Make verification callbacks sound

lib.rs

@@ -111,14 +111,14 @@ extern "C" fn raw_verify(preverify_ok: c_int, x509_ctx: *ffi::X509_STORE_CTX)
 
         match verify {
             None => preverify_ok,
-            Some(verify) => verify(preverify_ok != 0, ctx) as c_int
+            Some(verify) => verify(preverify_ok != 0, &ctx) as c_int
         }
     }
 }
 
 /// The signature of functions that can be used to manually verify certificates
 pub type VerifyCallback = extern "Rust" fn(preverify_ok: bool,
-                                           x509_ctx: X509StoreContext) -> bool;
+                                           x509_ctx: &X509StoreContext) -> bool;
 
 /// An SSL context object
 pub struct SslContext {
@@ -189,7 +189,7 @@ impl X509StoreContext {
         X509ValidationError::from_raw(err)
     }
 
-    pub fn get_current_cert(&self) -> Option<X509> {
+    pub fn get_current_cert<'a>(&'a self) -> Option<X509<'a>> {
         let ptr = unsafe { ffi::X509_STORE_CTX_get_current_cert(self.ctx) };
 
         if ptr.is_null() {
@@ -201,7 +201,7 @@ impl X509StoreContext {
 }
 
 /// A public key certificate
-pub struct X509 {
+pub struct X509<'ctx> {
     priv x509: *ffi::X509
 }
 

test.rs

@@ -47,7 +47,7 @@ fn test_verify_trusted() {
 
 #[test]
 fn test_verify_untrusted_callback_override_ok() {
-    fn callback(_preverify_ok: bool, _x509_ctx: X509StoreContext) -> bool {
+    fn callback(_preverify_ok: bool, _x509_ctx: &X509StoreContext) -> bool {
         true
     }
     let stream = TcpStream::connect(FromStr::from_str("127.0.0.1:15418").unwrap()).unwrap();
@@ -61,7 +61,7 @@ fn test_verify_untrusted_callback_override_ok() {
 
 #[test]
 fn test_verify_untrusted_callback_override_bad() {
-    fn callback(_preverify_ok: bool, _x509_ctx: X509StoreContext) -> bool {
+    fn callback(_preverify_ok: bool, _x509_ctx: &X509StoreContext) -> bool {
         false
     }
     let stream = TcpStream::connect(FromStr::from_str("127.0.0.1:15418").unwrap()).unwrap();
@@ -72,7 +72,7 @@ fn test_verify_untrusted_callback_override_bad() {
 
 #[test]
 fn test_verify_trusted_callback_override_ok() {
-    fn callback(_preverify_ok: bool, _x509_ctx: X509StoreContext) -> bool {
+    fn callback(_preverify_ok: bool, _x509_ctx: &X509StoreContext) -> bool {
         true
     }
     let stream = TcpStream::connect(FromStr::from_str("127.0.0.1:15418").unwrap()).unwrap();
@@ -90,7 +90,7 @@ fn test_verify_trusted_callback_override_ok() {
 
 #[test]
 fn test_verify_trusted_callback_override_bad() {
-    fn callback(_preverify_ok: bool, _x509_ctx: X509StoreContext) -> bool {
+    fn callback(_preverify_ok: bool, _x509_ctx: &X509StoreContext) -> bool {
         false
     }
     let stream = TcpStream::connect(FromStr::from_str("127.0.0.1:15418").unwrap()).unwrap();
@@ -105,7 +105,7 @@ fn test_verify_trusted_callback_override_bad() {
 
 #[test]
 fn test_verify_callback_load_certs() {
-    fn callback(_preverify_ok: bool, x509_ctx: X509StoreContext) -> bool {
+    fn callback(_preverify_ok: bool, x509_ctx: &X509StoreContext) -> bool {
         assert!(x509_ctx.get_current_cert().is_some());
         true
     }
@@ -117,7 +117,7 @@ fn test_verify_callback_load_certs() {
 
 #[test]
 fn test_verify_trusted_get_error_ok() {
-    fn callback(_preverify_ok: bool, x509_ctx: X509StoreContext) -> bool {
+    fn callback(_preverify_ok: bool, x509_ctx: &X509StoreContext) -> bool {
         assert!(x509_ctx.get_error().is_none());
         true
     }
@@ -133,7 +133,7 @@ fn test_verify_trusted_get_error_ok() {
 
 #[test]
 fn test_verify_trusted_get_error_err() {
-    fn callback(_preverify_ok: bool, x509_ctx: X509StoreContext) -> bool {
+    fn callback(_preverify_ok: bool, x509_ctx: &X509StoreContext) -> bool {
         assert!(x509_ctx.get_error().is_some());
         false
     }