From 1bd57d7ffbddb406dca408093b65e7537bab4988 Mon Sep 17 00:00:00 2001
From: Steven Fackler <sfackler@gmail.com>
Date: Thu, 21 Nov 2013 23:15:47 -0800
Subject: [PATCH] More work on X509 functionality

---
 ffi.rs | 19 ++++++++++---------
 lib.rs | 34 +++++++++++++++++++++++++++-------
 2 files changed, 37 insertions(+), 16 deletions(-)

diff --git a/ffi.rs b/ffi.rs
index 79a63826..0ff77b74 100644
--- a/ffi.rs
+++ b/ffi.rs
@@ -9,6 +9,7 @@ pub type BIO = c_void;
 pub type BIO_METHOD = c_void;
 pub type X509_STORE_CTX = c_void;
 pub type X509 = c_void;
+pub type X509_NAME = c_void;
 pub type CRYPTO_EX_DATA = c_void;
 
 pub type CRYPTO_EX_new = extern "C" fn(parent: *c_void, ptr: *c_void,
@@ -38,8 +39,6 @@ pub static SSL_VERIFY_NONE: c_int = 0;
 pub static SSL_VERIFY_PEER: c_int = 1;
 
 pub static X509_V_OK: c_int = 0;
-/* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */
-
 pub static X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: c_int = 2;
 pub static X509_V_ERR_UNABLE_TO_GET_CRL: c_int = 3;
 pub static X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: c_int = 4;
@@ -67,12 +66,10 @@ pub static X509_V_ERR_PATH_LENGTH_EXCEEDED: c_int = 25;
 pub static X509_V_ERR_INVALID_PURPOSE: c_int = 26;
 pub static X509_V_ERR_CERT_UNTRUSTED: c_int = 27;
 pub static X509_V_ERR_CERT_REJECTED: c_int = 28;
-/* These are 'informational' when looking for issuer cert */
 pub static X509_V_ERR_SUBJECT_ISSUER_MISMATCH: c_int = 29;
 pub static X509_V_ERR_AKID_SKID_MISMATCH: c_int = 30;
 pub static X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: c_int = 31;
 pub static X509_V_ERR_KEYUSAGE_NO_CERTSIGN: c_int = 32;
-
 pub static X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: c_int = 33;
 pub static X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: c_int = 34;
 pub static X509_V_ERR_KEYUSAGE_NO_CRL_SIGN: c_int = 35;
@@ -81,15 +78,12 @@ pub static X509_V_ERR_INVALID_NON_CA: c_int = 37;
 pub static X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: c_int = 38;
 pub static X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: c_int = 39;
 pub static X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: c_int = 40;
-
 pub static X509_V_ERR_INVALID_EXTENSION: c_int = 41;
 pub static X509_V_ERR_INVALID_POLICY_EXTENSION: c_int = 42;
 pub static X509_V_ERR_NO_EXPLICIT_POLICY: c_int = 43;
 pub static X509_V_ERR_DIFFERENT_CRL_SCOPE: c_int = 44;
 pub static X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: c_int = 45;
-
 pub static X509_V_ERR_UNNESTED_RESOURCE: c_int = 46;
-
 pub static X509_V_ERR_PERMITTED_VIOLATION: c_int = 47;
 pub static X509_V_ERR_EXCLUDED_VIOLATION: c_int = 48;
 pub static X509_V_ERR_SUBTREE_MINMAX: c_int = 49;
@@ -97,10 +91,12 @@ pub static X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: c_int = 51;
 pub static X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: c_int = 52;
 pub static X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: c_int = 53;
 pub static X509_V_ERR_CRL_PATH_VALIDATION_ERROR: c_int = 54;
-
-/* The application is not happy */
 pub static X509_V_ERR_APPLICATION_VERIFICATION: c_int = 50;
 
+pub static XN_FLAG_RFC2253: c_ulong = 0x1110317;
+pub static XN_FLAG_ONELINE: c_ulong = 0x82031f;
+pub static XN_FLAG_MULTILINE: c_ulong = 0x2a40006;
+
 #[link_args = "-lssl -lcrypto"]
 extern "C" {
     pub fn CRYPTO_num_locks() -> c_int;
@@ -137,6 +133,11 @@ extern "C" {
     pub fn X509_STORE_CTX_get_current_cert(ct: *X509_STORE_CTX) -> *X509;
     pub fn X509_STORE_CTX_get_error(ctx: *X509_STORE_CTX) -> c_int;
 
+    pub fn X509_get_subject_name(x: *X509) -> *X509_NAME;
+
+    pub fn X509_NAME_print_ex(out: *BIO, nm: *X509_NAME, ident: c_int,
+                              flags: c_ulong) -> c_int;
+
     pub fn SSL_new(ctx: *SSL_CTX) -> *SSL;
     pub fn SSL_free(ssl: *SSL);
     pub fn SSL_set_bio(ssl: *SSL, rbio: *BIO, wbio: *BIO);
diff --git a/lib.rs b/lib.rs
index 6e450cef..dac9cd8f 100644
--- a/lib.rs
+++ b/lib.rs
@@ -205,6 +205,16 @@ pub struct X509<'ctx> {
     priv x509: *ffi::X509
 }
 
+pub struct X509Name<'x> {
+    priv name: *ffi::X509_NAME
+}
+
+pub enum X509NameFormat {
+    Rfc2253 = ffi::XN_FLAG_RFC2253,
+    Oneline = ffi::XN_FLAG_ONELINE,
+    Multiline = ffi::XN_FLAG_MULTILINE
+}
+
 macro_rules! make_validation_error(
     ($ok_val:ident, $($name:ident = $val:ident,)+) => (
         pub mod hack {
@@ -323,8 +333,8 @@ impl Ssl {
         assert!(bio != ptr::null());
 
         MemBio {
-            ssl: self,
-            bio: bio
+            bio: bio,
+            owned: false
         }
     }
 
@@ -333,8 +343,8 @@ impl Ssl {
         assert!(bio != ptr::null());
 
         MemBio {
-            ssl: self,
-            bio: bio
+            bio: bio,
+            owned: false
         }
     }
 
@@ -374,9 +384,19 @@ enum LibSslError {
     ErrorWantAccept = ffi::SSL_ERROR_WANT_ACCEPT,
 }
 
-struct MemBio<'self> {
-    ssl: &'self Ssl,
-    bio: *ffi::BIO
+struct MemBio<'ssl> {
+    bio: *ffi::BIO,
+    owned: bool
+}
+
+impl<'ssl> Drop for MemBio<'ssl> {
+    fn drop(&mut self) {
+        if self.owned {
+            unsafe {
+                ffi::BIO_free_all(self.bio);
+            }
+        }
+    }
 }
 
 impl<'self> MemBio<'self> {