min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Implement new feature setup 

The basic idea here is that there is a feature for each supported
OpenSSL version. Enabling multiple features represents support for
multiple OpenSSL versions, but it's then up to you to check which
version you link against (probably by depending on openssl-sys and
making a build script similar to what openssl does).
This commit is contained in:
Steven Fackler 2016-10-17 21:21:09 -07:00
parent f6bf022cf2
commit 194298a057
8 changed files with 54 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
openssl/Cargo.toml
View File

@ -12,8 +12,9 @@ build = "build.rs"
exclude = ["test/*"] exclude = ["test/*"]
[features] [features]
openssl-102 = [] v101 = []
openssl-110 = ["openssl-102"] v102 = []
v110 = []
[dependencies] [dependencies]
bitflags = "0.7" bitflags = "0.7"

13
openssl/build.rs
View File

@ -4,20 +4,17 @@ fn main() {
if env::var("DEP_OPENSSL_IS_110").is_ok() { if env::var("DEP_OPENSSL_IS_110").is_ok() {
println!("cargo:rustc-cfg=ossl110"); println!("cargo:rustc-cfg=ossl110");
return; return;
} else if cfg!(feature = "openssl-110") { } else if env::var("DEP_OPENSSL_IS_102").is_ok() {
panic!("the openssl-110 feature is enabled but OpenSSL 1.1.0+ is not being linked against");
}
if env::var("DEP_OPENSSL_IS_102").is_ok() {
println!("cargo:rustc-cfg=ossl102"); println!("cargo:rustc-cfg=ossl102");
println!("cargo:rustc-cfg=ossl10x"); println!("cargo:rustc-cfg=ossl10x");
return; return;
} else if cfg!(feature = "openssl-102") { } else if env::var("DEP_OPENSSL_IS_101").is_ok() {
panic!("the openssl-102 feature is enabled but OpenSSL 1.0.2+")
}
if env::var("DEP_OPENSSL_IS_101").is_ok() {
println!("cargo:rustc-cfg=ossl101"); println!("cargo:rustc-cfg=ossl101");
println!("cargo:rustc-cfg=ossl10x"); println!("cargo:rustc-cfg=ossl10x");
} else {
panic!("Unable to detect OpenSSL version");
} }
if let Ok(vars) = env::var("DEP_OPENSSL_OSSLCONF") { if let Ok(vars) = env::var("DEP_OPENSSL_OSSLCONF") {
for var in vars.split(",") { for var in vars.split(",") {
println!("cargo:rustc-cfg=osslconf=\"{}\"", var); println!("cargo:rustc-cfg=osslconf=\"{}\"", var);

11
openssl/src/dh.rs
View File

@ -33,21 +33,24 @@ impl DH {
} }
} }
#[cfg(feature = "openssl-102")] /// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0.
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
pub fn get_1024_160() -> Result<DH, ErrorStack> { pub fn get_1024_160() -> Result<DH, ErrorStack> {
unsafe { unsafe {
cvt_p(ffi::DH_get_1024_160()).map(DH) cvt_p(ffi::DH_get_1024_160()).map(DH)
} }
} }
#[cfg(feature = "openssl-102")] /// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0.
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
pub fn get_2048_224() -> Result<DH, ErrorStack> { pub fn get_2048_224() -> Result<DH, ErrorStack> {
unsafe { unsafe {
cvt_p(ffi::DH_get_2048_224()).map(DH) cvt_p(ffi::DH_get_2048_224()).map(DH)
} }
} }
#[cfg(feature = "openssl-102")] /// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0.
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
pub fn get_2048_256() -> Result<DH, ErrorStack> { pub fn get_2048_256() -> Result<DH, ErrorStack> {
unsafe { unsafe {
cvt_p(ffi::DH_get_2048_256()).map(DH) cvt_p(ffi::DH_get_2048_256()).map(DH)
@ -96,7 +99,7 @@ mod tests {
use ssl::{SslMethod, SslContext}; use ssl::{SslMethod, SslContext};
#[test] #[test]
#[cfg(feature = "openssl-102")] #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
fn test_dh_rfc5114() { fn test_dh_rfc5114() {
let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap();
let dh1 = DH::get_1024_160().unwrap(); let dh1 = DH::get_1024_160().unwrap();

45
openssl/src/ssl/mod.rs
View File

@ -22,7 +22,7 @@ use ffi;
use {init, cvt, cvt_p}; use {init, cvt, cvt_p};
use dh::DH; use dh::DH;
use x509::{X509StoreContext, X509FileType, X509, X509Ref}; use x509::{X509StoreContext, X509FileType, X509, X509Ref};
#[cfg(feature = "openssl-102")] #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
use x509::verify::X509VerifyParamRef; use x509::verify::X509VerifyParamRef;
use crypto::pkey::PKey; use crypto::pkey::PKey;
use error::ErrorStack; use error::ErrorStack;
@ -67,11 +67,14 @@ bitflags! {
const SSL_OP_NO_TLSV1 = ffi::SSL_OP_NO_TLSv1, const SSL_OP_NO_TLSV1 = ffi::SSL_OP_NO_TLSv1,
const SSL_OP_NO_TLSV1_2 = ffi::SSL_OP_NO_TLSv1_2, const SSL_OP_NO_TLSV1_2 = ffi::SSL_OP_NO_TLSv1_2,
const SSL_OP_NO_TLSV1_1 = ffi::SSL_OP_NO_TLSv1_1, const SSL_OP_NO_TLSV1_1 = ffi::SSL_OP_NO_TLSv1_1,
#[cfg(feature = "openssl-102")] /// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0.
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
const SSL_OP_NO_DTLSV1 = ffi::SSL_OP_NO_DTLSv1, const SSL_OP_NO_DTLSV1 = ffi::SSL_OP_NO_DTLSv1,
#[cfg(feature = "openssl-102")] /// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0.
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
const SSL_OP_NO_DTLSV1_2 = ffi::SSL_OP_NO_DTLSv1_2, const SSL_OP_NO_DTLSV1_2 = ffi::SSL_OP_NO_DTLSv1_2,
#[cfg(feature = "openssl-102")] /// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0.
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
const SSL_OP_NO_SSL_MASK = ffi::SSL_OP_NO_SSL_MASK, const SSL_OP_NO_SSL_MASK = ffi::SSL_OP_NO_SSL_MASK,
} }
} }
@ -133,7 +136,8 @@ fn get_ssl_verify_data_idx<T: Any + 'static>() -> c_int {
lazy_static! { lazy_static! {
static ref NPN_PROTOS_IDX: c_int = get_new_idx::<Vec<u8>>(); static ref NPN_PROTOS_IDX: c_int = get_new_idx::<Vec<u8>>();
} }
#[cfg(feature = "openssl-102")]
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
lazy_static! { lazy_static! {
static ref ALPN_PROTOS_IDX: c_int = get_new_idx::<Vec<u8>>(); static ref ALPN_PROTOS_IDX: c_int = get_new_idx::<Vec<u8>>();
} }
@ -276,7 +280,7 @@ extern fn raw_next_proto_select_cb(ssl: *mut ffi::SSL,
unsafe { select_proto_using(ssl, out, outlen, inbuf, inlen, *NPN_PROTOS_IDX) } unsafe { select_proto_using(ssl, out, outlen, inbuf, inlen, *NPN_PROTOS_IDX) }
} }
#[cfg(feature = "openssl-102")] #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
extern fn raw_alpn_select_cb(ssl: *mut ffi::SSL, extern fn raw_alpn_select_cb(ssl: *mut ffi::SSL,
out: *mut *const c_uchar, out: *mut *const c_uchar,
outlen: *mut c_uchar, outlen: *mut c_uchar,
@ -538,17 +542,9 @@ impl<'a> SslContextRef<'a> {
/// compatible clients, and automatically select an appropriate elliptic /// compatible clients, and automatically select an appropriate elliptic
/// curve. /// curve.
/// ///
/// This feature is always enabled on OpenSSL 1.1.0, and calling this /// Requires the `v102` feature and OpenSSL 1.0.2.
/// method does nothing. #[cfg(all(feature = "v102", ossl102))]
///
/// This method requires the `openssl-102` feature.
#[cfg(feature = "openssl-102")]
pub fn set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> { pub fn set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> {
self._set_ecdh_auto(onoff)
}
#[cfg(all(feature = "openssl-102", ossl102))]
fn _set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> {
unsafe { unsafe {
cvt(ffi::SSL_CTX_ctrl(self.as_ptr(), cvt(ffi::SSL_CTX_ctrl(self.as_ptr(),
ffi::SSL_CTRL_SET_ECDH_AUTO, ffi::SSL_CTRL_SET_ECDH_AUTO,
@ -558,11 +554,6 @@ impl<'a> SslContextRef<'a> {
} }
} }
#[cfg(all(feature = "openssl-102", ossl110))]
fn _set_ecdh_auto(&mut self, _onoff: bool) -> Result<(), ErrorStack> {
Ok(())
}
pub fn set_options(&mut self, option: SslContextOptions) -> SslContextOptions { pub fn set_options(&mut self, option: SslContextOptions) -> SslContextOptions {
let ret = unsafe { compat::SSL_CTX_set_options(self.as_ptr(), option.bits()) }; let ret = unsafe { compat::SSL_CTX_set_options(self.as_ptr(), option.bits()) };
SslContextOptions::from_bits(ret).unwrap() SslContextOptions::from_bits(ret).unwrap()
@ -610,8 +601,8 @@ impl<'a> SslContextRef<'a> {
/// ///
/// Note that ordering of the protocols controls the priority with which they are chosen. /// Note that ordering of the protocols controls the priority with which they are chosen.
/// ///
/// This method needs the `openssl-102` feature. /// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0.
#[cfg(feature = "openssl-102")] #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
pub fn set_alpn_protocols(&mut self, protocols: &[&[u8]]) { pub fn set_alpn_protocols(&mut self, protocols: &[&[u8]]) {
let protocols: Box<Vec<u8>> = Box::new(ssl_encode_byte_strings(protocols)); let protocols: Box<Vec<u8>> = Box::new(ssl_encode_byte_strings(protocols));
unsafe { unsafe {
@ -928,8 +919,8 @@ impl<'a> SslRef<'a> {
/// The protocol's name is returned is an opaque sequence of bytes. It is up to the client /// The protocol's name is returned is an opaque sequence of bytes. It is up to the client
/// to interpret it. /// to interpret it.
/// ///
/// This method needs the `alpn` feature. /// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0.
#[cfg(feature = "openssl-102")] #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
pub fn selected_alpn_protocol(&self) -> Option<&[u8]> { pub fn selected_alpn_protocol(&self) -> Option<&[u8]> {
unsafe { unsafe {
let mut data: *const c_uchar = ptr::null(); let mut data: *const c_uchar = ptr::null();
@ -1007,8 +998,8 @@ impl<'a> SslRef<'a> {
/// Returns the X509 verification configuration. /// Returns the X509 verification configuration.
/// ///
/// Requires the `openssl-102` feature. /// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or 1.1.0.
#[cfg(feature = "openssl-102")] #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
pub fn param(&mut self) -> X509VerifyParamRef<'a> { pub fn param(&mut self) -> X509VerifyParamRef<'a> {
unsafe { unsafe {
X509VerifyParamRef::from_ptr(ffi::SSL_get0_param(self.as_ptr())) X509VerifyParamRef::from_ptr(ffi::SSL_get0_param(self.as_ptr()))

24
openssl/src/ssl/tests/mod.rs
View File

@ -20,12 +20,12 @@ use ssl::SSL_VERIFY_PEER;
use ssl::{SslMethod, HandshakeError}; use ssl::{SslMethod, HandshakeError};
use ssl::error::Error; use ssl::error::Error;
use ssl::{SslContext, SslStream}; use ssl::{SslContext, SslStream};
#[cfg(feature = "openssl-102")] #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
use ssl::IntoSsl; use ssl::IntoSsl;
use x509::X509StoreContext; use x509::X509StoreContext;
use x509::X509FileType; use x509::X509FileType;
use x509::X509; use x509::X509;
#[cfg(feature = "openssl-102")] #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
use x509::verify::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS; use x509::verify::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS;
use crypto::pkey::PKey; use crypto::pkey::PKey;
@ -509,7 +509,7 @@ fn test_state() {
/// Tests that connecting with the client using ALPN, but the server not does not /// Tests that connecting with the client using ALPN, but the server not does not
/// break the existing connection behavior. /// break the existing connection behavior.
#[test] #[test]
#[cfg(feature = "openssl-102")] #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
fn test_connect_with_unilateral_alpn() { fn test_connect_with_unilateral_alpn() {
let (_s, stream) = Server::new(); let (_s, stream) = Server::new();
let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap();
@ -552,7 +552,7 @@ fn test_connect_with_unilateral_npn() {
/// Tests that when both the client as well as the server use ALPN and their /// Tests that when both the client as well as the server use ALPN and their
/// lists of supported protocols have an overlap, the correct protocol is chosen. /// lists of supported protocols have an overlap, the correct protocol is chosen.
#[test] #[test]
#[cfg(feature = "openssl-102")] #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
fn test_connect_with_alpn_successful_multiple_matching() { fn test_connect_with_alpn_successful_multiple_matching() {
let (_s, stream) = Server::new_alpn(); let (_s, stream) = Server::new_alpn();
let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap();
@ -574,7 +574,7 @@ fn test_connect_with_alpn_successful_multiple_matching() {
/// Tests that when both the client as well as the server use NPN and their /// Tests that when both the client as well as the server use NPN and their
/// lists of supported protocols have an overlap, the correct protocol is chosen. /// lists of supported protocols have an overlap, the correct protocol is chosen.
#[test] #[test]
#[cfg(feature = "openssl-102")] #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
fn test_connect_with_npn_successful_multiple_matching() { fn test_connect_with_npn_successful_multiple_matching() {
let (_s, stream) = Server::new_alpn(); let (_s, stream) = Server::new_alpn();
let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap();
@ -597,7 +597,7 @@ fn test_connect_with_npn_successful_multiple_matching() {
/// lists of supported protocols have an overlap -- with only ONE protocol /// lists of supported protocols have an overlap -- with only ONE protocol
/// being valid for both. /// being valid for both.
#[test] #[test]
#[cfg(feature = "openssl-102")] #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
fn test_connect_with_alpn_successful_single_match() { fn test_connect_with_alpn_successful_single_match() {
let (_s, stream) = Server::new_alpn(); let (_s, stream) = Server::new_alpn();
let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap();
@ -621,7 +621,7 @@ fn test_connect_with_alpn_successful_single_match() {
/// lists of supported protocols have an overlap -- with only ONE protocol /// lists of supported protocols have an overlap -- with only ONE protocol
/// being valid for both. /// being valid for both.
#[test] #[test]
#[cfg(feature = "openssl-102")] #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
fn test_connect_with_npn_successful_single_match() { fn test_connect_with_npn_successful_single_match() {
let (_s, stream) = Server::new_alpn(); let (_s, stream) = Server::new_alpn();
let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap();
@ -683,7 +683,7 @@ fn test_npn_server_advertise_multiple() {
/// Tests that when the `SslStream` is created as a server stream, the protocols /// Tests that when the `SslStream` is created as a server stream, the protocols
/// are correctly advertised to the client. /// are correctly advertised to the client.
#[test] #[test]
#[cfg(feature = "openssl-102")] #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
fn test_alpn_server_advertise_multiple() { fn test_alpn_server_advertise_multiple() {
let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let listener = TcpListener::bind("127.0.0.1:0").unwrap();
let localhost = listener.local_addr().unwrap(); let localhost = listener.local_addr().unwrap();
@ -724,7 +724,7 @@ fn test_alpn_server_advertise_multiple() {
/// Test that Servers supporting ALPN don't report a protocol when none of their protocols match /// Test that Servers supporting ALPN don't report a protocol when none of their protocols match
/// the client's reported protocol. /// the client's reported protocol.
#[test] #[test]
#[cfg(all(feature = "openssl-102", ossl102))] #[cfg(all(feature = "v102", ossl102))]
fn test_alpn_server_select_none() { fn test_alpn_server_select_none() {
let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let listener = TcpListener::bind("127.0.0.1:0").unwrap();
let localhost = listener.local_addr().unwrap(); let localhost = listener.local_addr().unwrap();
@ -759,7 +759,7 @@ fn test_alpn_server_select_none() {
// In 1.1.0, ALPN negotiation failure is a fatal error // In 1.1.0, ALPN negotiation failure is a fatal error
#[test] #[test]
#[cfg(all(feature = "openssl-102", ossl110))] #[cfg(all(feature = "v110", ossl110))]
fn test_alpn_server_select_none() { fn test_alpn_server_select_none() {
let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let listener = TcpListener::bind("127.0.0.1:0").unwrap();
let localhost = listener.local_addr().unwrap(); let localhost = listener.local_addr().unwrap();
@ -1066,7 +1066,7 @@ fn add_extra_chain_cert() {
#[test] #[test]
#[cfg_attr(windows, ignore)] // don't have a trusted CA list easily available :( #[cfg_attr(windows, ignore)] // don't have a trusted CA list easily available :(
#[cfg(feature = "openssl-102")] #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
fn valid_hostname() { fn valid_hostname() {
let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap();
ctx.set_default_verify_paths().unwrap(); ctx.set_default_verify_paths().unwrap();
@ -1090,7 +1090,7 @@ fn valid_hostname() {
#[test] #[test]
#[cfg_attr(windows, ignore)] // don't have a trusted CA list easily available :( #[cfg_attr(windows, ignore)] // don't have a trusted CA list easily available :(
#[cfg(feature = "openssl-102")] #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
fn invalid_hostname() { fn invalid_hostname() {
let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap();
ctx.set_default_verify_paths().unwrap(); ctx.set_default_verify_paths().unwrap();

2
openssl/src/x509/mod.rs
View File

@ -36,7 +36,7 @@ use ffi::{
pub mod extension; pub mod extension;
#[cfg(feature = "openssl-102")] #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
pub mod verify; pub mod verify;
use self::extension::{ExtensionType, Extension}; use self::extension::{ExtensionType, Extension};

7
openssl/src/x509/verify.rs
View File

@ -1,3 +1,7 @@
//! X509 certificate verification
//!
//! Requires the `v102` or `v110` features and OpenSSL 1.0.2 or 1.1.0.
use std::marker::PhantomData; use std::marker::PhantomData;
use libc::c_uint; use libc::c_uint;
use ffi; use ffi;
@ -13,7 +17,8 @@ bitflags! {
const X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS = ffi::X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS, const X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS = ffi::X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS,
const X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS const X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS
= ffi::X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS, = ffi::X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS,
#[cfg(feature = "openssl-110")] /// Requires the `v110` feature and OpenSSL 1.1.0.
#[cfg(all(feature = "v110", ossl110))]
const X509_CHECK_FLAG_NEVER_CHECK_SUBJECT = ffi::X509_CHECK_FLAG_NEVER_CHECK_SUBJECT, const X509_CHECK_FLAG_NEVER_CHECK_SUBJECT = ffi::X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
} }
} }

4
openssl/test/run.sh
View File

@ -3,10 +3,10 @@ set -e
case "$BUILD_OPENSSL_VERSION" in case "$BUILD_OPENSSL_VERSION" in
1.0.2*) 1.0.2*)
FEATURES="openssl-102" FEATURES="v102"
;; ;;
1.1.0*) 1.1.0*)
FEATURES="openssl-110" FEATURES="v110"
;; ;;
esac esac