min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #356 from erikjohnston/conninfo 

Add support for SSL_CIPHER
This commit is contained in:
Steven Fackler 2016-03-01 09:20:36 -08:00
parent 373d61fb69 80ac6e54ac
commit 1f5800fe2c
2 changed files with 96 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
openssl-sys/src/lib.rs
View File

@ -24,6 +24,7 @@ pub type EVP_CIPHER_CTX = c_void;
pub type EVP_MD = c_void; pub type EVP_MD = c_void;
pub type EVP_PKEY_CTX = c_void; pub type EVP_PKEY_CTX = c_void;
pub type SSL = c_void; pub type SSL = c_void;
pub type SSL_CIPHER = c_void;
pub type SSL_CTX = c_void; pub type SSL_CTX = c_void;
pub type SSL_METHOD = c_void; pub type SSL_METHOD = c_void;
pub type X509 = c_void; pub type X509 = c_void;
@ -642,6 +643,7 @@ extern "C" {
pub fn SSL_get_current_compression(ssl: *mut SSL) -> *const COMP_METHOD; pub fn SSL_get_current_compression(ssl: *mut SSL) -> *const COMP_METHOD;
pub fn SSL_get_peer_certificate(ssl: *mut SSL) -> *mut X509; pub fn SSL_get_peer_certificate(ssl: *mut SSL) -> *mut X509;
pub fn SSL_get_ssl_method(ssl: *mut SSL) -> *const SSL_METHOD; pub fn SSL_get_ssl_method(ssl: *mut SSL) -> *const SSL_METHOD;
pub fn SSL_get_version(ssl: *mut SSL) -> *const c_char;
pub fn SSL_state_string(ssl: *mut SSL) -> *const c_char; pub fn SSL_state_string(ssl: *mut SSL) -> *const c_char;
pub fn SSL_state_string_long(ssl: *mut SSL) -> *const c_char; pub fn SSL_state_string_long(ssl: *mut SSL) -> *const c_char;
@ -649,6 +651,13 @@ extern "C" {
pub fn SSL_COMP_get_name(comp: *const COMP_METHOD) -> *const c_char; pub fn SSL_COMP_get_name(comp: *const COMP_METHOD) -> *const c_char;
pub fn SSL_get_current_cipher(ssl: *const SSL) -> *const SSL_CIPHER;
pub fn SSL_CIPHER_get_name(cipher: *const SSL_CIPHER) -> *const c_char;
pub fn SSL_CIPHER_get_bits(cipher: *const SSL_CIPHER, alg_bits: *const c_int) -> c_int;
pub fn SSL_CIPHER_get_version(cipher: *const SSL_CIPHER) -> *const c_char;
pub fn SSL_CIPHER_description(cipher: *const SSL_CIPHER, buf: *mut c_char, size: c_int) -> *const c_char;
pub fn SSL_CTX_new(method: *const SSL_METHOD) -> *mut SSL_CTX; pub fn SSL_CTX_new(method: *const SSL_METHOD) -> *mut SSL_CTX;
pub fn SSL_CTX_free(ctx: *mut SSL_CTX); pub fn SSL_CTX_free(ctx: *mut SSL_CTX);
pub fn SSL_CTX_set_verify(ctx: *mut SSL_CTX, mode: c_int, pub fn SSL_CTX_set_verify(ctx: *mut SSL_CTX, mode: c_int,

87
openssl/src/ssl/mod.rs
View File

@ -769,6 +769,71 @@ impl SslContext {
} }
} }
pub struct CipherBits {
/// The number of secret bits used for the cipher.
pub secret: i32,
/// The number of bits processed by the chosen algorithm, if not None.
pub algorithm: Option<i32>,
}
pub struct SslCipher<'a> {
cipher: *const ffi::SSL_CIPHER,
ph: PhantomData<&'a ()>,
}
impl <'a> SslCipher<'a> {
/// Returns the name of cipher.
pub fn name(&self) -> &'static str {
let name = unsafe {
let ptr = ffi::SSL_CIPHER_get_name(self.cipher);
CStr::from_ptr(ptr as *const _)
};
str::from_utf8(name.to_bytes()).unwrap()
}
/// Returns the SSL/TLS protocol version that first defined the cipher.
pub fn version(&self) -> &'static str {
let version = unsafe {
let ptr = ffi::SSL_CIPHER_get_version(self.cipher);
CStr::from_ptr(ptr as *const _)
};
str::from_utf8(version.to_bytes()).unwrap()
}
/// Returns the number of bits used for the cipher.
pub fn bits(&self) -> CipherBits {
unsafe {
let algo_bits : *mut c_int = ptr::null_mut();
let secret_bits = ffi::SSL_CIPHER_get_bits(self.cipher, algo_bits);
if !algo_bits.is_null() {
CipherBits { secret: secret_bits, algorithm: Some(*algo_bits) }
} else {
CipherBits { secret: secret_bits, algorithm: None }
}
}
}
/// Returns a textual description of the cipher used
pub fn description(&self) -> Option<String> {
unsafe {
// SSL_CIPHER_description requires a buffer of at least 128 bytes.
let mut buf = [0i8; 128];
let desc_ptr = ffi::SSL_CIPHER_description(self.cipher, &mut buf[0], 128);
if !desc_ptr.is_null() {
String::from_utf8(CStr::from_ptr(desc_ptr).to_bytes().to_vec()).ok()
} else {
None
}
}
}
}
pub struct Ssl { pub struct Ssl {
ssl: *mut ffi::SSL, ssl: *mut ffi::SSL,
} }
@ -836,6 +901,18 @@ impl Ssl {
} }
} }
pub fn get_current_cipher<'a>(&'a self) -> Option<SslCipher<'a>> {
unsafe {
let ptr = ffi::SSL_get_current_cipher(self.ssl);
if ptr.is_null() {
None
} else {
Some(SslCipher{ cipher: ptr, ph: PhantomData })
}
}
}
pub fn state_string(&self) -> &'static str { pub fn state_string(&self) -> &'static str {
let state = unsafe { let state = unsafe {
let ptr = ffi::SSL_state_string(self.ssl); let ptr = ffi::SSL_state_string(self.ssl);
@ -881,6 +958,16 @@ impl Ssl {
} }
} }
/// Returns the name of the protocol used for the connection, e.g. "TLSv1.2", "SSLv3", etc.
pub fn version(&self) -> &'static str {
let version = unsafe {
let ptr = ffi::SSL_get_version(self.ssl);
CStr::from_ptr(ptr as *const _)
};
str::from_utf8(version.to_bytes()).unwrap()
}
/// Returns the protocol selected by performing Next Protocol Negotiation, if any. /// Returns the protocol selected by performing Next Protocol Negotiation, if any.
/// ///
/// The protocol's name is returned is an opaque sequence of bytes. It is up to the client /// The protocol's name is returned is an opaque sequence of bytes. It is up to the client