Merge branch 'release-sys-v0.7.16-v0.8.1' into release

2016-08-15 18:46:15 -07:00 · 2016-08-15 18:46:15 -07:00 · 0f428d1904
parent 652326003c 629f638f08
commit 0f428d1904
20 changed files with 273 additions and 85 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,4 @@
 target/
 Cargo.lock
 .idea/
 *.iml
--- a/README.md
+++ b/README.md
@ -2,7 +2,7 @@
 [![Build Status](https://travis-ci.org/sfackler/rust-openssl.svg?branch=master)](https://travis-ci.org/sfackler/rust-openssl)
-[Documentation](https://sfackler.github.io/rust-openssl/doc/v0.8.0/openssl).
+[Documentation](https://sfackler.github.io/rust-openssl/doc/v0.8.1/openssl).
 ## Building
--- a/openssl-sys/Cargo.toml
+++ b/openssl-sys/Cargo.toml
@ -1,12 +1,12 @@
 [package]
 name = "openssl-sys"
-version = "0.7.15"
+version = "0.7.16"
 authors = ["Alex Crichton <alex@alexcrichton.com>",
           "Steven Fackler <sfackler@gmail.com>"]
 license = "MIT"
 description = "FFI bindings to OpenSSL"
 repository = "https://github.com/sfackler/rust-openssl"
-documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.15/openssl_sys"
+documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.16/openssl_sys"
 links = "openssl"
 build = "build.rs"
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@ -1,6 +1,6 @@
 #![allow(non_camel_case_types, non_upper_case_globals, non_snake_case)]
 #![allow(dead_code)]
-#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.15")]
+#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.16")]
 extern crate libc;
@ -37,6 +37,13 @@ pub type X509_NAME_ENTRY = c_void;
 pub type X509_REQ = c_void;
 pub type X509_STORE_CTX = c_void;
 pub type bio_st = c_void;
 #[repr(C)]
 pub struct PKCS12(c_void);
 #[repr(C)]
 pub struct stack_st_X509 {
    pub stack: _STACK,
 }
 #[repr(C)]
 pub struct stack_st_X509_EXTENSION {
@ -509,6 +516,7 @@ pub fn init() {
        unsafe {
            SSL_library_init();
            SSL_load_error_strings();
            OPENSSL_add_all_algorithms_noconf();
            let num_locks = CRYPTO_num_locks();
            let mut mutexes = Box::new(Vec::new());
@ -888,8 +896,8 @@ extern "C" {
                      siglen: c_int, dsa: *mut DSA) -> c_int;
    pub fn SSL_library_init() -> c_int;
    pub fn SSL_load_error_strings();
    pub fn OPENSSL_add_all_algorithms_noconf();
    #[cfg(feature = "sslv2")]
    pub fn SSLv2_method() -> *const SSL_METHOD;
@ -1070,6 +1078,21 @@ extern "C" {
    pub fn i2d_RSAPrivateKey(k: *mut RSA, buf: *const *mut u8) -> c_int;
    pub fn d2i_RSAPrivateKey(k: *const *mut RSA, buf: *const *const u8, len: c_uint) -> *mut RSA;
    pub fn d2i_PKCS12(a: *mut *mut PKCS12, pp: *mut *const u8, length: c_long) -> *mut PKCS12;
    pub fn PKCS12_parse(p12: *mut PKCS12,
                        pass: *const c_char,
                        pkey: *mut *mut EVP_PKEY,
                        cert: *mut *mut X509,
                        ca: *mut *mut stack_st_X509)
                        -> c_int;
    pub fn PKCS12_free(p12: *mut PKCS12);
    pub fn sk_free(st: *mut _STACK);
    pub fn sk_pop_free(st: *mut _STACK, free: Option<unsafe extern "C" fn (*mut c_void)>);
    pub fn sk_pop(st: *mut _STACK) -> *mut c_char;
    pub fn GENERAL_NAME_free(name: *mut GENERAL_NAME);
    pub fn SSLeay() -> c_long;
    pub fn SSLeay_version(key: c_int) -> *const c_char;
 }
--- a/openssl/Cargo.toml
+++ b/openssl/Cargo.toml
@ -1,11 +1,11 @@
 [package]
 name = "openssl"
-version = "0.8.0"
+version = "0.8.1"
 authors = ["Steven Fackler <sfackler@gmail.com>"]
 license = "Apache-2.0"
 description = "OpenSSL bindings"
 repository = "https://github.com/sfackler/rust-openssl"
-documentation = "https://sfackler.github.io/rust-openssl/doc/v0.8.0/openssl"
+documentation = "https://sfackler.github.io/rust-openssl/doc/v0.8.1/openssl"
 readme = "../README.md"
 keywords = ["crypto", "tls", "ssl", "dtls"]
 build = "build.rs"
@ -38,7 +38,7 @@ dh_from_params = ["c_helpers"]
 bitflags = "0.7"
 lazy_static = "0.2"
 libc = "0.2"
-openssl-sys = { version = "0.7.15", path = "../openssl-sys" }
+openssl-sys = { version = "0.7.16", path = "../openssl-sys" }
 [build-dependencies]
 gcc = { version = "0.3", optional = true }
--- a/openssl/src/c_helpers.c
+++ b/openssl/src/c_helpers.c
@ -3,19 +3,19 @@
 #include <openssl/dh.h>
 #include <openssl/bn.h>
-void rust_SSL_CTX_clone(SSL_CTX *ctx) {
+void rust_0_8_SSL_CTX_clone(SSL_CTX *ctx) {
    CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
 }
-void rust_X509_clone(X509 *x509) {
+void rust_0_8_X509_clone(X509 *x509) {
    CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
 }
-STACK_OF(X509_EXTENSION) *rust_X509_get_extensions(X509 *x) {
+STACK_OF(X509_EXTENSION) *rust_0_8_X509_get_extensions(X509 *x) {
    return x->cert_info ? x->cert_info->extensions : NULL;
 }
-DH *rust_DH_new_from_params(BIGNUM *p, BIGNUM *g, BIGNUM *q) {
+DH *rust_0_8_DH_new_from_params(BIGNUM *p, BIGNUM *g, BIGNUM *q) {
    DH *dh;
    if ((dh = DH_new()) == NULL) {
@ -28,32 +28,32 @@ DH *rust_DH_new_from_params(BIGNUM *p, BIGNUM *g, BIGNUM *q) {
 }
 #if OPENSSL_VERSION_NUMBER < 0x10000000L
-int rust_HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md, ENGINE *impl) {
+int rust_0_8_HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md, ENGINE *impl) {
    HMAC_Init_ex(ctx, key, key_len, md, impl);
    return 1;
 }
-int rust_HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len) {
+int rust_0_8_HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len) {
    HMAC_Update(ctx, data, len);
    return 1;
 }
-int rust_HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) {
+int rust_0_8_HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) {
    HMAC_Final(ctx, md, len);
    return 1;
 }
 #else
-int rust_HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md, ENGINE *impl) {
+int rust_0_8_HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md, ENGINE *impl) {
    return HMAC_Init_ex(ctx, key, key_len, md, impl);
 }
-int rust_HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len) {
+int rust_0_8_HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len) {
    return HMAC_Update(ctx, data, len);
 }
-int rust_HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) {
+int rust_0_8_HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) {
    return HMAC_Final(ctx, md, len);
 }
 #endif
--- a/openssl/src/c_helpers.rs
+++ b/openssl/src/c_helpers.rs
@ -3,12 +3,12 @@ use libc::{c_int, c_void, c_uint, c_uchar};
 #[allow(dead_code)]
 extern "C" {
-    pub fn rust_SSL_CTX_clone(cxt: *mut ffi::SSL_CTX);
+    pub fn rust_0_8_SSL_CTX_clone(cxt: *mut ffi::SSL_CTX);
-    pub fn rust_X509_clone(x509: *mut ffi::X509);
+    pub fn rust_0_8_X509_clone(x509: *mut ffi::X509);
-    pub fn rust_X509_get_extensions(x: *mut ffi::X509) -> *mut ffi::stack_st_X509_EXTENSION;
+    pub fn rust_0_8_X509_get_extensions(x: *mut ffi::X509) -> *mut ffi::stack_st_X509_EXTENSION;
-    pub fn rust_HMAC_Init_ex(ctx: *mut ffi::HMAC_CTX, key: *const c_void, keylen: c_int, md: *const ffi::EVP_MD, impl_: *mut ffi::ENGINE) -> c_int;
+    pub fn rust_0_8_HMAC_Init_ex(ctx: *mut ffi::HMAC_CTX, key: *const c_void, keylen: c_int, md: *const ffi::EVP_MD, impl_: *mut ffi::ENGINE) -> c_int;
-    pub fn rust_HMAC_Final(ctx: *mut ffi::HMAC_CTX, output: *mut c_uchar, len: *mut c_uint) -> c_int;
+    pub fn rust_0_8_HMAC_Final(ctx: *mut ffi::HMAC_CTX, output: *mut c_uchar, len: *mut c_uint) -> c_int;
-    pub fn rust_HMAC_Update(ctx: *mut ffi::HMAC_CTX, input: *const c_uchar, len: c_uint) -> c_int;
+    pub fn rust_0_8_HMAC_Update(ctx: *mut ffi::HMAC_CTX, input: *const c_uchar, len: c_uint) -> c_int;
-    pub fn rust_DH_new_from_params(p: *mut ffi::BIGNUM, g: *mut ffi::BIGNUM, q: *mut ffi::BIGNUM) -> *mut ffi::DH;
+    pub fn rust_0_8_DH_new_from_params(p: *mut ffi::BIGNUM, g: *mut ffi::BIGNUM, q: *mut ffi::BIGNUM) -> *mut ffi::DH;
 }
--- a/openssl/src/crypto/hmac.rs
+++ b/openssl/src/crypto/hmac.rs
@ -92,11 +92,11 @@ impl HMAC {
    fn init_once(&mut self, md: *const ffi::EVP_MD, key: &[u8]) -> Result<(), ErrorStack> {
        unsafe {
-            try_ssl!(c_helpers::rust_HMAC_Init_ex(&mut self.ctx,
+            try_ssl!(c_helpers::rust_0_8_HMAC_Init_ex(&mut self.ctx,
-                                                  key.as_ptr() as *const _,
+                                                      key.as_ptr() as *const _,
-                                                  key.len() as c_int,
+                                                      key.len() as c_int,
-                                                  md,
+                                                      md,
-                                                  0 as *mut _));
+                                                      0 as *mut _));
        }
        self.state = Reset;
        Ok(())
@ -113,11 +113,11 @@ impl HMAC {
        // If the key and/or md is not supplied it's reused from the last time
        // avoiding redundant initializations
        unsafe {
-            try_ssl!(c_helpers::rust_HMAC_Init_ex(&mut self.ctx,
+            try_ssl!(c_helpers::rust_0_8_HMAC_Init_ex(&mut self.ctx,
-                                                  0 as *const _,
+                                                      0 as *const _,
-                                                  0,
+                                                      0,
-                                                  0 as *const _,
+                                                      0 as *const _,
-                                                  0 as *mut _));
+                                                      0 as *mut _));
        }
        self.state = Reset;
        Ok(())
@ -130,7 +130,7 @@ impl HMAC {
        while !data.is_empty() {
            let len = cmp::min(data.len(), c_uint::max_value() as usize);
            unsafe {
-                try_ssl!(c_helpers::rust_HMAC_Update(&mut self.ctx, data.as_ptr(), len as c_uint));
+                try_ssl!(c_helpers::rust_0_8_HMAC_Update(&mut self.ctx, data.as_ptr(), len as c_uint));
            }
            data = &data[len..];
        }
@ -147,7 +147,7 @@ impl HMAC {
        unsafe {
            let mut len = ffi::EVP_MAX_MD_SIZE;
            let mut res = vec![0; len as usize];
-            try_ssl!(c_helpers::rust_HMAC_Final(&mut self.ctx, res.as_mut_ptr(), &mut len));
+            try_ssl!(c_helpers::rust_0_8_HMAC_Final(&mut self.ctx, res.as_mut_ptr(), &mut len));
            res.truncate(len as usize);
            self.state = Finalized;
            Ok(res)
--- a/openssl/src/crypto/mod.rs
+++ b/openssl/src/crypto/mod.rs
@ -18,6 +18,7 @@ pub mod hash;
 #[cfg(feature = "hmac")]
 pub mod hmac;
 pub mod pkcs5;
 pub mod pkcs12;
 pub mod pkey;
 pub mod rand;
 pub mod symm;
--- a/openssl/src/crypto/pkcs12.rs
+++ b/openssl/src/crypto/pkcs12.rs
@ -0,0 +1,92 @@
 //! PKCS #12 archives.
 use ffi;
 use libc::{c_long, c_uchar};
 use std::cmp;
 use std::ptr;
 use std::ffi::CString;
 use crypto::pkey::PKey;
 use error::ErrorStack;
 use x509::X509;
 /// A PKCS #12 archive.
 pub struct Pkcs12(*mut ffi::PKCS12);
 impl Drop for Pkcs12 {
    fn drop(&mut self) {
        unsafe { ffi::PKCS12_free(self.0); }
    }
 }
 impl Pkcs12 {
    /// Deserializes a `Pkcs12` structure from DER-encoded data.
    pub fn from_der(der: &[u8]) -> Result<Pkcs12, ErrorStack> {
        unsafe {
            ffi::init();
            let mut ptr = der.as_ptr() as *const c_uchar;
            let length = cmp::min(der.len(), c_long::max_value() as usize) as c_long;
            let p12 = try_ssl_null!(ffi::d2i_PKCS12(ptr::null_mut(), &mut ptr, length));
            Ok(Pkcs12(p12))
        }
    }
    /// Extracts the contents of the `Pkcs12`.
    pub fn parse(&self, pass: &str) -> Result<ParsedPkcs12, ErrorStack> {
        unsafe {
            let pass = CString::new(pass).unwrap();
            let mut pkey = ptr::null_mut();
            let mut cert = ptr::null_mut();
            let mut chain = ptr::null_mut();
            try_ssl!(ffi::PKCS12_parse(self.0, pass.as_ptr(), &mut pkey, &mut cert, &mut chain));
            let pkey = PKey::from_ptr(pkey);
            let cert = X509::from_ptr(cert);
            let mut chain_out = vec![];
            for i in 0..(*chain).stack.num {
                let x509 = *(*chain).stack.data.offset(i as isize) as *mut _;
                chain_out.push(X509::from_ptr(x509));
            }
            ffi::sk_free(&mut (*chain).stack);
            Ok(ParsedPkcs12 {
                pkey: pkey,
                cert: cert,
                chain: chain_out,
                _p: (),
            })
        }
    }
 }
 pub struct ParsedPkcs12 {
    pub pkey: PKey,
    pub cert: X509,
    pub chain: Vec<X509>,
    _p: (),
 }
 #[cfg(test)]
 mod test {
    use crypto::hash::Type::SHA1;
    use serialize::hex::ToHex;
    use super::*;
    #[test]
    fn parse() {
        let der = include_bytes!("../../test/identity.p12");
        let pkcs12 = Pkcs12::from_der(der).unwrap();
        let parsed = pkcs12.parse("mypass").unwrap();
        assert_eq!(parsed.cert.fingerprint(SHA1).unwrap().to_hex(),
                   "59172d9313e84459bcff27f967e79e6e9217e584");
        assert_eq!(parsed.chain.len(), 1);
        assert_eq!(parsed.chain[0].fingerprint(SHA1).unwrap().to_hex(),
                   "c0cbdf7cdd03c9773e5468e1f6d2da7d5cbb1875");
    }
 }
--- a/openssl/src/dh/mod.rs
+++ b/openssl/src/dh/mod.rs
@ -15,7 +15,7 @@ impl DH {
    #[cfg(feature = "dh_from_params")]
    pub fn from_params(p: BigNum, g: BigNum, q: BigNum) -> Result<DH, ErrorStack> {
        let dh = unsafe {
-            try_ssl_null!(::c_helpers::rust_DH_new_from_params(p.as_ptr(), g.as_ptr(), q.as_ptr()))
+            try_ssl_null!(::c_helpers::rust_0_8_DH_new_from_params(p.as_ptr(), g.as_ptr(), q.as_ptr()))
        };
        mem::forget(p);
        mem::forget(g);
--- a/openssl/src/lib.rs
+++ b/openssl/src/lib.rs
@ -1,4 +1,4 @@
-#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.8.0")]
+#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.8.1")]
 #[macro_use]
 extern crate bitflags;
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@ -662,7 +662,7 @@ impl Clone for SslContext {
    /// Requires the `ssl_context_clone` feature.
    fn clone(&self) -> Self {
        unsafe {
-            ::c_helpers::rust_SSL_CTX_clone(self.as_ptr());
+            ::c_helpers::rust_0_8_SSL_CTX_clone(self.as_ptr());
            SslContext::from_ptr(self.as_ptr())
        }
    }
@ -933,7 +933,7 @@ impl<'a> SslRef<'a> {
            if ptr.is_null() {
                None
            } else {
-                Some(X509::new(ptr))
+                Some(X509::from_ptr(ptr))
            }
        }
    }
--- a/openssl/src/ssl/tests/mod.rs
+++ b/openssl/src/ssl/tests/mod.rs
@ -245,7 +245,7 @@ run_test!(verify_trusted, |method, stream| {
    let mut ctx = SslContext::new(method).unwrap();
    ctx.set_verify(SSL_VERIFY_PEER);
-    match ctx.set_CA_file(&Path::new("test/cert.pem")) {
+    match ctx.set_CA_file(&Path::new("test/root-ca.pem")) {
        Ok(_) => {}
        Err(err) => panic!("Unexpected error {:?}", err),
    }
@ -314,7 +314,7 @@ run_test!(verify_trusted_get_error_ok, |method, stream| {
        true
    });
-    match ctx.set_CA_file(&Path::new("test/cert.pem")) {
+    match ctx.set_CA_file(&Path::new("test/root-ca.pem")) {
        Ok(_) => {}
        Err(err) => panic!("Unexpected error {:?}", err),
    }
@ -338,7 +338,7 @@ run_test!(verify_callback_data, |method, stream| {
    // in DER format.
    // Command: openssl x509 -in test/cert.pem  -outform DER | openssl dgst -sha256
    // Please update if "test/cert.pem" will ever change
-    let node_hash_str = "E19427DAC79FBE758394945276A6E4F15F0BEBE6";
+    let node_hash_str = "59172d9313e84459bcff27f967e79e6e9217e584";
    let node_id = node_hash_str.from_hex().unwrap();
    ctx.set_verify_callback(SSL_VERIFY_PEER, move |_preverify_ok, x509_ctx| {
        let cert = x509_ctx.current_cert();
@ -367,7 +367,7 @@ run_test!(ssl_verify_callback, |method, stream| {
    let ctx = SslContext::new(method).unwrap();
    let mut ssl = ctx.into_ssl().unwrap();
-    let node_hash_str = "E19427DAC79FBE758394945276A6E4F15F0BEBE6";
+    let node_hash_str = "59172d9313e84459bcff27f967e79e6e9217e584";
    let node_id = node_hash_str.from_hex().unwrap();
    ssl.set_verify_callback(SSL_VERIFY_PEER, move |_, x509| {
        CHECKED.store(1, Ordering::SeqCst);
@ -472,7 +472,7 @@ run_test!(get_peer_certificate, |method, stream| {
    let stream = SslStream::connect(&SslContext::new(method).unwrap(), stream).unwrap();
    let cert = stream.ssl().peer_certificate().unwrap();
    let fingerprint = cert.fingerprint(SHA1).unwrap();
-    let node_hash_str = "E19427DAC79FBE758394945276A6E4F15F0BEBE6";
+    let node_hash_str = "59172d9313e84459bcff27f967e79e6e9217e584";
    let node_id = node_hash_str.from_hex().unwrap();
    assert_eq!(node_id, fingerprint)
 });
@ -548,7 +548,7 @@ fn test_connect_with_unilateral_alpn() {
    let mut ctx = SslContext::new(Sslv23).unwrap();
    ctx.set_verify(SSL_VERIFY_PEER);
    ctx.set_alpn_protocols(&[b"http/1.1", b"spdy/3.1"]);
-    match ctx.set_CA_file(&Path::new("test/cert.pem")) {
+    match ctx.set_CA_file(&Path::new("test/root-ca.pem")) {
        Ok(_) => {}
        Err(err) => panic!("Unexpected error {:?}", err),
    }
@ -570,7 +570,7 @@ fn test_connect_with_unilateral_npn() {
    let mut ctx = SslContext::new(Sslv23).unwrap();
    ctx.set_verify(SSL_VERIFY_PEER);
    ctx.set_npn_protocols(&[b"http/1.1", b"spdy/3.1"]);
-    match ctx.set_CA_file(&Path::new("test/cert.pem")) {
+    match ctx.set_CA_file(&Path::new("test/root-ca.pem")) {
        Ok(_) => {}
        Err(err) => panic!("Unexpected error {:?}", err),
    }
@ -592,7 +592,7 @@ fn test_connect_with_alpn_successful_multiple_matching() {
    let mut ctx = SslContext::new(Sslv23).unwrap();
    ctx.set_verify(SSL_VERIFY_PEER);
    ctx.set_alpn_protocols(&[b"spdy/3.1", b"http/1.1"]);
-    match ctx.set_CA_file(&Path::new("test/cert.pem")) {
+    match ctx.set_CA_file(&Path::new("test/root-ca.pem")) {
        Ok(_) => {}
        Err(err) => panic!("Unexpected error {:?}", err),
    }
@ -614,7 +614,7 @@ fn test_connect_with_npn_successful_multiple_matching() {
    let mut ctx = SslContext::new(Sslv23).unwrap();
    ctx.set_verify(SSL_VERIFY_PEER);
    ctx.set_npn_protocols(&[b"spdy/3.1", b"http/1.1"]);
-    match ctx.set_CA_file(&Path::new("test/cert.pem")) {
+    match ctx.set_CA_file(&Path::new("test/root-ca.pem")) {
        Ok(_) => {}
        Err(err) => panic!("Unexpected error {:?}", err),
    }
@ -637,7 +637,7 @@ fn test_connect_with_alpn_successful_single_match() {
    let mut ctx = SslContext::new(Sslv23).unwrap();
    ctx.set_verify(SSL_VERIFY_PEER);
    ctx.set_alpn_protocols(&[b"spdy/3.1"]);
-    match ctx.set_CA_file(&Path::new("test/cert.pem")) {
+    match ctx.set_CA_file(&Path::new("test/root-ca.pem")) {
        Ok(_) => {}
        Err(err) => panic!("Unexpected error {:?}", err),
    }
@ -661,7 +661,7 @@ fn test_connect_with_npn_successful_single_match() {
    let mut ctx = SslContext::new(Sslv23).unwrap();
    ctx.set_verify(SSL_VERIFY_PEER);
    ctx.set_npn_protocols(&[b"spdy/3.1"]);
-    match ctx.set_CA_file(&Path::new("test/cert.pem")) {
+    match ctx.set_CA_file(&Path::new("test/root-ca.pem")) {
        Ok(_) => {}
        Err(err) => panic!("Unexpected error {:?}", err),
    }
@ -701,7 +701,7 @@ fn test_npn_server_advertise_multiple() {
    let mut ctx = SslContext::new(Sslv23).unwrap();
    ctx.set_verify(SSL_VERIFY_PEER);
    ctx.set_npn_protocols(&[b"spdy/3.1"]);
-    match ctx.set_CA_file(&Path::new("test/cert.pem")) {
+    match ctx.set_CA_file(&Path::new("test/root-ca.pem")) {
        Ok(_) => {}
        Err(err) => panic!("Unexpected error {:?}", err),
    }
@ -742,7 +742,7 @@ fn test_alpn_server_advertise_multiple() {
    let mut ctx = SslContext::new(Sslv23).unwrap();
    ctx.set_verify(SSL_VERIFY_PEER);
    ctx.set_alpn_protocols(&[b"spdy/3.1"]);
-    match ctx.set_CA_file(&Path::new("test/cert.pem")) {
+    match ctx.set_CA_file(&Path::new("test/root-ca.pem")) {
        Ok(_) => {}
        Err(err) => panic!("Unexpected error {:?}", err),
    }
@ -783,7 +783,7 @@ fn test_alpn_server_select_none() {
    let mut ctx = SslContext::new(Sslv23).unwrap();
    ctx.set_verify(SSL_VERIFY_PEER);
    ctx.set_alpn_protocols(&[b"http/2"]);
-    match ctx.set_CA_file(&Path::new("test/cert.pem")) {
+    match ctx.set_CA_file(&Path::new("test/root-ca.pem")) {
        Ok(_) => {}
        Err(err) => panic!("Unexpected error {:?}", err),
    }
--- a/openssl/src/x509/mod.rs
+++ b/openssl/src/x509/mod.rs
@ -94,7 +94,7 @@ impl X509StoreContext {
            if ptr.is_null() {
                None
            } else {
-                Some(X509Ref::new(ptr))
+                Some(X509Ref::from_ptr(ptr))
            }
        }
    }
@ -298,7 +298,7 @@ impl X509Generator {
        unsafe {
            let x509 = try_ssl_null!(ffi::X509_new());
-            let x509 = X509::new(x509);
+            let x509 = X509::from_ptr(x509);
            try_ssl!(ffi::X509_set_version(x509.as_ptr(), 2));
            try_ssl!(ffi::ASN1_INTEGER_set(ffi::X509_get_serialNumber(x509.as_ptr()),
@ -359,7 +359,7 @@ impl X509Generator {
            let req = ffi::X509_to_X509_REQ(cert.as_ptr(), ptr::null_mut(), ptr::null());
            try_ssl_null!(req);
-            let exts = ::c_helpers::rust_X509_get_extensions(cert.as_ptr());
+            let exts = ::c_helpers::rust_0_8_X509_get_extensions(cert.as_ptr());
            if exts != ptr::null_mut() {
                try_ssl!(ffi::X509_REQ_add_extensions(req, exts));
            }
@ -377,8 +377,14 @@ pub struct X509Ref<'a>(*mut ffi::X509, PhantomData<&'a ()>);
 impl<'a> X509Ref<'a> {
    /// Creates a new `X509Ref` wrapping the provided handle.
-    pub unsafe fn new(handle: *mut ffi::X509) -> X509Ref<'a> {
+    pub unsafe fn from_ptr(x509: *mut ffi::X509) -> X509Ref<'a> {
-        X509Ref(handle, PhantomData)
+        X509Ref(x509, PhantomData)
    }
    ///
    #[deprecated(note = "renamed to `X509::from_ptr`", since = "0.8.1")]
    pub unsafe fn new(x509: *mut ffi::X509) -> X509Ref<'a> {
        X509Ref::from_ptr(x509)
    }
    pub fn as_ptr(&self) -> *mut ffi::X509 {
@ -402,7 +408,7 @@ impl<'a> X509Ref<'a> {
            }
            Some(GeneralNames {
-                stack: stack as *const _,
+                stack: stack as *mut _,
                m: PhantomData,
            })
        }
@ -451,8 +457,14 @@ pub struct X509(X509Ref<'static>);
 impl X509 {
    /// Returns a new `X509`, taking ownership of the handle.
    pub unsafe fn from_ptr(x509: *mut ffi::X509) -> X509 {
        X509(X509Ref::from_ptr(x509))
    }
    ///
    #[deprecated(note = "renamed to `X509::from_ptr`", since = "0.8.1")]
    pub unsafe fn new(x509: *mut ffi::X509) -> X509 {
-        X509(X509Ref::new(x509))
+        X509::from_ptr(x509)
    }
    /// Reads a certificate from PEM.
@ -463,7 +475,7 @@ impl X509 {
                                                              ptr::null_mut(),
                                                              None,
                                                              ptr::null_mut()));
-            Ok(X509::new(handle))
+            Ok(X509::from_ptr(handle))
        }
    }
 }
@ -481,7 +493,7 @@ impl Clone for X509 {
    /// Requires the `x509_clone` feature.
    fn clone(&self) -> X509 {
        unsafe {
-            ::c_helpers::rust_X509_clone(self.as_ptr());
+            ::c_helpers::rust_0_8_X509_clone(self.as_ptr());
            X509::new(self.as_ptr())
        }
    }
@ -723,12 +735,24 @@ make_validation_error!(X509_V_OK,
    X509ApplicationVerification = X509_V_ERR_APPLICATION_VERIFICATION,
 );
 // FIXME remove lifetime param for 0.9
 /// A collection of OpenSSL `GENERAL_NAME`s.
 pub struct GeneralNames<'a> {
-    stack: *const ffi::stack_st_GENERAL_NAME,
+    stack: *mut ffi::stack_st_GENERAL_NAME,
    m: PhantomData<&'a ()>,
 }
 impl<'a> Drop for GeneralNames<'a> {
    fn drop(&mut self) {
        unsafe {
            // This transmute is dubious but it's what openssl itself does...
            let free: unsafe extern "C" fn(*mut ffi::GENERAL_NAME) = ffi::GENERAL_NAME_free;
            let free: unsafe extern "C" fn(*mut c_void) = mem::transmute(free);
            ffi::sk_pop_free(&mut (*self.stack).stack, Some(free));
        }
    }
 }
 impl<'a> GeneralNames<'a> {
    /// Returns the number of `GeneralName`s in this structure.
    pub fn len(&self) -> usize {
--- a/openssl/src/x509/tests.rs
+++ b/openssl/src/x509/tests.rs
@ -86,7 +86,7 @@ fn test_cert_loading() {
    let cert = X509::from_pem(cert).ok().expect("Failed to load PEM");
    let fingerprint = cert.fingerprint(SHA1).unwrap();
-    let hash_str = "E19427DAC79FBE758394945276A6E4F15F0BEBE6";
+    let hash_str = "59172d9313e84459bcff27f967e79e6e9217e584";
    let hash_vec = hash_str.from_hex().unwrap();
    assert_eq!(fingerprint, hash_vec);
--- a/openssl/test/cert.pem
+++ b/openssl/test/cert.pem
@ -1,21 +1,19 @@
 -----BEGIN CERTIFICATE-----
-MIIDhzCCAm+gAwIBAgIJAKyxk8nkmAtWMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV
+MIIDGzCCAgMCCQCHcfe97pgvpTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB
-BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
-aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMMCmZvb2Jhci5jb20wHhcNMTYwNTE2MDUw
+cyBQdHkgTHRkMB4XDTE2MDgxNDE3MDAwM1oXDTI2MDgxMjE3MDAwM1owWjELMAkG
-NTAwWhcNMjYwNTE0MDUwNTAwWjBaMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29t
+A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
-ZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD
+IFdpZGdpdHMgUHR5IEx0ZDETMBEGA1UEAwwKZm9vYmFyLmNvbTCCASIwDQYJKoZI
-VQQDDApmb29iYXIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+hvcNAQEBBQADggEPADCCAQoCggEBAKj0JYxEsxejUIX+I5GH0Hg2G0kX/y1H0+Ub
-qPQljESzF6NQhf4jkYfQeDYbSRf/LUfT5RvebDb8lrkEP/I33r/vMxK6ZcXy5LdK
+3mw2/Ja5BD/yN96/7zMSumXF8uS3SkmpyiJkbyD01TSRTqjlP7/VCBlyUIChlpLQ
-SanKImRvIPTVNJFOqOU/v9UIGXJQgKGWktCasZqKNmJP9ULI9eqZzAXNdLkg5Olf
+mrGaijZiT/VCyPXqmcwFzXS5IOTpX1olJfW8rA41U1LCIcDUyFf6LtZ/v8rSeKr6
-WiUl9bysDjVTUsIhwNTIV/ou1n+/ytJ4qvpO4TpIZXhZFoGbVKuNYF4dVXzroJGu
+TuE6SGV4WRaBm1SrjWBeHVV866CRrtSS1ieT2asFsAyOZqWhk2fakwwBDFWDhOGI
-1JLWJ5PZqwWwDI5mpaGTZ9qTDAEMVYOE4Yi5t877lqr1wEls1GXOyAHdRmzeALQ7
+ubfO+5aq9cBJbNRlzsgB3UZs3gC0O6GzbnZ6oT0TiJMeTsXXjABLUlaq/rrqFF4Y
-obNudnqhPROIkx5OxdeMAEtSVqr+uuoUXhh65mSRsdMUEzPbzw9RzebdlNyk34Tv
+euZkkbHTFBMz288PUc3m3ZTcpN+E7+ZOUBRZXKD20K07NugqCzUCAwEAATANBgkq
-5k5QFFlcoPbQrTs26CoLNQIDAQABo1AwTjAdBgNVHQ4EFgQUtnMvYaVLoe9ILBWx
+hkiG9w0BAQsFAAOCAQEASvYHuIl5C0NHBELPpVHNuLbQsDQNKVj3a54+9q1JkiMM
-n/PcNC+8rDAwHwYDVR0jBBgwFoAUtnMvYaVLoe9ILBWxn/PcNC+8rDAwDAYDVR0T
+6taEJYfw7K1Xjm4RoiFSHpQBh+PWZS3hToToL2Zx8JfMR5MuAirdPAy1Sia/J/qE
-BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAALVDDD2f25h5ytSkoUqQilybeRDg
+wQdJccqmvuLkLTSlsGbEJ/LUUgOAgrgHOZM5lUgIhCneA0/dWJ3PsN0zvn69/faY
-bPhTEEC83NWg2snV1yGtwO3zZ+hvX+J/RqOn33ER/RnQCZTB9FGPj566IbLwLSAE
+oo1iiolWiIHWWBUSdr3jM2AJaVAsTmLh00cKaDNk37JB940xConBGSl98JPrNrf9
-y83GDsbsFEWCL8yN4Q3dQVub7D3HZ5PBtGpBxC7brvJD7OnR3n75QOFC+OaGKUCo
+dUAiT0iIBngDBdHnn/yTj+InVEFyZSKrNtiDSObFHxPcxGteHNrCPJdP1e+GqkHp
-16XulVsB3IQsXdzL4GwoUqWGWaUyf5MkzFruBma16QetK5J10R42skeXssjvqupv
+HJMRZVCQpSMzvHlofHSNgzWV1MX5h1CP4SGZdBDTfA==
 qUQZxzGOzIGuLTBvJrtFxtoTCu+oZV942wGmuyvLwqRfzIODLNcGLS6lGJudXJPT
 Vapaj6maldL3qe1X4bxvtglnpdlrOJ65E3YEC1gcD1KUvfO5vItKrP1FbA==
 -----END CERTIFICATE-----
--- a/openssl/test/identity.p12
+++ b/openssl/test/identity.p12
--- a/openssl/test/root-ca.key
+++ b/openssl/test/root-ca.key
@ -0,0 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
 MIIEpQIBAAKCAQEArVHWFn52Lbl1l59exduZntVSZyDYpzDND+S2LUcO6fRBWhV/
 1Kzox+2GZptbuMGmfI3iAnb0CFT4uC3kBkQQlXonGATSVyaFTFR+jq/lc0SP+9Bd
 7SBXieIVeIXlY1TvlwIvj3Ntw9zX+scTA4SXxH6M0rKv9gTOub2vCMSHeF16X8DQ
 r4XsZuQr7Cp7j1I4aqOJyap5JTl5ijmG8cnu0n+8UcRlBzy99dLWJG0AfI3VRJdW
 pGTNVZ92aFff3RpK3F/WI2gp3qV1ynRAKuvmncGC3LDvYfcc2dgsc1N6Ffq8GIrk
 gRob6eBcklDHp1d023Lwre+VaVDSo1//Y72UFwIDAQABAoIBAGZrnd/dC2kp11uq
 Sg8SHk3GMdPPjTf/lq51sVJAU4fdV2Eso0XCiCzdKDcqR6F+jiu8jHp4YO0riW8N
 b1pkjohGjyOaddIaaVsZ80/OkgDz20Ird9XQ7uoEODvopA12+755BDH5PDwqHVeM
 nKfPiwAK6Jz6CxGO9bq9ZNoBiSyO1uofaB4Cpp8t74XVeAuPiI/Bb6WJ8TW5K5dt
 x0Jihdo46QgZR+z4PnyWIoACkhSoQmtTb9NUrpKceBcxdCrZ/kEmYpnPq/PuSw6g
 6HthjYP/H9Xulz69UR5Ez6z+1pU1rKFmQ46qK7X3zVHg233MlGekMzxdmShEjzCP
 BMGYpQECgYEA5tqTZsUJwx3HDhkaZ/XOtaQqwOnZm9wPwTjGbV1t4+NUJzsl5gjP
 ho+I8ZSGZ6MnNSh+ClpYhUHYBq0rTuAAYL2arcMOuOs1GrMmiZJbXm8zq8M7gYr5
 V99H/7akSx66WV/agPkLIvh/BWxlWgQcoVAIzZibbLUxr7Ye50pCLfECgYEAwDLn
 mFz0mFMvGtaSp8RnTDTFCz9czCeDt0GujCxG1epdvtuxlg/S1QH+mGzA/AHkiu7z
 uzCwGKWozNTdRkqVwYoJTB+AYHseSkuGP+a1zr39w+xBW/vESb2oP95GIwprXcG2
 b/qdeQVzuLQhYoqWI2u8CBwlHFfpQO4Bp2ea+ocCgYEAurIgLSfCqlpFpiAlG9hN
 8NYwgU1d4E+LKj+JMd8yRO+PGh8amjub4X3pST5NqDjpN3Nk42iHWFWUqGmZsbM0
 ewg7tLUgDeqiStKBoxaK8AdMqWc9k5lZ53e6mZISsnHKUQdVBaLjH8gJqdAs8yyK
 HudEB0mYwMSUxz6pJXIHrXECgYEAhJkaCpXm8chB8UQj/baUhZDKeI4IWZjRWHbq
 Ey7g1+hPMMOk6yCTlf1ARqyRH8u2ftuIL5bRhs+Te21IE5yVYOb4rxn0mZuXNC6S
 ujdTKwUMtESkeu9hZnaAQz/4J2ii1hY05WCDj+DhC4bKmY9/MYS8PuQb/kfwVqld
 Xr8tvrUCgYEAmslHocXBUFXyRDkEOx/aKo+t9fPBr95PBZzFUt9ejrTP4PXsLa46
 3/PNOCGdrQxh5qHHcvLwR4bPL++Dj+qMUTJXANrArKPDpE2WqH6pqWIC6yaZvzUk
 17QbpXR6bHcdJV045pWpw40UCStTocVynY1lBfOw8VqxBIBlpVBBzew=
 -----END RSA PRIVATE KEY-----
--- a/openssl/test/root-ca.pem
+++ b/openssl/test/root-ca.pem
@ -0,0 +1,21 @@
 -----BEGIN CERTIFICATE-----
 MIIDXTCCAkWgAwIBAgIJAOIvDiVb18eVMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
 BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
 aWRnaXRzIFB0eSBMdGQwHhcNMTYwODE0MTY1NjExWhcNMjYwODEyMTY1NjExWjBF
 MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
 ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
 CgKCAQEArVHWFn52Lbl1l59exduZntVSZyDYpzDND+S2LUcO6fRBWhV/1Kzox+2G
 ZptbuMGmfI3iAnb0CFT4uC3kBkQQlXonGATSVyaFTFR+jq/lc0SP+9Bd7SBXieIV
 eIXlY1TvlwIvj3Ntw9zX+scTA4SXxH6M0rKv9gTOub2vCMSHeF16X8DQr4XsZuQr
 7Cp7j1I4aqOJyap5JTl5ijmG8cnu0n+8UcRlBzy99dLWJG0AfI3VRJdWpGTNVZ92
 aFff3RpK3F/WI2gp3qV1ynRAKuvmncGC3LDvYfcc2dgsc1N6Ffq8GIrkgRob6eBc
 klDHp1d023Lwre+VaVDSo1//Y72UFwIDAQABo1AwTjAdBgNVHQ4EFgQUbNOlA6sN
 XyzJjYqciKeId7g3/ZowHwYDVR0jBBgwFoAUbNOlA6sNXyzJjYqciKeId7g3/Zow
 DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAVVaR5QWLZIRR4Dw6TSBn
 BQiLpBSXN6oAxdDw6n4PtwW6CzydaA+creiK6LfwEsiifUfQe9f+T+TBSpdIYtMv
 Z2H2tjlFX8VrjUFvPrvn5c28CuLI0foBgY8XGSkR2YMYzWw2jPEq3Th/KM5Catn3
 AFm3bGKWMtGPR4v+90chEN0jzaAmJYRrVUh9vea27bOCn31Nse6XXQPmSI6Gyncy
 OAPUsvPClF3IjeL1tmBotWqSGn1cYxLo+Lwjk22A9h6vjcNQRyZF2VLVvtwYrNU3
 mwJ6GCLsLHpwW/yjyvn8iEltnJvByM/eeRnfXV6WDObyiZsE/n6DxIRJodQzFqy9
 GA==
 -----END CERTIFICATE-----