
assert!(SslStream::new(&ctx, stream).is_err()); assert!(SslStream::new_client(&ctx, stream).is_err());
}); });
run_test!(verify_callback_data, |method, stream| { run_test!(verify_callback_data, |method, stream| {
@ -230,7 +230,7 @@ run_test!(verify_callback_data, |method, stream| {
ctx.set_verify_with_data(SSL_VERIFY_PEER, callback, node_id); ctx.set_verify_with_data(SSL_VERIFY_PEER, callback, node_id);
ctx.set_verify_depth(1); ctx.set_verify_depth(1);
match SslStream::new(&ctx, stream) { match SslStream::new_client(&ctx, stream) {
Ok(_) => (), Ok(_) => (),
Err(err) => panic!("Expected success, got {:?}", err) Err(err) => panic!("Expected success, got {:?}", err)
} }
@ -245,7 +245,7 @@ fn test_write_hits_stream() {
let guard = thread::spawn(move || { let guard = thread::spawn(move || {
let ctx = SslContext::new(Sslv23).unwrap(); let ctx = SslContext::new(Sslv23).unwrap();
let stream = TcpStream::connect(addr).unwrap(); let stream = TcpStream::connect(addr).unwrap();
let mut stream = SslStream::new(&ctx, stream).unwrap(); let mut stream = SslStream::new_client(&ctx, stream).unwrap();
stream.write_all(b"hello").unwrap(); stream.write_all(b"hello").unwrap();
stream stream
@ -310,7 +310,7 @@ run_test!(clear_ctx_options, |method, _| {
#[test] #[test]
fn test_write() { fn test_write() {
let stream = TcpStream::connect("127.0.0.1:15418").unwrap(); let stream = TcpStream::connect("127.0.0.1:15418").unwrap();
let mut stream = SslStream::new(&SslContext::new(Sslv23).unwrap(), stream).unwrap(); let mut stream = SslStream::new_client(&SslContext::new(Sslv23).unwrap(), stream).unwrap();
stream.write_all("hello".as_bytes()).unwrap(); stream.write_all("hello".as_bytes()).unwrap();
stream.flush().unwrap(); stream.flush().unwrap();
stream.write_all(" there".as_bytes()).unwrap(); stream.write_all(" there".as_bytes()).unwrap();
@ -319,7 +319,7 @@ fn test_write() {
run_test!(get_peer_certificate, |method, stream| { run_test!(get_peer_certificate, |method, stream| {
//let stream = TcpStream::connect("127.0.0.1:15418").unwrap(); //let stream = TcpStream::connect("127.0.0.1:15418").unwrap();
let stream = SslStream::new(&SslContext::new(method).unwrap(), stream).unwrap(); let stream = SslStream::new_client(&SslContext::new(method).unwrap(), stream).unwrap();
let cert = stream.get_peer_certificate().unwrap(); let cert = stream.get_peer_certificate().unwrap();
let fingerprint = cert.fingerprint(SHA256).unwrap(); let fingerprint = cert.fingerprint(SHA256).unwrap();
let node_hash_str = "db400bb62f1b1f29c3b8f323b8f7d9dea724fdcd67104ef549c772ae3749655b"; let node_hash_str = "db400bb62f1b1f29c3b8f323b8f7d9dea724fdcd67104ef549c772ae3749655b";
@ -333,7 +333,7 @@ fn test_write_dtlsv1() {
let sock = UdpSocket::bind("127.0.0.1:0").unwrap(); let sock = UdpSocket::bind("127.0.0.1:0").unwrap();
let stream = sock.connect("127.0.0.1:15410").unwrap(); let stream = sock.connect("127.0.0.1:15410").unwrap();
let mut stream = SslStream::new(&SslContext::new(Dtlsv1).unwrap(), stream).unwrap(); let mut stream = SslStream::new_client(&SslContext::new(Dtlsv1).unwrap(), stream).unwrap();
stream.write_all("hello".as_bytes()).unwrap(); stream.write_all("hello".as_bytes()).unwrap();
stream.flush().unwrap(); stream.flush().unwrap();
stream.write_all(" there".as_bytes()).unwrap(); stream.write_all(" there".as_bytes()).unwrap();
@ -343,7 +343,7 @@ fn test_write_dtlsv1() {
#[test] #[test]
fn test_read() { fn test_read() {
let tcp = TcpStream::connect("127.0.0.1:15418").unwrap(); let tcp = TcpStream::connect("127.0.0.1:15418").unwrap();
let mut stream = SslStream::new(&SslContext::new(Sslv23).unwrap(), tcp).unwrap(); let mut stream = SslStream::new_client(&SslContext::new(Sslv23).unwrap(), tcp).unwrap();
stream.write_all("GET /\r\n\r\n".as_bytes()).unwrap(); stream.write_all("GET /\r\n\r\n".as_bytes()).unwrap();
stream.flush().unwrap(); stream.flush().unwrap();
io::copy(&mut stream, &mut io::sink()).ok().expect("read error"); io::copy(&mut stream, &mut io::sink()).ok().expect("read error");
@ -353,7 +353,7 @@ fn test_read() {
#[test] #[test]
fn test_pending() { fn test_pending() {
let tcp = TcpStream::connect("127.0.0.1:15418").unwrap(); let tcp = TcpStream::connect("127.0.0.1:15418").unwrap();
let mut stream = SslStream::new(&SslContext::new(Sslv23).unwrap(), tcp).unwrap(); let mut stream = SslStream::new_client(&SslContext::new(Sslv23).unwrap(), tcp).unwrap();
stream.write_all("GET /\r\n\r\n".as_bytes()).unwrap(); stream.write_all("GET /\r\n\r\n".as_bytes()).unwrap();
stream.flush().unwrap(); stream.flush().unwrap();
@ -386,7 +386,7 @@ fn test_connect_with_unilateral_npn() {
Ok(_) => {} Ok(_) => {}
Err(err) => panic!("Unexpected error {:?}", err) Err(err) => panic!("Unexpected error {:?}", err)
} }
let stream = match SslStream::new(&ctx, stream) { let stream = match SslStream::new_client(&ctx, stream) {
Ok(stream) => stream, Ok(stream) => stream,
Err(err) => panic!("Expected success, got {:?}", err) Err(err) => panic!("Expected success, got {:?}", err)
}; };
@ -410,7 +410,7 @@ fn test_connect_with_npn_successful_multiple_matching() {
Ok(_) => {} Ok(_) => {}
Err(err) => panic!("Unexpected error {:?}", err) Err(err) => panic!("Unexpected error {:?}", err)
} }
let stream = match SslStream::new(&ctx, stream) { let stream = match SslStream::new_client(&ctx, stream) {
Ok(stream) => stream, Ok(stream) => stream,
Err(err) => panic!("Expected success, got {:?}", err) Err(err) => panic!("Expected success, got {:?}", err)
}; };
@ -435,7 +435,7 @@ fn test_connect_with_npn_successful_single_match() {
Ok(_) => {} Ok(_) => {}
Err(err) => panic!("Unexpected error {:?}", err) Err(err) => panic!("Unexpected error {:?}", err)
} }
let stream = match SslStream::new(&ctx, stream) { let stream = match SslStream::new_client(&ctx, stream) {
Ok(stream) => stream, Ok(stream) => stream,
Err(err) => panic!("Expected success, got {:?}", err) Err(err) => panic!("Expected success, got {:?}", err)
}; };
@ -477,7 +477,7 @@ fn test_npn_server_advertise_multiple() {
} }
// Now connect to the socket and make sure the protocol negotiation works... // Now connect to the socket and make sure the protocol negotiation works...
let stream = TcpStream::connect(localhost).unwrap(); let stream = TcpStream::connect(localhost).unwrap();
let stream = match SslStream::new(&ctx, stream) { let stream = match SslStream::new_client(&ctx, stream) {
Ok(stream) => stream, Ok(stream) => stream,
Err(err) => panic!("Expected success, got {:?}", err) Err(err) => panic!("Expected success, got {:?}", err)
}; };
@ -514,7 +514,7 @@ fn test_read_dtlsv1() {
let server = udp::next_server(); let server = udp::next_server();
let stream = sock.connect(&server[..]).unwrap(); let stream = sock.connect(&server[..]).unwrap();
let mut stream = SslStream::new(&SslContext::new(Dtlsv1).unwrap(), stream).unwrap(); let mut stream = SslStream::new_client(&SslContext::new(Dtlsv1).unwrap(), stream).unwrap();
let mut buf = [0u8;100]; let mut buf = [0u8;100];
assert!(stream.read(&mut buf).is_ok()); assert!(stream.read(&mut buf).is_ok());
} }
@ -523,5 +523,5 @@ fn test_read_dtlsv1() {
#[cfg(feature = "sslv2")] #[cfg(feature = "sslv2")]
fn test_sslv2_connect_failure() { fn test_sslv2_connect_failure() {
let tcp = TcpStream::connect("127.0.0.1:15420").unwrap(); let tcp = TcpStream::connect("127.0.0.1:15420").unwrap();
SslStream::new(&SslContext::new(Sslv2).unwrap(), tcp).err().unwrap(); SslStream::new_client(&SslContext::new(Sslv2).unwrap(), tcp).err().unwrap();
} }