Impl deref for acceptor/connector builders

openssl/src/sign.rs

@@ -575,7 +575,7 @@ mod test {
 
         let mut signer = Signer::new(MessageDigest::sha256(), &key).unwrap();
         signer.update(b"hello world").unwrap();
-        let signature = signer.finish().unwrap();
+        let signature = signer.sign_to_vec().unwrap();
 
         let mut verifier = Verifier::new(MessageDigest::sha256(), &key).unwrap();
         verifier.update(b"hello world").unwrap();

openssl/src/ssl/connector.rs

@@ -1,9 +1,10 @@
 use std::io::{Read, Write};
+use std::ops::{Deref, DerefMut};
 
 use dh::Dh;
 use error::ErrorStack;
-use ssl::{self, SslMethod, SslContextBuilder, SslContext, Ssl, SSL_VERIFY_PEER, SslStream,
+use ssl::{self, HandshakeError, Ssl, SslContext, SslContextBuilder, SslMethod, SslStream,
-          HandshakeError};
+          SSL_VERIFY_PEER};
 use pkey::PKeyRef;
 use version;
 use x509::X509Ref;
@@ -40,9 +41,8 @@ fn ctx(method: SslMethod) -> Result<SslContextBuilder, ErrorStack> {
     opts |= ssl::SSL_OP_CIPHER_SERVER_PREFERENCE;
     ctx.set_options(opts);
 
-    let mut mode = ssl::SSL_MODE_AUTO_RETRY |
+    let mut mode = ssl::SSL_MODE_AUTO_RETRY | ssl::SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
-        ssl::SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
+        | ssl::SSL_MODE_ENABLE_PARTIAL_WRITE;
-        ssl::SSL_MODE_ENABLE_PARTIAL_WRITE;
 
     // This is quite a useful optimization for saving memory, but historically
     // caused CVEs in OpenSSL pre-1.0.1h, according to
@@ -72,21 +72,23 @@ impl SslConnectorBuilder {
              TLS13-AES-128-GCM-SHA256:\
              ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:DH+CHACHA20:ECDH+AES256:DH+AES256:\
              ECDH+AES128:DH+AES:ECDH+HIGH:DH+HIGH:RSA+AESGCM:RSA+AES:RSA+HIGH:\
-             !aNULL:!eNULL:!MD5:!3DES"
+             !aNULL:!eNULL:!MD5:!3DES",
         )?;
         setup_verify(&mut ctx);
 
         Ok(SslConnectorBuilder(ctx))
     }
 
-    /// Returns a shared reference to the inner `SslContextBuilder`.
+    #[deprecated(since = "0.9.23",
+                 note = "SslConnectorBuilder now implements Deref<Target=SslContextBuilder>")]
     pub fn builder(&self) -> &SslContextBuilder {
-        &self.0
+        self
     }
 
-    /// Returns a mutable reference to the inner `SslContextBuilder`.
+    #[deprecated(since = "0.9.23",
+                 note = "SslConnectorBuilder now implements DerefMut<Target=SslContextBuilder>")]
     pub fn builder_mut(&mut self) -> &mut SslContextBuilder {
-        &mut self.0
+        self
     }
 
     /// Consumes the builder, returning a `SslConnector`.
@@ -95,6 +97,20 @@ impl SslConnectorBuilder {
     }
 }
 
+impl Deref for SslConnectorBuilder {
+    type Target = SslContextBuilder;
+
+    fn deref(&self) -> &SslContextBuilder {
+        &self.0
+    }
+}
+
+impl DerefMut for SslConnectorBuilder {
+    fn deref_mut(&mut self) -> &mut SslContextBuilder {
+        &mut self.0
+    }
+}
+
 /// A type which wraps client-side streams in a TLS session.
 ///
 /// OpenSSL's default configuration is highly insecure. This connector manages the OpenSSL
@@ -123,9 +139,14 @@ impl SslConnector {
     /// You should think very carefully before you use this method. If hostname verification is not
     /// used, *any* valid certificate for *any* site will be trusted for use from any other. This
     /// introduces a significant vulnerability to man-in-the-middle attacks.
-    pub fn danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication<S>(
+    pub fn danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication<
-            &self, stream: S) -> Result<SslStream<S>, HandshakeError<S>>
+        S,
-        where S: Read + Write
+    >(
+        &self,
+        stream: S,
+    ) -> Result<SslStream<S>, HandshakeError<S>>
+    where
+        S: Read + Write,
     {
         self.configure()?
             .danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication(stream)
@@ -173,9 +194,14 @@ impl ConnectConfiguration {
     /// You should think very carefully before you use this method. If hostname verification is not
     /// used, *any* valid certificate for *any* site will be trusted for use from any other. This
     /// introduces a significant vulnerability to man-in-the-middle attacks.
-    pub fn danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication<S>(
+    pub fn danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication<
-            self, stream: S) -> Result<SslStream<S>, HandshakeError<S>>
+        S,
-        where S: Read + Write
+    >(
+        self,
+        stream: S,
+    ) -> Result<SslStream<S>, HandshakeError<S>>
+    where
+        S: Read + Write,
     {
         self.0.connect(stream)
     }
@@ -279,14 +305,16 @@ impl SslAcceptorBuilder {
         Ok(self)
     }
 
-    /// Returns a shared reference to the inner `SslContextBuilder`.
+    #[deprecated(since = "0.9.23",
+                 note = "SslAcceptorBuilder now implements Deref<Target=SslContextBuilder>")]
     pub fn builder(&self) -> &SslContextBuilder {
-        &self.0
+        self
     }
 
-    /// Returns a mutable reference to the inner `SslContextBuilder`.
+    #[deprecated(since = "0.9.23",
+                 note = "SslAcceptorBuilder now implements DerefMut<Target=SslContextBuilder>")]
     pub fn builder_mut(&mut self) -> &mut SslContextBuilder {
-        &mut self.0
+        self
     }
 
     /// Consumes the builder, returning a `SslAcceptor`.
@@ -295,6 +323,20 @@ impl SslAcceptorBuilder {
     }
 }
 
+impl Deref for SslAcceptorBuilder {
+    type Target = SslContextBuilder;
+
+    fn deref(&self) -> &SslContextBuilder {
+        &self.0
+    }
+}
+
+impl DerefMut for SslAcceptorBuilder {
+    fn deref_mut(&mut self) -> &mut SslContextBuilder {
+        &mut self.0
+    }
+}
+
 #[cfg(ossl101)]
 fn setup_curves(ctx: &mut SslContextBuilder) -> Result<(), ErrorStack> {
     use ec::EcKey;
@@ -374,7 +416,7 @@ mod verify {
     use std::str;
 
     use nid;
-    use x509::{X509StoreContextRef, X509Ref, X509NameRef, GeneralName};
+    use x509::{GeneralName, X509NameRef, X509Ref, X509StoreContextRef};
     use stack::Stack;
 
     pub fn verify_callback(

openssl/src/ssl/tests/mod.rs

@@ -1076,7 +1076,7 @@ fn connector_no_hostname_can_disable_verify() {
     let (_s, tcp) = Server::new();
 
     let mut connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap();
-    connector.builder_mut().set_verify(SSL_VERIFY_NONE);
+    connector.set_verify(SSL_VERIFY_NONE);
     let connector = connector.build();
 
     connector.danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication(tcp).unwrap();
@@ -1102,7 +1102,6 @@ fn connector_client_server_mozilla_intermediate() {
 
     let mut connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap();
     connector
-        .builder_mut()
         .set_ca_file("test/root-ca.pem")
         .unwrap();
     let connector = connector.build();
@@ -1137,7 +1136,6 @@ fn connector_client_server_mozilla_modern() {
 
     let mut connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap();
     connector
-        .builder_mut()
         .set_ca_file("test/root-ca.pem")
         .unwrap();
     let connector = connector.build();
@@ -1202,7 +1200,7 @@ fn cert_store() {
     let cert = X509::from_pem(ROOT_CERT).unwrap();
 
     let mut ctx = SslConnectorBuilder::new(SslMethod::tls()).unwrap();
-    ctx.builder_mut().cert_store_mut().add_cert(cert).unwrap();
+    ctx.cert_store_mut().add_cert(cert).unwrap();
     let ctx = ctx.build();
 
     ctx.connect("foobar.com", tcp).unwrap();