Merge remote-tracking branch 'upstream/master'

.github/workflows/ci.yml

@@ -327,6 +327,7 @@ jobs:
           sleep 10
           echo "===  Publishing compio-boring2... ==="
           (cd compio-boring && cargo publish)
+          sleep 10
           echo "===  Publishing quinn-boring2... ==="
           (cd quinn-boring && cargo publish)
 

RELEASE_NOTES

@@ -1,3 +1,12 @@
+4.19.0
+- 2025-09-03 Add binding for X509_check_ip_asc
+- 2025-06-13 Use ERR_clear_error
+- 2025-06-13 Error descriptions and docs
+- 2025-06-13 Boring doesn't use function codes
+- 2025-09-03 Fix patched docs.rs builds
+- 2025-09-03 Test docs.rs docs
+- 2025-09-03 Fix doc links
+
 4.18.0
 - 2025-05-29 Add set_verify_param
 - 2025-05-28 Add support for X509_STORE_CTX_get0_untrusted

boring/src/x509/mod.rs

@@ -745,6 +745,13 @@ impl X509Ref {
         }
     }
 
+    #[corresponds(X509_check_ip_asc)]
+    pub fn check_ip_asc(&self, address: &str) -> Result<bool, ErrorStack> {
+        let c_str = CString::new(address).map_err(ErrorStack::internal_error)?;
+
+        unsafe { cvt_n(ffi::X509_check_ip_asc(self.as_ptr(), c_str.as_ptr(), 0)).map(|n| n == 1) }
+    }
+
     to_pem! {
         /// Serializes the certificate into a PEM-encoded X509 structure.
         ///

boring/src/x509/tests/mod.rs

@@ -513,3 +513,16 @@ fn test_load_subject_der() {
     ];
     X509Name::from_der(SUBJECT_DER).unwrap();
 }
+
+#[test]
+fn test_check_ip_asc() {
+    // Covers 127.0.0.1 and 0:0:0:0:0:0:0:1
+    let cert = include_bytes!("../../../test/alt_name_cert.pem");
+    let cert = X509::from_pem(cert).unwrap();
+
+    assert!(cert.check_ip_asc("127.0.0.1").unwrap());
+    assert!(!cert.check_ip_asc("127.0.0.2").unwrap());
+
+    assert!(cert.check_ip_asc("0:0:0:0:0:0:0:1").unwrap());
+    assert!(!cert.check_ip_asc("0:0:0:0:0:0:0:2").unwrap());
+}