Merge branch 'release-v0.7.12' into release

.travis.yml

@@ -6,7 +6,7 @@ addons:
     - gcc-arm-linux-gnueabihf
 rust:
 - nightly
-- 1.8.0
+- 1.7.0
 os:
 - osx
 - linux
@@ -18,11 +18,13 @@ matrix:
     #  include:
     #  - os: linux
     #    env: TARGET=arm-unknown-linux-gnueabihf TEST_FEATURES=true
-    #    rust: 1.8.0
+    #    rust: 1.7.0
   exclude:
   - os: osx
     env: TEST_FEATURES=true
 before_install:
 - ./openssl/test/build.sh
 script:
+- cargo fetch --manifest-path openssl/Cargo.toml # generate a cargo.lock
+- cargo update --manifest-path openssl/Cargo.toml -p bitflags --precise 0.5.0
 - ./openssl/test/run.sh

README.md

@@ -2,7 +2,7 @@
 
 [![Build Status](https://travis-ci.org/sfackler/rust-openssl.svg?branch=master)](https://travis-ci.org/sfackler/rust-openssl)
 
-[Documentation](https://sfackler.github.io/rust-openssl/doc/v0.7.11/openssl).
+[Documentation](https://sfackler.github.io/rust-openssl/doc/v0.7.12/openssl).
 
 ## Building
 
@@ -44,10 +44,30 @@ export OPENSSL_LIB_DIR=`brew --prefix openssl`/lib
 On Windows, consider building with [mingw-w64](http://mingw-w64.org/).
 Build script will try to find mingw in `PATH` environment variable to provide
 Cargo with location where openssl libs from mingw-w64 package may be found.
-If you followed guide [Building on Windows](https://github.com/rust-lang/rust#building-on-windows)
-from rust repo, then you should have [MSYS2](http://msys2.github.io/) with
-`mingw-w64-openssl` installed as part of `mingw-w64-x86_64-toolchain`
-(or `mingw-w64-i686-toolchain`) package.
+
+mingw-w64 can be easily installed by using [MSYS2](http://msys2.github.io/). Install MSYS2 according to the instructions, and then, from an MSYS2 Shell, install mingw-w64:
+
+32-bit:
+```bash
+pacman -S mingw-w64-i686-gcc
+``` 
+
+64-bit
+```bash
+pacman -S mingw-w64-x86_64-gcc
+```
+
+and then install the mingw-w64 toolchain.
+
+32-bit:
+```bash
+pacman -S mingw-w64-i686-toolchain
+```
+
+64-bit:
+```bash
+pacman -S mingw-w64-x86_64-toolchain
+```
 
 Alternatively, install OpenSSL from [here][1]. Cargo will not be able to find OpenSSL if it's
 installed to the default location. You can either copy the `include/openssl`

openssl-sys-extras/Cargo.toml

@@ -1,11 +1,11 @@
 [package]
 name = "openssl-sys-extras"
-version = "0.7.11"
+version = "0.7.12"
 authors = ["Steven Fackler <sfackler@gmail.com>"]
 license = "MIT"
 description = "Extra FFI bindings to OpenSSL that require a C shim"
 repository = "https://github.com/sfackler/rust-openssl"
-documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.11/openssl_sys_extras"
+documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.12/openssl_sys_extras"
 build = "build.rs"
 
 [features]
@@ -13,7 +13,7 @@ ecdh_auto = []
 
 [dependencies]
 libc = "0.2"
-openssl-sys = { version = "0.7.11", path = "../openssl-sys" }
+openssl-sys = { version = "0.7.12", path = "../openssl-sys" }
 
 [build-dependencies]
 gcc = "0.3"

openssl-sys-extras/src/lib.rs

@@ -1,5 +1,5 @@
 #![allow(non_upper_case_globals, non_snake_case)]
-#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.11")]
+#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.12")]
 
 extern crate openssl_sys;
 extern crate libc;

openssl-sys/Cargo.toml

@@ -1,12 +1,12 @@
 [package]
 name = "openssl-sys"
-version = "0.7.11"
+version = "0.7.12"
 authors = ["Alex Crichton <alex@alexcrichton.com>",
            "Steven Fackler <sfackler@gmail.com>"]
 license = "MIT"
 description = "FFI bindings to OpenSSL"
 repository = "https://github.com/sfackler/rust-openssl"
-documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.11/openssl_sys"
+documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.12/openssl_sys"
 links = "openssl"
 build = "build.rs"
 

openssl-sys/src/lib.rs

@@ -1,6 +1,6 @@
 #![allow(non_camel_case_types, non_upper_case_globals, non_snake_case)]
 #![allow(dead_code)]
-#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.11")]
+#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.12")]
 
 extern crate libc;
 
@@ -627,6 +627,12 @@ extern "C" {
                                     callback: Option<PasswordCallback>,
                                     user_data: *mut c_void) -> c_int;
     pub fn PEM_write_bio_PUBKEY(bp: *mut BIO, x: *mut EVP_PKEY) -> c_int;
+    pub fn PEM_write_bio_RSAPrivateKey(bp: *mut BIO, rsa: *mut RSA, cipher: *const EVP_CIPHER,
+                                        kstr: *mut c_char, klen: c_int,
+                                        callback: Option<PasswordCallback>,
+                                        user_data: *mut c_void) -> c_int;
+    pub fn PEM_write_bio_RSAPublicKey(bp: *mut BIO, rsa: *mut RSA) -> c_int;
+    pub fn PEM_write_bio_RSA_PUBKEY(bp: *mut BIO, rsa: *mut RSA) -> c_int;
     pub fn PEM_write_bio_X509(bio: *mut BIO, x509: *mut X509) -> c_int;
     pub fn PEM_write_bio_X509_REQ(bio: *mut BIO, x509: *mut X509_REQ) -> c_int;
 

openssl/Cargo.toml

@@ -1,11 +1,11 @@
 [package]
 name = "openssl"
-version = "0.7.11"
+version = "0.7.12"
 authors = ["Steven Fackler <sfackler@gmail.com>"]
 license = "Apache-2.0"
 description = "OpenSSL bindings"
 repository = "https://github.com/sfackler/rust-openssl"
-documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.11/openssl"
+documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.12/openssl"
 readme = "../README.md"
 keywords = ["crypto", "tls", "ssl", "dtls"]
 build = "build.rs"
@@ -29,11 +29,11 @@ pkcs5_pbkdf2_hmac = ["openssl-sys/pkcs5_pbkdf2_hmac"]
 nightly = []
 
 [dependencies]
-bitflags = ">= 0.5.0, < 0.7.0"
+bitflags = ">= 0.5.0, < 0.8.0"
 lazy_static = "0.2"
 libc = "0.2"
-openssl-sys = { version = "0.7.11", path = "../openssl-sys" }
-openssl-sys-extras = { version = "0.7.11", path = "../openssl-sys-extras" }
+openssl-sys = { version = "0.7.12", path = "../openssl-sys" }
+openssl-sys-extras = { version = "0.7.12", path = "../openssl-sys-extras" }
 
 [build-dependencies]
 gcc = "0.3"

openssl/src/crypto/hash.rs

@@ -2,9 +2,11 @@ use libc::c_uint;
 use std::iter::repeat;
 use std::io::prelude::*;
 use std::io;
-
 use ffi;
 
+use crypto::HashTypeInternals;
+use nid::Nid;
+
 /// Message digest (hash) type.
 #[derive(Copy, Clone)]
 pub enum Type {
@@ -17,19 +19,32 @@ pub enum Type {
     RIPEMD160,
 }
 
+impl HashTypeInternals for Type {
+    fn as_nid(&self) -> Nid {
+        match *self {
+            Type::MD5 => Nid::MD5,
+            Type::SHA1 => Nid::SHA1,
+            Type::SHA224 => Nid::SHA224,
+            Type::SHA256 => Nid::SHA256,
+            Type::SHA384 => Nid::SHA384,
+            Type::SHA512 => Nid::SHA512,
+            Type::RIPEMD160 => Nid::RIPEMD160,
+        }
+    }
+}
+
 impl Type {
     /// Returns the length of the message digest.
     #[inline]
     pub fn md_len(&self) -> usize {
-        use self::Type::*;
         match *self {
-            MD5 => 16,
-            SHA1 => 20,
-            SHA224 => 28,
-            SHA256 => 32,
-            SHA384 => 48,
-            SHA512 => 64,
-            RIPEMD160 => 20,
+            Type::MD5 => 16,
+            Type::SHA1 => 20,
+            Type::SHA224 => 28,
+            Type::SHA256 => 32,
+            Type::SHA384 => 48,
+            Type::SHA512 => 64,
+            Type::RIPEMD160 => 20,
         }
     }
 
@@ -37,15 +52,14 @@ impl Type {
     #[inline]
     pub fn evp_md(&self) -> *const ffi::EVP_MD {
         unsafe {
-            use self::Type::*;
             match *self {
-                MD5 => ffi::EVP_md5(),
-                SHA1 => ffi::EVP_sha1(),
-                SHA224 => ffi::EVP_sha224(),
-                SHA256 => ffi::EVP_sha256(),
-                SHA384 => ffi::EVP_sha384(),
-                SHA512 => ffi::EVP_sha512(),
-                RIPEMD160 => ffi::EVP_ripemd160(),
+                Type::MD5 => ffi::EVP_md5(),
+                Type::SHA1 => ffi::EVP_sha1(),
+                Type::SHA224 => ffi::EVP_sha224(),
+                Type::SHA256 => ffi::EVP_sha256(),
+                Type::SHA384 => ffi::EVP_sha384(),
+                Type::SHA512 => ffi::EVP_sha512(),
+                Type::RIPEMD160 => ffi::EVP_ripemd160(),
             }
         }
     }

openssl/src/crypto/hmac.rs

@@ -387,8 +387,7 @@ mod tests {
         let tests: [(Vec<u8>, Vec<u8>); 6] =
             [(repeat(0xb_u8).take(20).collect(), b"Hi There".to_vec()),
              (b"Jefe".to_vec(), b"what do ya want for nothing?".to_vec()),
-             (repeat(0xaa_u8).take(20).collect(),
-              repeat(0xdd_u8).take(50).collect()),
+             (repeat(0xaa_u8).take(20).collect(), repeat(0xdd_u8).take(50).collect()),
              ("0102030405060708090a0b0c0d0e0f10111213141516171819".from_hex().unwrap(),
               repeat(0xcd_u8).take(50).collect()),
              (repeat(0xaa_u8).take(131).collect(),

openssl/src/crypto/mod.rs

@@ -14,6 +14,8 @@
 // limitations under the License.
 //
 
+use nid::Nid;
+
 pub mod hash;
 pub mod hmac;
 pub mod pkcs5;
@@ -24,3 +26,7 @@ pub mod memcmp;
 pub mod rsa;
 
 mod symm_internal;
+
+trait HashTypeInternals {
+    fn as_nid(&self) -> Nid;
+}

openssl/src/crypto/pkey.rs

@@ -5,6 +5,8 @@ use std::iter::repeat;
 use std::mem;
 use std::ptr;
 use bio::MemBio;
+
+use crypto::HashTypeInternals;
 use crypto::hash;
 use crypto::hash::Type as HashType;
 use ffi;
@@ -41,18 +43,6 @@ fn openssl_padding_code(padding: EncryptionPadding) -> c_int {
     }
 }
 
-fn openssl_hash_nid(hash: HashType) -> c_int {
-    match hash {
-        HashType::MD5 => 4,   // NID_md5,
-        HashType::SHA1 => 64,  // NID_sha1
-        HashType::SHA224 => 675, // NID_sha224
-        HashType::SHA256 => 672, // NID_sha256
-        HashType::SHA384 => 673, // NID_sha384
-        HashType::SHA512 => 674, // NID_sha512
-        HashType::RIPEMD160 => 117, // NID_ripemd160
-    }
-}
-
 pub struct PKey {
     evp: *mut ffi::EVP_PKEY,
     parts: Parts,
@@ -556,7 +546,7 @@ impl PKey {
             let mut r = repeat(0u8).take(len as usize + 1).collect::<Vec<_>>();
 
             let mut len = 0;
-            let rv = ffi::RSA_sign(openssl_hash_nid(hash),
+            let rv = ffi::RSA_sign(hash.as_nid() as c_int,
                                    s.as_ptr(),
                                    s.len() as c_uint,
                                    r.as_mut_ptr(),
@@ -579,7 +569,7 @@ impl PKey {
                 panic!("Could not get RSA key for verification");
             }
 
-            let rv = ffi::RSA_verify(openssl_hash_nid(hash),
+            let rv = ffi::RSA_verify(hash.as_nid() as c_int,
                                      h.as_ptr(),
                                      h.len() as c_uint,
                                      s.as_ptr(),
@@ -614,12 +604,11 @@ impl Clone for PKey {
         match self.parts {
             Parts::Public => {
                 pkey.load_pub(&self.save_pub()[..]);
-            },
+            }
             Parts::Both => {
                 pkey.load_priv(&self.save_priv()[..]);
-            },
-            Parts::Neither => {
-            },
+            }
+            Parts::Neither => {}
         }
         pkey
     }

openssl/src/crypto/rsa.rs

@@ -2,10 +2,13 @@ use ffi;
 use std::fmt;
 use ssl::error::{SslError, StreamError};
 use std::ptr;
-use std::io::{self, Read};
+use std::io::{self, Read, Write};
+use libc::c_int;
 
 use bn::BigNum;
 use bio::MemBio;
+use crypto::HashTypeInternals;
+use crypto::hash;
 
 pub struct RSA(*mut ffi::RSA);
 
@@ -29,6 +32,29 @@ impl RSA {
         }
     }
 
+    pub fn from_private_components(n: BigNum,
+                                   e: BigNum,
+                                   d: BigNum,
+                                   p: BigNum,
+                                   q: BigNum,
+                                   dp: BigNum,
+                                   dq: BigNum,
+                                   qi: BigNum)
+                                   -> Result<RSA, SslError> {
+        unsafe {
+            let rsa = try_ssl_null!(ffi::RSA_new());
+            (*rsa).n = n.into_raw();
+            (*rsa).e = e.into_raw();
+            (*rsa).d = d.into_raw();
+            (*rsa).p = p.into_raw();
+            (*rsa).q = q.into_raw();
+            (*rsa).dmp1 = dp.into_raw();
+            (*rsa).dmq1 = dq.into_raw();
+            (*rsa).iqmp = qi.into_raw();
+            Ok(RSA(rsa))
+        }
+    }
+
     /// the caller should assert that the rsa pointer is valid.
     pub unsafe fn from_raw(rsa: *mut ffi::RSA) -> RSA {
         RSA(rsa)
@@ -50,6 +76,31 @@ impl RSA {
         }
     }
 
+    /// Writes an RSA private key as unencrypted PEM formatted data
+    pub fn private_key_to_pem<W>(&self, writer: &mut W) -> Result<(), SslError>
+        where W: Write
+    {
+        let mut mem_bio = try!(MemBio::new());
+
+        let result = unsafe {
+            ffi::PEM_write_bio_RSAPrivateKey(mem_bio.get_handle(),
+                                             self.0,
+                                             ptr::null(),
+                                             ptr::null_mut(),
+                                             0,
+                                             None,
+                                             ptr::null_mut())
+        };
+
+        if result == 1 {
+            try!(io::copy(&mut mem_bio, writer).map_err(StreamError));
+
+            Ok(())
+        } else {
+            Err(SslError::OpenSslErrors(vec![]))
+        }
+    }
+
     /// Reads an RSA public key from PEM formatted data.
     pub fn public_key_from_pem<R>(reader: &mut R) -> Result<RSA, SslError>
         where R: Read
@@ -66,51 +117,97 @@ impl RSA {
         }
     }
 
+    /// Writes an RSA public key as PEM formatted data
+    pub fn public_key_to_pem<W>(&self, writer: &mut W) -> Result<(), SslError>
+        where W: Write
+    {
+        let mut mem_bio = try!(MemBio::new());
+
+        let result = unsafe { ffi::PEM_write_bio_RSA_PUBKEY(mem_bio.get_handle(), self.0) };
+
+        if result == 1 {
+            try!(io::copy(&mut mem_bio, writer).map_err(StreamError));
+
+            Ok(())
+        } else {
+            Err(SslError::OpenSslErrors(vec![]))
+        }
+    }
+
+    pub fn size(&self) -> Result<u32, SslError> {
+        if self.has_n() {
+            unsafe { Ok(ffi::RSA_size(self.0) as u32) }
+        } else {
+            Err(SslError::OpenSslErrors(vec![]))
+        }
+    }
+
+    pub fn sign(&self, hash: hash::Type, message: &[u8]) -> Result<Vec<u8>, SslError> {
+        let k_len = try!(self.size());
+        let mut sig = vec![0;k_len as usize];
+        let mut sig_len = k_len;
+
+        unsafe {
+            let result = ffi::RSA_sign(hash.as_nid() as c_int,
+                                       message.as_ptr(),
+                                       message.len() as u32,
+                                       sig.as_mut_ptr(),
+                                       &mut sig_len,
+                                       self.0);
+            assert!(sig_len == k_len);
+
+            if result == 1 {
+                Ok(sig)
+            } else {
+                Err(SslError::OpenSslErrors(vec![]))
+            }
+        }
+    }
+
+    pub fn verify(&self, hash: hash::Type, message: &[u8], sig: &[u8]) -> Result<bool, SslError> {
+        unsafe {
+            let result = ffi::RSA_verify(hash.as_nid() as c_int,
+                                         message.as_ptr(),
+                                         message.len() as u32,
+                                         sig.as_ptr(),
+                                         sig.len() as u32,
+                                         self.0);
+
+            Ok(result == 1)
+        }
+    }
+
     pub fn as_ptr(&self) -> *mut ffi::RSA {
         self.0
     }
 
     // The following getters are unsafe, since BigNum::new_from_ffi fails upon null pointers
     pub fn n(&self) -> Result<BigNum, SslError> {
-        unsafe {
-            BigNum::new_from_ffi((*self.0).n)
-        }
+        unsafe { BigNum::new_from_ffi((*self.0).n) }
     }
 
     pub fn has_n(&self) -> bool {
-        unsafe {
-            !(*self.0).n.is_null()
-        }
+        unsafe { !(*self.0).n.is_null() }
     }
 
     pub fn d(&self) -> Result<BigNum, SslError> {
-        unsafe {
-            BigNum::new_from_ffi((*self.0).d)
-        }
+        unsafe { BigNum::new_from_ffi((*self.0).d) }
     }
 
     pub fn e(&self) -> Result<BigNum, SslError> {
-        unsafe {
-            BigNum::new_from_ffi((*self.0).e)
-        }
+        unsafe { BigNum::new_from_ffi((*self.0).e) }
     }
 
     pub fn has_e(&self) -> bool {
-        unsafe {
-            !(*self.0).e.is_null()
-        }
+        unsafe { !(*self.0).e.is_null() }
     }
 
     pub fn p(&self) -> Result<BigNum, SslError> {
-        unsafe {
-            BigNum::new_from_ffi((*self.0).p)
-        }
+        unsafe { BigNum::new_from_ffi((*self.0).p) }
     }
 
     pub fn q(&self) -> Result<BigNum, SslError> {
-        unsafe {
-            BigNum::new_from_ffi((*self.0).q)
-        }
+        unsafe { BigNum::new_from_ffi((*self.0).q) }
     }
 }
 
@@ -119,3 +216,65 @@ impl fmt::Debug for RSA {
         write!(f, "RSA")
     }
 }
+
+#[cfg(test)]
+mod test {
+    use std::fs::File;
+    use std::io::Write;
+    use super::*;
+    use crypto::hash::*;
+
+    fn signing_input_rs256() -> Vec<u8> {
+        vec![101, 121, 74, 104, 98, 71, 99, 105, 79, 105, 74, 83, 85, 122, 73, 49, 78, 105, 74, 57,
+             46, 101, 121, 74, 112, 99, 51, 77, 105, 79, 105, 74, 113, 98, 50, 85, 105, 76, 65, 48,
+             75, 73, 67, 74, 108, 101, 72, 65, 105, 79, 106, 69, 122, 77, 68, 65, 52, 77, 84, 107,
+             122, 79, 68, 65, 115, 68, 81, 111, 103, 73, 109, 104, 48, 100, 72, 65, 54, 76, 121,
+             57, 108, 101, 71, 70, 116, 99, 71, 120, 108, 76, 109, 78, 118, 98, 83, 57, 112, 99,
+             49, 57, 121, 98, 50, 57, 48, 73, 106, 112, 48, 99, 110, 86, 108, 102, 81]
+    }
+
+    fn signature_rs256() -> Vec<u8> {
+        vec![112, 46, 33, 137, 67, 232, 143, 209, 30, 181, 216, 45, 191, 120, 69, 243, 65, 6, 174,
+             27, 129, 255, 247, 115, 17, 22, 173, 209, 113, 125, 131, 101, 109, 66, 10, 253, 60,
+             150, 238, 221, 115, 162, 102, 62, 81, 102, 104, 123, 0, 11, 135, 34, 110, 1, 135, 237,
+             16, 115, 249, 69, 229, 130, 173, 252, 239, 22, 216, 90, 121, 142, 232, 198, 109, 219,
+             61, 184, 151, 91, 23, 208, 148, 2, 190, 237, 213, 217, 217, 112, 7, 16, 141, 178, 129,
+             96, 213, 248, 4, 12, 167, 68, 87, 98, 184, 31, 190, 127, 249, 217, 46, 10, 231, 111,
+             36, 242, 91, 51, 187, 230, 244, 74, 230, 30, 177, 4, 10, 203, 32, 4, 77, 62, 249, 18,
+             142, 212, 1, 48, 121, 91, 212, 189, 59, 65, 238, 202, 208, 102, 171, 101, 25, 129,
+             253, 228, 141, 247, 127, 55, 45, 195, 139, 159, 175, 221, 59, 239, 177, 139, 93, 163,
+             204, 60, 46, 176, 47, 158, 58, 65, 214, 18, 202, 173, 21, 145, 18, 115, 160, 95, 35,
+             185, 232, 56, 250, 175, 132, 157, 105, 132, 41, 239, 90, 30, 136, 121, 130, 54, 195,
+             212, 14, 96, 69, 34, 165, 68, 200, 242, 122, 122, 45, 184, 6, 99, 209, 108, 247, 202,
+             234, 86, 222, 64, 92, 178, 33, 90, 69, 178, 194, 85, 102, 181, 90, 193, 167, 72, 160,
+             112, 223, 200, 163, 42, 70, 149, 67, 208, 25, 238, 251, 71]
+    }
+
+    #[test]
+    pub fn test_sign() {
+        let mut buffer = File::open("test/rsa.pem").unwrap();
+        let private_key = RSA::private_key_from_pem(&mut buffer).unwrap();
+
+        let mut sha = Hasher::new(Type::SHA256);
+        sha.write_all(&signing_input_rs256()).unwrap();
+        let digest = sha.finish();
+
+        let result = private_key.sign(Type::SHA256, &digest).unwrap();
+
+        assert_eq!(result, signature_rs256());
+    }
+
+    #[test]
+    pub fn test_verify() {
+        let mut buffer = File::open("test/rsa.pem.pub").unwrap();
+        let public_key = RSA::public_key_from_pem(&mut buffer).unwrap();
+
+        let mut sha = Hasher::new(Type::SHA256);
+        sha.write_all(&signing_input_rs256()).unwrap();
+        let digest = sha.finish();
+
+        let result = public_key.verify(Type::SHA256, &digest, &signature_rs256()).unwrap();
+
+        assert!(result);
+    }
+}

openssl/src/lib.rs

@@ -1,4 +1,4 @@
-#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.11")]
+#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.12")]
 #![cfg_attr(feature = "nightly", feature(const_fn))]
 
 #[macro_use]

openssl/src/nid.rs

@@ -2,7 +2,7 @@
 #[derive(Copy, Clone, Hash, PartialEq, Eq)]
 #[repr(usize)]
 pub enum Nid {
-    Undefined,
+    Undefined, // 0
     Rsadsi,
     Pkcs,
     MD2,
@@ -12,7 +12,7 @@ pub enum Nid {
     RsaEncryption,
     RSA_MD2,
     RSA_MD5,
-    PBE_MD2_DES,
+    PBE_MD2_DES, // 10
     X500,
     x509,
     CN,
@@ -22,7 +22,7 @@ pub enum Nid {
     O,
     OU,
     RSA,
-    Pkcs7,
+    Pkcs7, // 20
     Pkcs7_data,
     Pkcs7_signedData,
     Pkcs7_envelopedData,
@@ -32,7 +32,7 @@ pub enum Nid {
     Pkcs3,
     DhKeyAgreement,
     DES_ECB,
-    DES_CFB,
+    DES_CFB, // 30
     DES_CBC,
     DES_EDE,
     DES_EDE3,
@@ -42,7 +42,7 @@ pub enum Nid {
     RC2_CBC,
     RC2_ECB,
     RC2_CFB,
-    RC2_OFB,
+    RC2_OFB, // 40
     SHA,
     RSA_SHA,
     DES_EDE_CBC,
@@ -52,7 +52,7 @@ pub enum Nid {
     Pkcs9,
     Email,
     UnstructuredName,
-    ContentType,
+    ContentType, // 50
     MessageDigest,
     SigningTime,
     CounterSignature,
@@ -62,7 +62,7 @@ pub enum Nid {
     Netscape,
     NetscapeCertExtention,
     NetscapeDatatype,
-    DES_EDE_CFB64,
+    DES_EDE_CFB64, // 60
     DES_EDE3_CFB64,
     DES_EDE_OFB64,
     DES_EDE3_OFB64,
@@ -72,7 +72,7 @@ pub enum Nid {
     DSA_OLD,
     PBE_SHA1_RC2_64,
     PBKDF2,
-    DSA_SHA1_OLD,
+    DSA_SHA1_OLD, // 70
     NetscapeCertType,
     NetscapeBaseUrl,
     NetscapeRevocationUrl,
@@ -82,7 +82,7 @@ pub enum Nid {
     NetscapeSSLServerName,
     NetscapeComment,
     NetscapeCertSequence,
-    DESX_CBC,
+    DESX_CBC, // 80
     ID_CE,
     SubjectKeyIdentifier,
     KeyUsage,
@@ -92,7 +92,7 @@ pub enum Nid {
     BasicConstraints,
     CrlNumber,
     CertificatePolicies,
-    AuthorityKeyIdentifier,
+    AuthorityKeyIdentifier, // 90
     BF_CBC,
     BF_ECB,
     BF_CFB,
@@ -102,7 +102,7 @@ pub enum Nid {
     RC4_40,
     RC2_40_CBC,
     G,
-    S,
+    S, // 100
     I,
     /// uniqueIdentifier
     UID,
@@ -113,7 +113,7 @@ pub enum Nid {
     D,
     CAST5_CBC,
     CAST5_ECB,
-    CAST5_CFB,
+    CAST5_CFB, // 110
     CAST5_OFB,
     PbeWithMD5AndCast5CBC,
     DSA_SHA1,
@@ -123,7 +123,7 @@ pub enum Nid {
     RIPEMD160,
     // 118 missing
     RSA_RIPEMD160 = 119,
-    RC5_CBC,
+    RC5_CBC, // 120
     RC5_ECB,
     RC5_CFB,
     RC5_OFB,
@@ -133,7 +133,7 @@ pub enum Nid {
     PKIX,
     ID_KP,
     ServerAuth,
-    ClientAuth,
+    ClientAuth, // 130
     CodeSigning,
     EmailProtection,
     TimeStamping,
@@ -143,7 +143,7 @@ pub enum Nid {
     MsSGC,
     MsEFS,
     NsSGC,
-    DeltaCRL,
+    DeltaCRL, // 140
     CRLReason,
     InvalidityDate,
     SXNetID,
@@ -153,7 +153,7 @@ pub enum Nid {
     PBE_SHA1_2DES,
     PBE_SHA1_RC2_128,
     PBE_SHA1_RC2_40,
-    KeyBag,
+    KeyBag, // 150
     Pkcs8ShroudedKeyBag,
     CertBag,
     CrlBag,
@@ -163,7 +163,7 @@ pub enum Nid {
     LocalKeyID,
     X509Certificate,
     SdsiCertificate,
-    X509Crl,
+    X509Crl, // 160
     PBES2,
     PBMAC1,
     HmacWithSha1,
@@ -171,6 +171,26 @@ pub enum Nid {
     ID_QT_UNOTICE,
     RC2_64_CBC,
     SMIMECaps,
+    PBE_MD2_RC2_64,
+    PBE_MD5_RC2_64,
+    PBE_SHA1_DES,
+    MicrosoftExtensionRequest,
+    ExtensionRequest,
+    Name,
+    DnQualifier,
+    IdPe,
+    IdAd,
+    AuthorityInfoAccess,
+    OCSP,
+    CaIssuers,
+    OCSPSigning, // 180
+
+    // 181 and up are from openssl's obj_mac.h
     /// Shown as UID in cert subject
-    UserId = 458
+    UserId = 458,
+
+    SHA256 = 672,
+    SHA384,
+    SHA512,
+    SHA224,
 }

openssl/src/ssl/bio.rs

@@ -82,12 +82,16 @@ unsafe fn state<'a, S: 'a>(bio: *mut BIO) -> &'a mut StreamState<S> {
 }
 
 #[cfg(feature = "nightly")]
-fn catch_unwind<F, T>(f: F) -> Result<T, Box<Any + Send>> where F: FnOnce() -> T {
+fn catch_unwind<F, T>(f: F) -> Result<T, Box<Any + Send>>
+    where F: FnOnce() -> T
+{
     ::std::panic::catch_unwind(::std::panic::AssertUnwindSafe(f))
 }
 
 #[cfg(not(feature = "nightly"))]
-fn catch_unwind<F, T>(f: F) -> Result<T, Box<Any + Send>> where F: FnOnce() -> T {
+fn catch_unwind<F, T>(f: F) -> Result<T, Box<Any + Send>>
+    where F: FnOnce() -> T
+{
     Ok(f())
 }
 
@@ -137,7 +141,8 @@ unsafe extern "C" fn bread<S: Read>(bio: *mut BIO, buf: *mut c_char, len: c_int)
 
 fn retriable_error(err: &io::Error) -> bool {
     match err.kind() {
-        io::ErrorKind::WouldBlock | io::ErrorKind::NotConnected => true,
+        io::ErrorKind::WouldBlock |
+        io::ErrorKind::NotConnected => true,
         _ => false,
     }
 }

openssl/src/ssl/mod.rs

@@ -877,9 +877,15 @@ impl <'a> SslCipher<'a> {
             let algo_bits: *mut c_int = ptr::null_mut();
             let secret_bits = ffi::SSL_CIPHER_get_bits(self.cipher, algo_bits);
             if !algo_bits.is_null() {
-                CipherBits { secret: secret_bits, algorithm: Some(*algo_bits) }
+                CipherBits {
+                    secret: secret_bits,
+                    algorithm: Some(*algo_bits),
+                }
             } else {
-                CipherBits { secret: secret_bits, algorithm: None }
+                CipherBits {
+                    secret: secret_bits,
+                    algorithm: None,
+                }
             }
         }
     }
@@ -987,7 +993,9 @@ impl Ssl {
     {
         unsafe {
             let verify = Box::new(verify);
-            ffi::SSL_set_ex_data(self.ssl, get_ssl_verify_data_idx::<F>(), mem::transmute(verify));
+            ffi::SSL_set_ex_data(self.ssl,
+                                 get_ssl_verify_data_idx::<F>(),
+                                 mem::transmute(verify));
             ffi::SSL_set_verify(self.ssl, mode.bits as c_int, Some(ssl_raw_verify::<F>));
         }
     }
@@ -999,7 +1007,10 @@ impl Ssl {
             if ptr.is_null() {
                 None
             } else {
-                Some(SslCipher{ cipher: ptr, ph: PhantomData })
+                Some(SslCipher {
+                    cipher: ptr,
+                    ph: PhantomData,
+                })
             }
         }
     }
@@ -1224,7 +1235,8 @@ impl<S: Clone + Read + Write> Clone for SslStream<S> {
     }
 }
 
-impl<S> fmt::Debug for SslStream<S> where S: fmt::Debug
+impl<S> fmt::Debug for SslStream<S>
+    where S: fmt::Debug
 {
     fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result {
         fmt.debug_struct("SslStream")
@@ -1385,7 +1397,8 @@ impl<S> SslStream<S> {
                 }
             }
             LibSslError::ErrorZeroReturn => Some(SslError::SslSessionClosed),
-            LibSslError::ErrorWantWrite | LibSslError::ErrorWantRead => None,
+            LibSslError::ErrorWantWrite |
+            LibSslError::ErrorWantRead => None,
             err => {
                 Some(SslError::StreamError(io::Error::new(io::ErrorKind::Other,
                                                           format!("unexpected error {:?}", err))))
@@ -1401,8 +1414,7 @@ impl<S> SslStream<S> {
     }
 
     #[cfg(not(feature = "nightly"))]
-    fn check_panic(&mut self) {
-    }
+    fn check_panic(&mut self) {}
 
     fn get_bio_error(&mut self) -> io::Error {
         let error = unsafe { bio::take_error::<S>(self.ssl.get_raw_rbio()) };
@@ -1513,7 +1525,8 @@ pub enum MaybeSslStream<S>
     Normal(S),
 }
 
-impl<S> Read for MaybeSslStream<S> where S: Read + Write
+impl<S> Read for MaybeSslStream<S>
+    where S: Read + Write
 {
     fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> {
         match *self {
@@ -1523,7 +1536,8 @@ impl<S> Read for MaybeSslStream<S> where S: Read + Write
     }
 }
 
-impl<S> Write for MaybeSslStream<S> where S: Read + Write
+impl<S> Write for MaybeSslStream<S>
+    where S: Read + Write
 {
     fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
         match *self {
@@ -1540,7 +1554,8 @@ impl<S> Write for MaybeSslStream<S> where S: Read + Write
     }
 }
 
-impl<S> MaybeSslStream<S> where S: Read + Write
+impl<S> MaybeSslStream<S>
+    where S: Read + Write
 {
     /// Returns a reference to the underlying stream.
     pub fn get_ref(&self) -> &S {

openssl/src/ssl/tests/mod.rs

@@ -196,7 +196,7 @@ macro_rules! run_test(
             use ssl::SslMethod;
             use ssl::{SslContext, Ssl, SslStream, VerifyCallback};
             use ssl::SSL_VERIFY_PEER;
-            use crypto::hash::Type::SHA256;
+            use crypto::hash::Type::SHA1;
             use x509::X509StoreContext;
             use serialize::hex::FromHex;
             use super::Server;
@@ -236,7 +236,7 @@ run_test!(verify_untrusted, |method, stream| {
 
     match SslStream::connect_generic(&ctx, stream) {
         Ok(_) => panic!("expected failure"),
-        Err(err) => println!("error {:?}", err)
+        Err(err) => println!("error {:?}", err),
     }
 });
 
@@ -246,11 +246,11 @@ run_test!(verify_trusted, |method, stream| {
 
     match ctx.set_CA_file(&Path::new("test/cert.pem")) {
         Ok(_) => {}
-        Err(err) => panic!("Unexpected error {:?}", err)
+        Err(err) => panic!("Unexpected error {:?}", err),
     }
     match SslStream::connect_generic(&ctx, stream) {
         Ok(_) => (),
-        Err(err) => panic!("Expected success, got {:?}", err)
+        Err(err) => panic!("Expected success, got {:?}", err),
     }
 });
 
@@ -264,7 +264,7 @@ run_test!(verify_untrusted_callback_override_ok, |method, stream| {
 
     match SslStream::connect_generic(&ctx, stream) {
         Ok(_) => (),
-        Err(err) => panic!("Expected success, got {:?}", err)
+        Err(err) => panic!("Expected success, got {:?}", err),
     }
 });
 
@@ -289,11 +289,11 @@ run_test!(verify_trusted_callback_override_ok, |method, stream| {
 
     match ctx.set_CA_file(&Path::new("test/cert.pem")) {
         Ok(_) => {}
-        Err(err) => panic!("Unexpected error {:?}", err)
+        Err(err) => panic!("Unexpected error {:?}", err),
     }
     match SslStream::connect_generic(&ctx, stream) {
         Ok(_) => (),
-        Err(err) => panic!("Expected success, got {:?}", err)
+        Err(err) => panic!("Expected success, got {:?}", err),
     }
 });
 
@@ -307,7 +307,7 @@ run_test!(verify_trusted_callback_override_bad, |method, stream| {
 
     match ctx.set_CA_file(&Path::new("test/cert.pem")) {
         Ok(_) => {}
-        Err(err) => panic!("Unexpected error {:?}", err)
+        Err(err) => panic!("Unexpected error {:?}", err),
     }
     assert!(SslStream::connect_generic(&ctx, stream).is_err());
 });
@@ -335,7 +335,7 @@ run_test!(verify_trusted_get_error_ok, |method, stream| {
 
     match ctx.set_CA_file(&Path::new("test/cert.pem")) {
         Ok(_) => {}
-        Err(err) => panic!("Unexpected error {:?}", err)
+        Err(err) => panic!("Unexpected error {:?}", err),
     }
     assert!(SslStream::connect_generic(&ctx, stream).is_ok());
 });
@@ -353,13 +353,12 @@ run_test!(verify_trusted_get_error_err, |method, stream| {
 });
 
 run_test!(verify_callback_data, |method, stream| {
-    fn callback(_preverify_ok: bool, x509_ctx: &X509StoreContext,
-                node_id: &Vec<u8>) -> bool {
+    fn callback(_preverify_ok: bool, x509_ctx: &X509StoreContext, node_id: &Vec<u8>) -> bool {
         let cert = x509_ctx.get_current_cert();
         match cert {
             None => false,
             Some(cert) => {
-                let fingerprint = cert.fingerprint(SHA256).unwrap();
+                let fingerprint = cert.fingerprint(SHA1).unwrap();
                 &fingerprint == node_id
             }
         }
@@ -370,14 +369,14 @@ run_test!(verify_callback_data, |method, stream| {
     // in DER format.
     // Command: openssl x509 -in test/cert.pem  -outform DER | openssl dgst -sha256
     // Please update if "test/cert.pem" will ever change
-    let node_hash_str = "db400bb62f1b1f29c3b8f323b8f7d9dea724fdcd67104ef549c772ae3749655b";
+    let node_hash_str = "E19427DAC79FBE758394945276A6E4F15F0BEBE6";
     let node_id = node_hash_str.from_hex().unwrap();
     ctx.set_verify_with_data(SSL_VERIFY_PEER, callback, node_id);
     ctx.set_verify_depth(1);
 
     match SslStream::connect_generic(&ctx, stream) {
         Ok(_) => (),
-        Err(err) => panic!("Expected success, got {:?}", err)
+        Err(err) => panic!("Expected success, got {:?}", err),
     }
 });
 
@@ -390,14 +389,14 @@ run_test!(ssl_verify_callback, |method, stream| {
     let ctx = SslContext::new(method).unwrap();
     let mut ssl = ctx.into_ssl().unwrap();
 
-    let node_hash_str = "db400bb62f1b1f29c3b8f323b8f7d9dea724fdcd67104ef549c772ae3749655b";
+    let node_hash_str = "E19427DAC79FBE758394945276A6E4F15F0BEBE6";
     let node_id = node_hash_str.from_hex().unwrap();
     ssl.set_verify_callback(SSL_VERIFY_PEER, move |_, x509| {
         CHECKED.store(1, Ordering::SeqCst);
         match x509.get_current_cert() {
             None => false,
             Some(cert) => {
-                let fingerprint = cert.fingerprint(SHA256).unwrap();
+                let fingerprint = cert.fingerprint(SHA1).unwrap();
                 fingerprint == node_id
             }
         }
@@ -405,7 +404,7 @@ run_test!(ssl_verify_callback, |method, stream| {
 
     match SslStream::connect_generic(ssl, stream) {
         Ok(_) => (),
-        Err(err) => panic!("Expected success, got {:?}", err)
+        Err(err) => panic!("Expected success, got {:?}", err),
     }
 
     assert_eq!(CHECKED.load(Ordering::SeqCst), 1);
@@ -499,11 +498,10 @@ fn test_write_direct() {
 }
 
 run_test!(get_peer_certificate, |method, stream| {
-    let stream = SslStream::connect_generic(&SslContext::new(method).unwrap(),
-                                            stream).unwrap();
+    let stream = SslStream::connect_generic(&SslContext::new(method).unwrap(), stream).unwrap();
     let cert = stream.ssl().peer_certificate().unwrap();
-    let fingerprint = cert.fingerprint(SHA256).unwrap();
-    let node_hash_str = "db400bb62f1b1f29c3b8f323b8f7d9dea724fdcd67104ef549c772ae3749655b";
+    let fingerprint = cert.fingerprint(SHA1).unwrap();
+    let node_hash_str = "E19427DAC79FBE758394945276A6E4F15F0BEBE6";
     let node_id = node_hash_str.from_hex().unwrap();
     assert_eq!(node_id, fingerprint)
 });

openssl/src/version.rs

@@ -1,4 +1,3 @@
-//
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at

openssl/src/x509/mod.rs

@@ -379,7 +379,9 @@ impl X509Generator {
             ffi::X509_set_issuer_name(x509.handle, name);
 
             for (exttype, ext) in self.extensions.iter() {
-                try!(X509Generator::add_extension_internal(x509.handle, &exttype, &ext.to_string()));
+                try!(X509Generator::add_extension_internal(x509.handle,
+                                                           &exttype,
+                                                           &ext.to_string()));
             }
 
             let hash_fn = self.hash_type.evp_md();
@@ -539,9 +541,9 @@ extern "C" {
 impl<'ctx> Clone for X509<'ctx> {
     fn clone(&self) -> X509<'ctx> {
         unsafe { rust_X509_clone(self.handle) }
-        /* FIXME: given that we now have refcounting control, 'owned' should be uneeded, the 'ctx
-         * is probably also uneeded. We can remove both to condense the x509 api quite a bit
-         */
+        // FIXME: given that we now have refcounting control, 'owned' should be uneeded, the 'ctx
+        // is probably also uneeded. We can remove both to condense the x509 api quite a bit
+        //
         X509::new(self.handle, true)
     }
 }
@@ -693,7 +695,7 @@ impl Extensions {
 /// extension in the collection.
 struct ExtensionsIter<'a> {
     current: usize,
-    extensions: &'a Vec<Extension>
+    extensions: &'a Vec<Extension>,
 }
 
 impl<'a> Iterator for ExtensionsIter<'a> {
@@ -798,9 +800,7 @@ pub struct GeneralNames<'a> {
 impl<'a> GeneralNames<'a> {
     /// Returns the number of `GeneralName`s in this structure.
     pub fn len(&self) -> usize {
-        unsafe {
-            (*self.stack).stack.num as usize
-        }
+        unsafe { (*self.stack).stack.num as usize }
     }
 
     /// Returns the specified `GeneralName`.
@@ -823,7 +823,7 @@ impl<'a> GeneralNames<'a> {
     pub fn iter(&self) -> GeneralNamesIter {
         GeneralNamesIter {
             names: self,
-            idx: 0
+            idx: 0,
         }
     }
 }

openssl/src/x509/tests.rs

@@ -3,7 +3,7 @@ use std::io;
 use std::path::Path;
 use std::fs::File;
 
-use crypto::hash::Type::SHA256;
+use crypto::hash::Type::SHA1;
 use crypto::pkey::PKey;
 use x509::{X509, X509Generator};
 use x509::extension::Extension::{KeyUsage, ExtKeyUsage, SubjectAltName, OtherNid, OtherStr};
@@ -17,7 +17,7 @@ fn get_generator() -> X509Generator {
         .set_bitlength(2048)
         .set_valid_period(365 * 2)
         .add_name("CN".to_string(), "test_me".to_string())
-        .set_sign_hash(SHA256)
+        .set_sign_hash(SHA1)
         .add_extension(KeyUsage(vec![DigitalSignature, KeyEncipherment]))
         .add_extension(ExtKeyUsage(vec![ClientAuth,
                                         ServerAuth,
@@ -56,7 +56,8 @@ fn test_cert_gen_extension_ordering() {
 #[test]
 fn test_cert_gen_extension_bad_ordering() {
     let result = get_generator()
-        .add_extension(OtherNid(Nid::AuthorityKeyIdentifier, "keyid:always".to_owned()))
+                     .add_extension(OtherNid(Nid::AuthorityKeyIdentifier,
+                                             "keyid:always".to_owned()))
                      .add_extension(OtherNid(Nid::SubjectKeyIdentifier, "hash".to_owned()))
                      .generate();
 
@@ -83,13 +84,9 @@ fn test_cert_loading() {
                        .expect("Failed to open `test/cert.pem`");
 
     let cert = X509::from_pem(&mut file).ok().expect("Failed to load PEM");
-    let fingerprint = cert.fingerprint(SHA256).unwrap();
+    let fingerprint = cert.fingerprint(SHA1).unwrap();
 
-    // Hash was generated as SHA256 hash of certificate "test/cert.pem"
-    // in DER format.
-    // Command: openssl x509 -in test/cert.pem  -outform DER | openssl dgst -sha256
-    // Please update if "test/cert.pem" will ever change
-    let hash_str = "db400bb62f1b1f29c3b8f323b8f7d9dea724fdcd67104ef549c772ae3749655b";
+    let hash_str = "E19427DAC79FBE758394945276A6E4F15F0BEBE6";
     let hash_vec = hash_str.from_hex().unwrap();
 
     assert_eq!(fingerprint, hash_vec);
@@ -109,7 +106,7 @@ fn test_subject_read_cn() {
         None => panic!("Failed to read CN from cert"),
     };
 
-    assert_eq!(&cn as &str, "test_cert")
+    assert_eq!(&cn as &str, "foobar.com")
 }
 
 #[test]
@@ -166,7 +163,8 @@ fn test_subject_alt_name() {
     let subject_alt_names = cert.subject_alt_names().unwrap();
     assert_eq!(3, subject_alt_names.len());
     assert_eq!(Some("foobar.com"), subject_alt_names.get(0).dnsname());
-    assert_eq!(subject_alt_names.get(1).ipaddress(), Some(&[127, 0, 0, 1][..]));
+    assert_eq!(subject_alt_names.get(1).ipaddress(),
+               Some(&[127, 0, 0, 1][..]));
     assert_eq!(subject_alt_names.get(2).ipaddress(),
                Some(&b"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01"[..]));
 }
@@ -178,8 +176,10 @@ fn test_subject_alt_name_iter() {
 
     let subject_alt_names = cert.subject_alt_names().unwrap();
     let mut subject_alt_names_iter = subject_alt_names.iter();
-    assert_eq!(subject_alt_names_iter.next().unwrap().dnsname(), Some("foobar.com"));
-    assert_eq!(subject_alt_names_iter.next().unwrap().ipaddress(), Some(&[127, 0, 0, 1][..]));
+    assert_eq!(subject_alt_names_iter.next().unwrap().dnsname(),
+               Some("foobar.com"));
+    assert_eq!(subject_alt_names_iter.next().unwrap().ipaddress(),
+               Some(&[127, 0, 0, 1][..]));
     assert_eq!(subject_alt_names_iter.next().unwrap().ipaddress(),
                Some(&b"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01"[..]));
     assert!(subject_alt_names_iter.next().is_none());

openssl/test/cert.pem

@@ -1,24 +1,21 @@
 -----BEGIN CERTIFICATE-----
-MIID9DCCAtygAwIBAgIJALuA8gDKi5EzMA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNV
-BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
-aWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMUCXRlc3RfY2VydDAeFw0xNTA1MTExNzI0
-MThaFw0xNjA1MTAxNzI0MThaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21l
-LVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNV
-BAMUCXRlc3RfY2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANYg
-8apqh+nHYBL/KS9SLtDmhTR2s+H3mk7avXACahMEt/Eapsft5YOJ8JAkPbkoyd91
-QtxbrDF1M3rtTfWwHrf4jCeZ6kt2CSvYyJCPP/7JbWPdMDsYFBtoBOEVMdjOLr4R
-8tAar2t1Gu63Mu7LWeYvyFKqJpDkP30/k+OED79l7rOQg6eVN+Qjr1wx3VSBhovs
-UShGnSRw5YWiKnvvUnHwq2eXkwXFOdkhRNsTpWgV+EZsOdunczGbEG4qa+iwJjod
-/b8O9R1rIr12mwgT2U3GHNpJU0I+Qu2063nONndhMfES3md6QCIlKMVYDSU/Wli5
-sLxTxykXWv548Ib8Yv8CAwEAAaOBvjCBuzAdBgNVHQ4EFgQUGec/TF+Ok3BoEAqX
-yvEi9+Emy9QwgYsGA1UdIwSBgzCBgIAUGec/TF+Ok3BoEAqXyvEi9+Emy9ShXaRb
-MFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJ
-bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMUCXRlc3RfY2VydIIJALuA
-8gDKi5EzMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALwDb82BBTfz
-X+7rENv+f76X+DkHjt6QzCr9f1PYpbIle5/XaxCp+Rkz1BGZTmPRPURpAzweznlG
-kY5KydZ1+XdxPHh2zReBS00KxMElmlMKWp7nOnIKohzcQxTFp4VZ7smb9ymXYdYQ
-nRqaLIM1AKsj+0ulqsSbKggIuUZBvfrAdC3J6//3CXSdvQLJGzYPtTLUddQLN9pv
-GXrdNmvK3BjP+kokAjTt+DMMbIIZZitUVjKXqB7WS/Mqss1P2mdagJmOaD2mL3pY
-HDCCpquJ1SKN3g33hOA0pMRxGskyJI8x71mnej0StbUV9GdX0wN5ziSb/ccF2GYi
-Q+MS7OxsTEY=
+MIIDhzCCAm+gAwIBAgIJAKyxk8nkmAtWMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMMCmZvb2Jhci5jb20wHhcNMTYwNTE2MDUw
+NTAwWhcNMjYwNTE0MDUwNTAwWjBaMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29t
+ZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD
+VQQDDApmb29iYXIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+qPQljESzF6NQhf4jkYfQeDYbSRf/LUfT5RvebDb8lrkEP/I33r/vMxK6ZcXy5LdK
+SanKImRvIPTVNJFOqOU/v9UIGXJQgKGWktCasZqKNmJP9ULI9eqZzAXNdLkg5Olf
+WiUl9bysDjVTUsIhwNTIV/ou1n+/ytJ4qvpO4TpIZXhZFoGbVKuNYF4dVXzroJGu
+1JLWJ5PZqwWwDI5mpaGTZ9qTDAEMVYOE4Yi5t877lqr1wEls1GXOyAHdRmzeALQ7
+obNudnqhPROIkx5OxdeMAEtSVqr+uuoUXhh65mSRsdMUEzPbzw9RzebdlNyk34Tv
+5k5QFFlcoPbQrTs26CoLNQIDAQABo1AwTjAdBgNVHQ4EFgQUtnMvYaVLoe9ILBWx
+n/PcNC+8rDAwHwYDVR0jBBgwFoAUtnMvYaVLoe9ILBWxn/PcNC+8rDAwDAYDVR0T
+BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAALVDDD2f25h5ytSkoUqQilybeRDg
+bPhTEEC83NWg2snV1yGtwO3zZ+hvX+J/RqOn33ER/RnQCZTB9FGPj566IbLwLSAE
+y83GDsbsFEWCL8yN4Q3dQVub7D3HZ5PBtGpBxC7brvJD7OnR3n75QOFC+OaGKUCo
+16XulVsB3IQsXdzL4GwoUqWGWaUyf5MkzFruBma16QetK5J10R42skeXssjvqupv
+qUQZxzGOzIGuLTBvJrtFxtoTCu+oZV942wGmuyvLwqRfzIODLNcGLS6lGJudXJPT
+Vapaj6maldL3qe1X4bxvtglnpdlrOJ65E3YEC1gcD1KUvfO5vItKrP1FbA==
 -----END CERTIFICATE-----

openssl/test/key.pem

@@ -1,27 +1,28 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEA1iDxqmqH6cdgEv8pL1Iu0OaFNHaz4feaTtq9cAJqEwS38Rqm
-x+3lg4nwkCQ9uSjJ33VC3FusMXUzeu1N9bAet/iMJ5nqS3YJK9jIkI8//sltY90w
-OxgUG2gE4RUx2M4uvhHy0Bqva3Ua7rcy7stZ5i/IUqomkOQ/fT+T44QPv2Xus5CD
-p5U35COvXDHdVIGGi+xRKEadJHDlhaIqe+9ScfCrZ5eTBcU52SFE2xOlaBX4Rmw5
-26dzMZsQbipr6LAmOh39vw71HWsivXabCBPZTcYc2klTQj5C7bTrec42d2Ex8RLe
-Z3pAIiUoxVgNJT9aWLmwvFPHKRda/njwhvxi/wIDAQABAoIBAQC918dqx7hoVBOh
-xAfHpJ1NKJPAx90D4no0n0qFHB7fbbeHU5G6f/iUfp+BrB/tIXSZYWU96SjpUHer
-7OjJgrQ5d2sLUTKgZK4M6c4oHFkok30gpOI2AksRYU+yHxBqn6JhcZhNWNtd8h1G
-t7W4cSHrK0H3yFMY8sQ3Tz7W4Cb2ENIN4wBKeQnmk4k9icG5yz0xLI/vPxqujKij
-JWMbk2jNllaUvDgsTAg/MFCzlJH98lzRrX/dhG+q6Rt4S18xac71PMGyUaWduyeC
-BHGhHW34361zGQYyeG6eWroTQhvwMHjNxvzA/RiTgHBXV5oRvd9BPPoUS53HYQJO
-mzNnfZvBAoGBAPF3VVw+RqG/+OyEkuqE20H35/oSB8tPC6QL/WjWUFwIcSfnkX7H
-WmdHBfqCAZlAOqOYgO3iWcgbcOhnggP9J6ssooErt6M7s7hPG/WXwSf0DoCUgtQF
-9OrcGNBvwtBMqm82hb8u4IpXUApMYF48MkjbaKSmHU3HQe0sIDese+wlAoGBAOME
-YJgtl6t3rcaJ2jzHfEsCTCtCBs2vS9ido73xF3QHTafll/sKMp5bA0mgNhSsphhs
-mJCfOl2Cr+0oN90zkumFe4bNIbWQOL/q+HeFwebK5/oWlg/NyvFmMm7LmniFPpBD
-NJHqV/ehn8Xuw4LheSG1Bg/aRH5NtoKDcG8+4ZdTAoGAFkTHHoavxOMLdeSUGATA
-o8jVH/7hsSJNFIf2iuCY8KPmq6Nzi5mfAL9QEdZDh3qg7c12tnmVhhrhws0o9G04
-Z1Tqd7csbGVpIapKDdA9BA5B+CG6HwudlrtNnotwD/3CChehJgyQsLF0tD5u9MHg
-cU+qyuR292FU9yaGohvKIfECgYEAjX7c9fz029rsZSLm85sizV3RO+UbeHgaPhmD
-RZBPnfIvZMalw8LHagwwMGO7UYeKvw5wyTN1nXMnVBoNN8I9f2/DXnHc4N3TgUtj
-MpwcD03I6QfK4G7UX0HjjUs6LIRgSmqZCZmW2rHSc/wtwBXo+ilqbdcNeevWJeLm
-4W/ADCECgYEA7RGbA6qzHtjVS4Nc9rE1tcv4a7p0EvnMXZhIkDZtJqPpkpyOZllm
-cTuMCGisw0SEIcSoH1pWRDschbIlOlsn1Mhnb/IczqfHZjb4hmX7Cnlc8WP6TBqI
-vma9anlEWW7eIOn5jkY3liQpQ7GJPkCjWuRzne26iV/LIsYj48602Z8=
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCo9CWMRLMXo1CF
+/iORh9B4NhtJF/8tR9PlG95sNvyWuQQ/8jfev+8zErplxfLkt0pJqcoiZG8g9NU0
+kU6o5T+/1QgZclCAoZaS0Jqxmoo2Yk/1Qsj16pnMBc10uSDk6V9aJSX1vKwONVNS
+wiHA1MhX+i7Wf7/K0niq+k7hOkhleFkWgZtUq41gXh1VfOugka7UktYnk9mrBbAM
+jmaloZNn2pMMAQxVg4ThiLm3zvuWqvXASWzUZc7IAd1GbN4AtDuhs252eqE9E4iT
+Hk7F14wAS1JWqv666hReGHrmZJGx0xQTM9vPD1HN5t2U3KTfhO/mTlAUWVyg9tCt
+OzboKgs1AgMBAAECggEBAKLj6IOJBKXolczpzb8UkyAjAkGBektcseV07gelJ/fk
+3z0LuWPv5p12E/HlXB24vU2x/ikUbbP3eMsawRzDEahQqmNmPEkYAYUAy/Qpi9GN
+DYvn3LqDec4jVgeQKS+p9H2DzUpTogp8zR2//yzbuWBg2+F//xh7vU0S0RQCziPM
+x7RSBgbhxSfChfEJbS2sDnzfh0jRQmoY95iFv7puet1FJtzdZ4fgCd1RqmC2lFM5
+H0eZtN/Cz19lieVs0b996DErdEBqClVZO00eYbRozCDaBzRU3ybB/dMrGJxhkkXm
+wb3kWMtziH9qOYsostuHIFu8eKFLloKxFnq2R4DGxOECgYEA2KUIZISOeGJSBcLJ
+JAUK2gvgXPNo4HHWIwOA9xeN3ZJlsnPlffXQNnm6t1st1V2gfMm9I2n0m/F0y2B/
+n/XGSa8bghfPA9l0c2h58lkL3JQJR/paa8ycTz+YZPrznEyN7Qa0RrJXUvZv9lQL
+Hc3+FHcSHgMqDV2f2bHAEu9YGi0CgYEAx6VEIPNvrHFgjo/jk1RTuk+m0xEWQsZL
+Cs+izQMr2TaeJn8LG+93AvFuYn0J0nT3WuStLPrUg8i4IhSS6lf1tId5ivIZPm4r
+YwMyblBJXhnHbk7Uqodjfw/3s6V2HAu++B7hTdyVr9DFuST9uv4m8bkPV8rfX1jE
+I2rAPVWvgikCgYB+wNAQP547wQrMZBLbCDg5KwmyWJfb+b6X7czexOEz6humNTjo
+YZHYzY/5B1fhpk3ntQD8X1nGg5caBvOk21+QbOtjShrM3cXMYCw5JvBRtitX+Zo9
+yBEMLOE0877ki8XeEDYZxu5gk98d+D4oygUGZEQtWxyXhVepPt5qNa8OYQKBgQDH
+RVgZI6KFlqzv3wMh3PutbS9wYQ+9GrtwUQuIYe/0YSW9+vSVr5E0qNKrD28sV39F
+hBauXLady0yvB6YUrjMbPFW+sCMuQzyfGWPO4+g3OrfqjFiM1ZIkE0YEU9Tt7XNx
+qTDtTI1D7bhNMnTnniI1B6ge0und+3XafAThs5L48QKBgQCTTpfqMt8kU3tcI9sf
+0MK03y7kA76d5uw0pZbWFy7KI4qnzWutCzb+FMPWWsoFtLJLPZy//u/ZCUVFVa4d
+0Y/ASNQIESVPXFLAltlLo4MSmsg1vCBsbviEEaPeEjvMrgki93pYtd/aOSgkYC1T
+mEq154s5rmqh+h+XRIf7Au0SLw==
+-----END PRIVATE KEY-----

openssl/test/rsa.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd/wWJcyQoTbji9k0
+l8W26mPddxHmfHQp+Vaw+4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL+yRT+SFd2lZS+pC
+gNMsD1W/YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb/7OMg0LOL+bSf63kpaSHSX
+ndS5z5rexMdbBYUsLA9e+KXBdQOS+UTo7WTBEMa2R2CapHg665xsmtdVMTBQY4uD
+Zlxvb3qCo5ZwKh9kG4LT6/I5IhlJH7aGhyxXFvUK+DWNmoudF8NAco9/h9iaGNj8
+q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQIDAQABAoIBABKucaRpzQorw35S
+bEUAVx8dYXUdZOlJcHtiWQ+dC6V8ljxAHj/PLyzTveyI5QO/xkObCyjIL303l2cf
+UhPu2MFaJdjVzqACXuOrLot/eSFvxjvqVidTtAZExqFRJ9mylUVAoLvhowVWmC1O
+n95fZCXxTUtxNEG1Xcc7m0rtzJKs45J+N/V9DP1edYH6USyPSWGp6wuA+KgHRnKK
+Vf9GRx80JQY7nVNkL17eHoTWEwga+lwi0FEoW9Y7lDtWXYmKBWhUE+U8PGxlJf8f
+40493HDw1WRQ/aSLoS4QTp3rn7gYgeHEvfJdkkf0UMhlknlo53M09EFPdadQ4TlU
+bjqKc50CgYEA4BzEEOtIpmVdVEZNCqS7baC4crd0pqnRH/5IB3jw3bcxGn6QLvnE
+tfdUdiYrqBdss1l58BQ3KhooKeQTa9AB0Hw/Py5PJdTJNPY8cQn7ouZ2KKDcmnPG
+BY5t7yLc1QlQ5xHdwW1VhvKn+nXqhJTBgIPgtldC+KDV5z+y2XDwGUcCgYEAuQPE
+fgmVtjL0Uyyx88GZFF1fOunH3+7cepKmtH4pxhtCoHqpWmT8YAmZxaewHgHAjLYs
+p1ZSe7zFYHj7C6ul7TjeLQeZD/YwD66t62wDmpe/HlB+TnBA+njbglfIsRLtXlnD
+zQkv5dTltRJ11BKBBypeeF6689rjcJIDEz9RWdcCgYAHAp9XcCSrn8wVkMVkKdb7
+DOX4IKjzdahm+ctDAJN4O/y7OW5FKebvUjdAIt2GuoTZ71iTG+7F0F+lP88jtjP4
+U4qe7VHoewl4MKOfXZKTe+YCS1XbNvfgwJ3Ltyl1OH9hWvu2yza7q+d5PCsDzqtm
+27kxuvULVeya+TEdAB1ijQKBgQCH/3r6YrVH/uCWGy6bzV1nGNOdjKc9tmkfOJmN
+54dxdixdpozCQ6U4OxZrsj3FcOhHBsqAHvX2uuYjagqvo3cOj1TRqNocX40omfCC
+Mx3bD1yPPf/6TI2XECva/ggqEY2mYzmIiA5LVVmc5nrybr+lssFKneeyxN2Wq93S
+0iJMdQKBgCGHewxzoa1r8ZMD0LETNrToK423K377UCYqXfg5XMclbrjPbEC3YI1Z
+NqMtuhdBJqUnBi6tjKMF+34Xf0CUN8ncuXGO2CAYvO8PdyCixHX52ybaDjy1FtCE
+6yUXjoKNXKvUm7MWGsAYH6f4IegOetN5NvmUMFStCSkh7ixZLkN1
+-----END RSA PRIVATE KEY-----

openssl/test/rsa.pem.pub

@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofgWCuLjybRlzo0tZWJj
+NiuSfb4p4fAkd/wWJcyQoTbji9k0l8W26mPddxHmfHQp+Vaw+4qPCJrcS2mJPMEz
+P1Pt0Bm4d4QlL+yRT+SFd2lZS+pCgNMsD1W/YpRPEwOWvG6b32690r2jZ47soMZo
+9wGzjb/7OMg0LOL+bSf63kpaSHSXndS5z5rexMdbBYUsLA9e+KXBdQOS+UTo7WTB
+EMa2R2CapHg665xsmtdVMTBQY4uDZlxvb3qCo5ZwKh9kG4LT6/I5IhlJH7aGhyxX
+FvUK+DWNmoudF8NAco9/h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXp
+oQIDAQAB
+-----END PUBLIC KEY-----