More work on X509 functionality
This commit is contained in:
Steven Fackler
parent
2216f86bd3
commit
1bd57d7ffb
19
ffi.rs
19
ffi.rs
|
|
@ -9,6 +9,7 @@ pub type BIO = c_void;
|
|||
pub type BIO_METHOD = c_void;
|
||||
pub type X509_STORE_CTX = c_void;
|
||||
pub type X509 = c_void;
|
||||
pub type X509_NAME = c_void;
|
||||
pub type CRYPTO_EX_DATA = c_void;
|
||||
|
||||
pub type CRYPTO_EX_new = extern "C" fn(parent: *c_void, ptr: *c_void,
|
||||
|
|
@ -38,8 +39,6 @@ pub static SSL_VERIFY_NONE: c_int = 0;
|
|||
pub static SSL_VERIFY_PEER: c_int = 1;
|
||||
|
||||
pub static X509_V_OK: c_int = 0;
|
||||
/* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */
|
||||
|
||||
pub static X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: c_int = 2;
|
||||
pub static X509_V_ERR_UNABLE_TO_GET_CRL: c_int = 3;
|
||||
pub static X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: c_int = 4;
|
||||
|
|
@ -67,12 +66,10 @@ pub static X509_V_ERR_PATH_LENGTH_EXCEEDED: c_int = 25;
|
|||
pub static X509_V_ERR_INVALID_PURPOSE: c_int = 26;
|
||||
pub static X509_V_ERR_CERT_UNTRUSTED: c_int = 27;
|
||||
pub static X509_V_ERR_CERT_REJECTED: c_int = 28;
|
||||
/* These are 'informational' when looking for issuer cert */
|
||||
pub static X509_V_ERR_SUBJECT_ISSUER_MISMATCH: c_int = 29;
|
||||
pub static X509_V_ERR_AKID_SKID_MISMATCH: c_int = 30;
|
||||
pub static X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: c_int = 31;
|
||||
pub static X509_V_ERR_KEYUSAGE_NO_CERTSIGN: c_int = 32;
|
||||
|
||||
pub static X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: c_int = 33;
|
||||
pub static X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: c_int = 34;
|
||||
pub static X509_V_ERR_KEYUSAGE_NO_CRL_SIGN: c_int = 35;
|
||||
|
|
@ -81,15 +78,12 @@ pub static X509_V_ERR_INVALID_NON_CA: c_int = 37;
|
|||
pub static X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: c_int = 38;
|
||||
pub static X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: c_int = 39;
|
||||
pub static X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: c_int = 40;
|
||||
|
||||
pub static X509_V_ERR_INVALID_EXTENSION: c_int = 41;
|
||||
pub static X509_V_ERR_INVALID_POLICY_EXTENSION: c_int = 42;
|
||||
pub static X509_V_ERR_NO_EXPLICIT_POLICY: c_int = 43;
|
||||
pub static X509_V_ERR_DIFFERENT_CRL_SCOPE: c_int = 44;
|
||||
pub static X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: c_int = 45;
|
||||
|
||||
pub static X509_V_ERR_UNNESTED_RESOURCE: c_int = 46;
|
||||
|
||||
pub static X509_V_ERR_PERMITTED_VIOLATION: c_int = 47;
|
||||
pub static X509_V_ERR_EXCLUDED_VIOLATION: c_int = 48;
|
||||
pub static X509_V_ERR_SUBTREE_MINMAX: c_int = 49;
|
||||
|
|
@ -97,10 +91,12 @@ pub static X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: c_int = 51;
|
|||
pub static X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: c_int = 52;
|
||||
pub static X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: c_int = 53;
|
||||
pub static X509_V_ERR_CRL_PATH_VALIDATION_ERROR: c_int = 54;
|
||||
|
||||
/* The application is not happy */
|
||||
pub static X509_V_ERR_APPLICATION_VERIFICATION: c_int = 50;
|
||||
|
||||
pub static XN_FLAG_RFC2253: c_ulong = 0x1110317;
|
||||
pub static XN_FLAG_ONELINE: c_ulong = 0x82031f;
|
||||
pub static XN_FLAG_MULTILINE: c_ulong = 0x2a40006;
|
||||
|
||||
#[link_args = "-lssl -lcrypto"]
|
||||
extern "C" {
|
||||
pub fn CRYPTO_num_locks() -> c_int;
|
||||
|
|
@ -137,6 +133,11 @@ extern "C" {
|
|||
pub fn X509_STORE_CTX_get_current_cert(ct: *X509_STORE_CTX) -> *X509;
|
||||
pub fn X509_STORE_CTX_get_error(ctx: *X509_STORE_CTX) -> c_int;
|
||||
|
||||
pub fn X509_get_subject_name(x: *X509) -> *X509_NAME;
|
||||
|
||||
pub fn X509_NAME_print_ex(out: *BIO, nm: *X509_NAME, ident: c_int,
|
||||
flags: c_ulong) -> c_int;
|
||||
|
||||
pub fn SSL_new(ctx: *SSL_CTX) -> *SSL;
|
||||
pub fn SSL_free(ssl: *SSL);
|
||||
pub fn SSL_set_bio(ssl: *SSL, rbio: *BIO, wbio: *BIO);
|
||||
|
|
|
|||
34
lib.rs
34
lib.rs
|
|
@ -205,6 +205,16 @@ pub struct X509<'ctx> {
|
|||
priv x509: *ffi::X509
|
||||
}
|
||||
|
||||
pub struct X509Name<'x> {
|
||||
priv name: *ffi::X509_NAME
|
||||
}
|
||||
|
||||
pub enum X509NameFormat {
|
||||
Rfc2253 = ffi::XN_FLAG_RFC2253,
|
||||
Oneline = ffi::XN_FLAG_ONELINE,
|
||||
Multiline = ffi::XN_FLAG_MULTILINE
|
||||
}
|
||||
|
||||
macro_rules! make_validation_error(
|
||||
($ok_val:ident, $($name:ident = $val:ident,)+) => (
|
||||
pub mod hack {
|
||||
|
|
@ -323,8 +333,8 @@ impl Ssl {
|
|||
assert!(bio != ptr::null());
|
||||
|
||||
MemBio {
|
||||
ssl: self,
|
||||
bio: bio
|
||||
bio: bio,
|
||||
owned: false
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -333,8 +343,8 @@ impl Ssl {
|
|||
assert!(bio != ptr::null());
|
||||
|
||||
MemBio {
|
||||
ssl: self,
|
||||
bio: bio
|
||||
bio: bio,
|
||||
owned: false
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -374,9 +384,19 @@ enum LibSslError {
|
|||
ErrorWantAccept = ffi::SSL_ERROR_WANT_ACCEPT,
|
||||
}
|
||||
|
||||
struct MemBio<'self> {
|
||||
ssl: &'self Ssl,
|
||||
bio: *ffi::BIO
|
||||
struct MemBio<'ssl> {
|
||||
bio: *ffi::BIO,
|
||||
owned: bool
|
||||
}
|
||||
|
||||
impl<'ssl> Drop for MemBio<'ssl> {
|
||||
fn drop(&mut self) {
|
||||
if self.owned {
|
||||
unsafe {
|
||||
ffi::BIO_free_all(self.bio);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl<'self> MemBio<'self> {
|
||||
|
|
|
|||
Loading…
Reference in New Issue