From 1e9cc8426ea3e1c45a11f6f3bb902fa1e3b651db Mon Sep 17 00:00:00 2001 From: Noah <33094578+coolreader18@users.noreply.github.com> Date: Tue, 24 Mar 2020 14:25:07 -0500 Subject: [PATCH 1/3] Add functions for SSL{_CTX}_get_verify_mode and SSL_is_init_finished --- openssl-sys/src/ssl.rs | 15 +++++++++++++++ openssl/src/ssl/mod.rs | 26 ++++++++++++++++++++++++++ 2 files changed, 41 insertions(+) diff --git a/openssl-sys/src/ssl.rs b/openssl-sys/src/ssl.rs index 74604ea8..48986c05 100644 --- a/openssl-sys/src/ssl.rs +++ b/openssl-sys/src/ssl.rs @@ -672,6 +672,21 @@ extern "C" { pub fn SSL_get_finished(s: *const SSL, buf: *mut c_void, count: size_t) -> size_t; pub fn SSL_get_peer_finished(s: *const SSL, buf: *mut c_void, count: size_t) -> size_t; + + pub fn SSL_CTX_get_verify_mode(ctx: *const SSL_CTX) -> c_int; + pub fn SSL_get_verify_mode(s: *const SSL) -> c_int; +} + +cfg_if! { + if #[cfg(ossl111)] { + extern "C" { + pub fn SSL_is_init_finished(s: *const SSL) -> c_int; + } + } else if #[cfg(ossl110)] { + extern "C" { + pub fn SSL_is_init_finished(s: *mut SSL) -> c_int; + } + } } pub const SSL_AD_ILLEGAL_PARAMETER: c_int = SSL3_AD_ILLEGAL_PARAMETER; diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 95c9ce1f..e7b1e962 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -1944,6 +1944,16 @@ impl SslContextRef { pub fn session_cache_size(&self) -> i64 { unsafe { ffi::SSL_CTX_sess_get_cache_size(self.as_ptr()).into() } } + + /// Returns the verify mode that was set on this context from [`SslContextBuilder::set_verify`]. + /// + /// This corresponds to `SSL_CTX_get_verify_mode`. + /// + /// [`SslContextBuilder::set_verify`]: struct.SslContextBuilder.html#method.set_verify + pub fn verify_mode(&self) -> SslVerifyMode { + let mode = unsafe { ffi::SSL_CTX_get_verify_mode(self.as_ptr()) }; + SslVerifyMode::from_bits(mode).expect("SSL_CTX_get_verify_mode returned invalid mode") + } } /// Information about the state of a cipher. @@ -2394,6 +2404,14 @@ impl SslRef { unsafe { ffi::SSL_set_verify(self.as_ptr(), mode.bits as c_int, None) } } + /// Returns the verify mode that was set using `set_verify`. + /// + /// This corresponds to `SSL_get_verify_mode`. + pub fn verify_mode(&self) -> SslVerifyMode { + let mode = unsafe { ffi::SSL_get_verify_mode(self.as_ptr()) }; + SslVerifyMode::from_bits(mode).expect("SSL_get_verify_mode returned invalid mode") + } + /// Like [`SslContextBuilder::set_verify_callback`]. /// /// This corresponds to [`SSL_set_verify`]. @@ -3172,6 +3190,14 @@ impl SslRef { } } + /// Determines if the initial handshake has been completed. + /// + /// This corresponds to `SSL_is_init_finished`. + #[cfg(ossl110)] + pub fn init_finished(&self) -> bool { + unsafe { ffi::SSL_is_init_finished(self.as_ptr()) != 0 } + } + /// Determines if the client's hello message is in the SSLv2 format. /// /// This can only be used inside of the client hello callback. Otherwise, `false` is returned. From f572a8306b65cdb6d3a78735aaa94f8e1ce70cc3 Mon Sep 17 00:00:00 2001 From: Noah <33094578+coolreader18@users.noreply.github.com> Date: Tue, 24 Mar 2020 17:01:14 -0500 Subject: [PATCH 2/3] Add man page links --- openssl/src/ssl/mod.rs | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index e7b1e962..9642611c 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -1950,6 +1950,7 @@ impl SslContextRef { /// This corresponds to `SSL_CTX_get_verify_mode`. /// /// [`SslContextBuilder::set_verify`]: struct.SslContextBuilder.html#method.set_verify + /// [`SSL_CTX_get_verify_mode`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_get_verify_mode.html pub fn verify_mode(&self) -> SslVerifyMode { let mode = unsafe { ffi::SSL_CTX_get_verify_mode(self.as_ptr()) }; SslVerifyMode::from_bits(mode).expect("SSL_CTX_get_verify_mode returned invalid mode") @@ -2406,7 +2407,9 @@ impl SslRef { /// Returns the verify mode that was set using `set_verify`. /// - /// This corresponds to `SSL_get_verify_mode`. + /// This corresponds to [`SSL_get_verify_mode`]. + /// + /// [`SSL_get_verify_mode`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_get_verify_mode.html pub fn verify_mode(&self) -> SslVerifyMode { let mode = unsafe { ffi::SSL_get_verify_mode(self.as_ptr()) }; SslVerifyMode::from_bits(mode).expect("SSL_get_verify_mode returned invalid mode") @@ -3192,9 +3195,11 @@ impl SslRef { /// Determines if the initial handshake has been completed. /// - /// This corresponds to `SSL_is_init_finished`. + /// This corresponds to [`SSL_is_init_finished`]. + /// + /// [`SSL_is_init_finished`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_is_init_finished.html #[cfg(ossl110)] - pub fn init_finished(&self) -> bool { + pub fn is_init_finished(&self) -> bool { unsafe { ffi::SSL_is_init_finished(self.as_ptr()) != 0 } } From e450f3fee0dba81ec0657cae2b67166e8b3d71ba Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Tue, 24 Mar 2020 19:27:04 -0400 Subject: [PATCH 3/3] Update openssl/src/ssl/mod.rs --- openssl/src/ssl/mod.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 9642611c..2a00b4b3 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -1947,7 +1947,7 @@ impl SslContextRef { /// Returns the verify mode that was set on this context from [`SslContextBuilder::set_verify`]. /// - /// This corresponds to `SSL_CTX_get_verify_mode`. + /// This corresponds to [`SSL_CTX_get_verify_mode`]. /// /// [`SslContextBuilder::set_verify`]: struct.SslContextBuilder.html#method.set_verify /// [`SSL_CTX_get_verify_mode`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_get_verify_mode.html