min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #813 from sfackler/ssl-filetype 

Move X509Filetype to SslFiletype
This commit is contained in:
Steven Fackler 2018-01-01 11:55:05 -08:00 committed by GitHub
parent 1d325624be 9043cf9aa7
commit 0dd0df84d7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 68 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
openssl-sys/src/lib.rs
View File

@ -1284,6 +1284,9 @@ pub const SSL_OP_NO_DTLSv1_2: c_ulong = 0x08000000;
pub const SSL_OP_NO_SSL_MASK: c_ulong = pub const SSL_OP_NO_SSL_MASK: c_ulong =
SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2; SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2;
pub const SSL_FILETYPE_PEM: c_int = X509_FILETYPE_PEM;
pub const SSL_FILETYPE_ASN1: c_int = X509_FILETYPE_ASN1;
pub const TLSEXT_NAMETYPE_host_name: c_int = 0; pub const TLSEXT_NAMETYPE_host_name: c_int = 0;
pub const TLSEXT_STATUSTYPE_ocsp: c_int = 1; pub const TLSEXT_STATUSTYPE_ocsp: c_int = 1;

65
openssl/src/ssl/mod.rs
View File

@ -26,17 +26,14 @@
//! To accept connections as a server from remote clients: //! To accept connections as a server from remote clients:
//! //!
//! ```no_run //! ```no_run
//! use openssl::ssl::{SslMethod, SslAcceptor, SslStream}; //! use openssl::ssl::{SslMethod, SslAcceptor, SslStream, SslFiletype};
//! use openssl::x509::X509Filetype;
//! use std::fs::File;
//! use std::io::{Read, Write};
//! use std::net::{TcpListener, TcpStream}; //! use std::net::{TcpListener, TcpStream};
//! use std::sync::Arc; //! use std::sync::Arc;
//! use std::thread; //! use std::thread;
//! //!
//! //!
//! let mut acceptor = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap(); //! let mut acceptor = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
//! acceptor.set_private_key_file("key.pem", X509Filetype::PEM).unwrap(); //! acceptor.set_private_key_file("key.pem", SslFiletype::PEM).unwrap();
//! acceptor.set_certificate_chain_file("certs.pem").unwrap(); //! acceptor.set_certificate_chain_file("certs.pem").unwrap();
//! acceptor.check_private_key().unwrap(); //! acceptor.check_private_key().unwrap();
//! let acceptor = Arc::new(acceptor.build()); //! let acceptor = Arc::new(acceptor.build());
@ -86,7 +83,7 @@ use dh::{Dh, DhRef};
use ec::EcKeyRef; use ec::EcKeyRef;
#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))] #[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))]
use ec::EcKey; use ec::EcKey;
use x509::{X509, X509Filetype, X509Name, X509Ref, X509StoreContextRef, X509VerifyResult}; use x509::{X509, X509Name, X509Ref, X509StoreContextRef, X509VerifyResult};
use x509::store::{X509StoreBuilderRef, X509StoreRef}; use x509::store::{X509StoreBuilderRef, X509StoreRef};
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
use x509::store::X509Store; use x509::store::X509Store;
@ -314,6 +311,32 @@ bitflags! {
} }
} }
/// An identifier of the format of a certificate or key file.
#[derive(Copy, Clone)]
pub struct SslFiletype(c_int);
impl SslFiletype {
/// Constructs an `SslFiletype` from a raw OpenSSL value.
pub fn from_raw(raw: c_int) -> SslFiletype {
SslFiletype(raw)
}
/// Returns the raw OpenSSL value represented by this type.
pub fn as_raw(&self) -> c_int {
self.0
}
/// The PEM format.
///
/// This corresponds to `SSL_FILETYPE_PEM`.
pub const PEM: SslFiletype = SslFiletype(ffi::SSL_FILETYPE_PEM);
/// The ASN1 format.
///
/// This corresponds to `SSL_FILETYPE_ASN1`.
pub const ASN1: SslFiletype = SslFiletype(ffi::SSL_FILETYPE_ASN1);
}
/// An identifier of a certificate status type. /// An identifier of a certificate status type.
#[derive(Copy, Clone)] #[derive(Copy, Clone)]
pub struct StatusType(c_int); pub struct StatusType(c_int);
@ -778,7 +801,7 @@ impl SslContextBuilder {
pub fn set_certificate_file<P: AsRef<Path>>( pub fn set_certificate_file<P: AsRef<Path>>(
&mut self, &mut self,
file: P, file: P,
file_type: X509Filetype, file_type: SslFiletype,
) -> Result<(), ErrorStack> { ) -> Result<(), ErrorStack> {
let file = CString::new(file.as_ref().as_os_str().to_str().unwrap()).unwrap(); let file = CString::new(file.as_ref().as_os_str().to_str().unwrap()).unwrap();
unsafe { unsafe {
@ -847,7 +870,7 @@ impl SslContextBuilder {
pub fn set_private_key_file<P: AsRef<Path>>( pub fn set_private_key_file<P: AsRef<Path>>(
&mut self, &mut self,
file: P, file: P,
file_type: X509Filetype, file_type: SslFiletype,
) -> Result<(), ErrorStack> { ) -> Result<(), ErrorStack> {
let file = CString::new(file.as_ref().as_os_str().to_str().unwrap()).unwrap(); let file = CString::new(file.as_ref().as_os_str().to_str().unwrap()).unwrap();
unsafe { unsafe {
@ -2041,9 +2064,10 @@ impl Ssl {
ErrorCode::WANT_READ | ErrorCode::WANT_WRITE => Err(HandshakeError::WouldBlock( ErrorCode::WANT_READ | ErrorCode::WANT_WRITE => Err(HandshakeError::WouldBlock(
MidHandshakeSslStream { stream, error }, MidHandshakeSslStream { stream, error },
)), )),
_ => Err(HandshakeError::Failure( _ => Err(HandshakeError::Failure(MidHandshakeSslStream {
MidHandshakeSslStream { stream, error }, stream,
)), error,
})),
} }
} }
} }
@ -2072,9 +2096,10 @@ impl Ssl {
ErrorCode::WANT_READ | ErrorCode::WANT_WRITE => Err(HandshakeError::WouldBlock( ErrorCode::WANT_READ | ErrorCode::WANT_WRITE => Err(HandshakeError::WouldBlock(
MidHandshakeSslStream { stream, error }, MidHandshakeSslStream { stream, error },
)), )),
_ => Err(HandshakeError::Failure( _ => Err(HandshakeError::Failure(MidHandshakeSslStream {
MidHandshakeSslStream { stream, error }, stream,
)), error,
})),
} }
} }
} }
@ -2319,10 +2344,8 @@ impl<S: Read + Write> Read for SslStream<S> {
} }
Err(ref e) if e.code() == ErrorCode::WANT_READ && e.io_error().is_none() => {} Err(ref e) if e.code() == ErrorCode::WANT_READ && e.io_error().is_none() => {}
Err(e) => { Err(e) => {
return Err( return Err(e.into_io_error()
e.into_io_error() .unwrap_or_else(|e| io::Error::new(io::ErrorKind::Other, e)))
.unwrap_or_else(|e| io::Error::new(io::ErrorKind::Other, e)),
)
} }
} }
} }
@ -2336,10 +2359,8 @@ impl<S: Read + Write> Write for SslStream<S> {
Ok(n) => return Ok(n), Ok(n) => return Ok(n),
Err(ref e) if e.code() == ErrorCode::WANT_READ && e.io_error().is_none() => {} Err(ref e) if e.code() == ErrorCode::WANT_READ && e.io_error().is_none() => {}
Err(e) => { Err(e) => {
return Err( return Err(e.into_io_error()
e.into_io_error() .unwrap_or_else(|e| io::Error::new(io::ErrorKind::Other, e)))
.unwrap_or_else(|e| io::Error::new(io::ErrorKind::Other, e)),
)
} }
} }
} }

44
openssl/src/ssl/test.rs
View File

@ -19,8 +19,8 @@ use hash::MessageDigest;
use ocsp::{OcspResponse, OcspResponseStatus}; use ocsp::{OcspResponse, OcspResponseStatus};
use ssl; use ssl;
use ssl::{Error, HandshakeError, ShutdownResult, Ssl, SslAcceptor, SslConnector, SslContext, use ssl::{Error, HandshakeError, ShutdownResult, Ssl, SslAcceptor, SslConnector, SslContext,
SslMethod, SslStream, SslVerifyMode, StatusType}; SslFiletype, SslMethod, SslStream, SslVerifyMode, StatusType};
use x509::{X509, X509Filetype, X509Name, X509StoreContext, X509VerifyResult}; use x509::{X509, X509Name, X509StoreContext, X509VerifyResult};
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
use x509::verify::X509CheckFlags; use x509::verify::X509CheckFlags;
use pkey::PKey; use pkey::PKey;
@ -347,9 +347,9 @@ fn test_write_hits_stream() {
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
ctx.set_verify(SslVerifyMode::PEER); ctx.set_verify(SslVerifyMode::PEER);
ctx.set_certificate_file(&Path::new("test/cert.pem"), X509Filetype::PEM) ctx.set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM)
.unwrap(); .unwrap();
ctx.set_private_key_file(&Path::new("test/key.pem"), X509Filetype::PEM) ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM)
.unwrap(); .unwrap();
let stream = listener.accept().unwrap().0; let stream = listener.accept().unwrap().0;
let mut stream = Ssl::new(&ctx.build()).unwrap().accept(stream).unwrap(); let mut stream = Ssl::new(&ctx.build()).unwrap().accept(stream).unwrap();
@ -552,10 +552,10 @@ fn test_alpn_server_advertise_multiple() {
ssl::select_next_proto(b"\x08http/1.1\x08spdy/3.1", client).ok_or(ssl::AlpnError::NOACK) ssl::select_next_proto(b"\x08http/1.1\x08spdy/3.1", client).ok_or(ssl::AlpnError::NOACK)
}); });
assert!( assert!(
ctx.set_certificate_file(&Path::new("test/cert.pem"), X509Filetype::PEM) ctx.set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM)
.is_ok() .is_ok()
); );
ctx.set_private_key_file(&Path::new("test/key.pem"), X509Filetype::PEM) ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM)
.unwrap(); .unwrap();
ctx.build() ctx.build()
}; };
@ -595,10 +595,10 @@ fn test_alpn_server_select_none_fatal() {
.ok_or(ssl::AlpnError::ALERT_FATAL) .ok_or(ssl::AlpnError::ALERT_FATAL)
}); });
assert!( assert!(
ctx.set_certificate_file(&Path::new("test/cert.pem"), X509Filetype::PEM) ctx.set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM)
.is_ok() .is_ok()
); );
ctx.set_private_key_file(&Path::new("test/key.pem"), X509Filetype::PEM) ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM)
.unwrap(); .unwrap();
ctx.build() ctx.build()
}; };
@ -628,10 +628,10 @@ fn test_alpn_server_select_none() {
ssl::select_next_proto(b"\x08http/1.1\x08spdy/3.1", client).ok_or(ssl::AlpnError::NOACK) ssl::select_next_proto(b"\x08http/1.1\x08spdy/3.1", client).ok_or(ssl::AlpnError::NOACK)
}); });
assert!( assert!(
ctx.set_certificate_file(&Path::new("test/cert.pem"), X509Filetype::PEM) ctx.set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM)
.is_ok() .is_ok()
); );
ctx.set_private_key_file(&Path::new("test/key.pem"), X509Filetype::PEM) ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM)
.unwrap(); .unwrap();
ctx.build() ctx.build()
}; };
@ -962,9 +962,9 @@ fn shutdown() {
thread::spawn(move || { thread::spawn(move || {
let stream = listener.accept().unwrap().0; let stream = listener.accept().unwrap().0;
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
ctx.set_certificate_file(&Path::new("test/cert.pem"), X509Filetype::PEM) ctx.set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM)
.unwrap(); .unwrap();
ctx.set_private_key_file(&Path::new("test/key.pem"), X509Filetype::PEM) ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM)
.unwrap(); .unwrap();
let ssl = Ssl::new(&ctx.build()).unwrap(); let ssl = Ssl::new(&ctx.build()).unwrap();
let mut stream = ssl.accept(stream).unwrap(); let mut stream = ssl.accept(stream).unwrap();
@ -1020,9 +1020,9 @@ fn tmp_dh_callback() {
thread::spawn(move || { thread::spawn(move || {
let stream = listener.accept().unwrap().0; let stream = listener.accept().unwrap().0;
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
ctx.set_certificate_file(&Path::new("test/cert.pem"), X509Filetype::PEM) ctx.set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM)
.unwrap(); .unwrap();
ctx.set_private_key_file(&Path::new("test/key.pem"), X509Filetype::PEM) ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM)
.unwrap(); .unwrap();
ctx.set_tmp_dh_callback(|_, _, _| { ctx.set_tmp_dh_callback(|_, _, _| {
CALLED_BACK.store(true, Ordering::SeqCst); CALLED_BACK.store(true, Ordering::SeqCst);
@ -1057,9 +1057,9 @@ fn tmp_ecdh_callback() {
thread::spawn(move || { thread::spawn(move || {
let stream = listener.accept().unwrap().0; let stream = listener.accept().unwrap().0;
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
ctx.set_certificate_file(&Path::new("test/cert.pem"), X509Filetype::PEM) ctx.set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM)
.unwrap(); .unwrap();
ctx.set_private_key_file(&Path::new("test/key.pem"), X509Filetype::PEM) ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM)
.unwrap(); .unwrap();
ctx.set_tmp_ecdh_callback(|_, _, _| { ctx.set_tmp_ecdh_callback(|_, _, _| {
CALLED_BACK.store(true, Ordering::SeqCst); CALLED_BACK.store(true, Ordering::SeqCst);
@ -1088,9 +1088,9 @@ fn tmp_dh_callback_ssl() {
thread::spawn(move || { thread::spawn(move || {
let stream = listener.accept().unwrap().0; let stream = listener.accept().unwrap().0;
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
ctx.set_certificate_file(&Path::new("test/cert.pem"), X509Filetype::PEM) ctx.set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM)
.unwrap(); .unwrap();
ctx.set_private_key_file(&Path::new("test/key.pem"), X509Filetype::PEM) ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM)
.unwrap(); .unwrap();
let mut ssl = Ssl::new(&ctx.build()).unwrap(); let mut ssl = Ssl::new(&ctx.build()).unwrap();
ssl.set_tmp_dh_callback(|_, _, _| { ssl.set_tmp_dh_callback(|_, _, _| {
@ -1125,9 +1125,9 @@ fn tmp_ecdh_callback_ssl() {
thread::spawn(move || { thread::spawn(move || {
let stream = listener.accept().unwrap().0; let stream = listener.accept().unwrap().0;
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
ctx.set_certificate_file(&Path::new("test/cert.pem"), X509Filetype::PEM) ctx.set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM)
.unwrap(); .unwrap();
ctx.set_private_key_file(&Path::new("test/key.pem"), X509Filetype::PEM) ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM)
.unwrap(); .unwrap();
let mut ssl = Ssl::new(&ctx.build()).unwrap(); let mut ssl = Ssl::new(&ctx.build()).unwrap();
ssl.set_tmp_ecdh_callback(|_, _, _| { ssl.set_tmp_ecdh_callback(|_, _, _| {
@ -1180,9 +1180,9 @@ fn status_callbacks() {
let guard = thread::spawn(move || { let guard = thread::spawn(move || {
let stream = listener.accept().unwrap().0; let stream = listener.accept().unwrap().0;
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
ctx.set_certificate_file(&Path::new("test/cert.pem"), X509Filetype::PEM) ctx.set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM)
.unwrap(); .unwrap();
ctx.set_private_key_file(&Path::new("test/key.pem"), X509Filetype::PEM) ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM)
.unwrap(); .unwrap();
ctx.set_status_callback(|ssl| { ctx.set_status_callback(|ssl| {
CALLED_BACK_SERVER.store(true, Ordering::SeqCst); CALLED_BACK_SERVER.store(true, Ordering::SeqCst);

12
openssl/src/x509/mod.rs
View File

@ -40,18 +40,6 @@ pub mod store;
#[cfg(test)] #[cfg(test)]
mod tests; mod tests;
pub struct X509Filetype(c_int);
impl X509Filetype {
pub fn as_raw(&self) -> c_int {
self.0
}
pub const PEM: X509Filetype = X509Filetype(ffi::X509_FILETYPE_PEM);
pub const ASN1: X509Filetype = X509Filetype(ffi::X509_FILETYPE_ASN1);
pub const DEFAULT: X509Filetype = X509Filetype(ffi::X509_FILETYPE_DEFAULT);
}
foreign_type_and_impl_send_sync! { foreign_type_and_impl_send_sync! {
type CType = ffi::X509_STORE_CTX; type CType = ffi::X509_STORE_CTX;
fn drop = ffi::X509_STORE_CTX_free; fn drop = ffi::X509_STORE_CTX_free;