restructure to self contained function

2017-03-23 21:37:42 -07:00 · 2017-03-23 21:37:42 -07:00 · 3187366cc5
parent 2251a6f2b6
commit 3187366cc5
2 changed files with 12 additions and 8 deletions
--- a/openssl/src/x509/mod.rs
+++ b/openssl/src/x509/mod.rs
@ -112,13 +112,20 @@ impl X509StoreContextRef {
    }

    /// Verifies the certificate associated in the `init()` method
+    /// * `cert_chain` - the certificates chain
    ///
-    /// The context must be re-initialized before each call to this method.
-    pub fn verify_cert(&self) -> Result<Option<X509VerifyError>, ErrorStack> {
+    /// # Result
+    /// 
+    /// The Result must be `Some(None)` to be a valid certificate, otherwise the cert is not valid.
+    pub fn verify_cert(trust: &store::X509StoreRef, cert: &X509Ref, cert_chain: &StackRef<X509>) -> Result<Option<X509VerifyError>, ErrorStack> {
        unsafe {
-            try!(cvt(ffi::X509_verify_cert(self.as_ptr())).map(|_| ()))
+            ffi::init();
+            let context = try!(cvt_p(ffi::X509_STORE_CTX_new()).map(|p| X509StoreContext(p)));
+            try!(cvt(ffi::X509_STORE_CTX_init(context.as_ptr(), trust.as_ptr(), cert.as_ptr(), cert_chain.as_ptr()))
+                .map(|_| ()));
+            try!(cvt(ffi::X509_verify_cert(context.as_ptr())).map(|_| ()));
+            Ok(context.error())
        }
-        Ok(self.error())
    }

    /// Set the error code of the context.
--- a/openssl/src/x509/tests.rs
+++ b/openssl/src/x509/tests.rs
@ -303,8 +303,5 @@ fn test_verify_cert() {
    store_bldr.add_cert(ca).unwrap();
    let store = store_bldr.build();

-    let store_ctx = X509StoreContext::new().unwrap();
-    store_ctx.init(&store, &cert, &Stack::new().unwrap()).unwrap();
-
-    assert!(store_ctx.verify_cert().unwrap().is_none());
+    assert!(X509StoreContext::verify_cert(&store, &cert, &Stack::new().unwrap()).unwrap().is_none());
 }