min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Some documentation

This commit is contained in:
Steven Fackler 2013-11-09 23:06:45 -08:00
parent f2f62be414
commit 59c05483da
2 changed files with 31 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
error.rs
View File

@ -2,18 +2,27 @@ use std::libc::c_ulong;
use super::ffi; use super::ffi;
/// An SSL error
#[deriving(ToStr)] #[deriving(ToStr)]
pub enum SslError { pub enum SslError {
/// The underlying stream has reported an EOF
StreamEof, StreamEof,
/// The SSL session has been closed by the other end
SslSessionClosed, SslSessionClosed,
/// An error in the OpenSSL library
OpenSslErrors(~[OpensslError]) OpenSslErrors(~[OpensslError])
} }
/// An error from the OpenSSL library
#[deriving(ToStr)] #[deriving(ToStr)]
pub enum OpensslError { pub enum OpensslError {
/// An unknown error
UnknownError { UnknownError {
/// The library reporting the error
library: u8, library: u8,
/// The function reporting the error
function: u16, function: u16,
/// The reason for the error
reason: u16 reason: u16
} }
} }
@ -31,6 +40,8 @@ fn get_reason(err: c_ulong) -> u16 {
} }
impl SslError { impl SslError {
/// Creates a new `OpenSslErrors` with the current contents of the error
/// stack.
pub fn get() -> SslError { pub fn get() -> SslError {
let mut errs = ~[]; let mut errs = ~[];
loop { loop {

21
lib.rs
View File

@ -20,6 +20,10 @@ static mut FINISHED_INIT: AtomicBool = INIT_ATOMIC_BOOL;
static mut VERIFY_IDX: AtomicInt = INIT_ATOMIC_INT; static mut VERIFY_IDX: AtomicInt = INIT_ATOMIC_INT;
/// Initializes the library.
///
/// This does not need to be manually called. It will automatically be called
/// when needed. Can be safely called multiple times on different threads.
pub fn init() { pub fn init() {
unsafe { unsafe {
if STARTED_INIT.swap(true, Acquire) { if STARTED_INIT.swap(true, Acquire) {
@ -39,9 +43,13 @@ pub fn init() {
} }
} }
/// Determines the SSL method supported
pub enum SslMethod { pub enum SslMethod {
/// Only support the SSLv3 protocol
Sslv3, Sslv3,
/// Only support the TLSv1 protocol
Tlsv1, Tlsv1,
/// Support the SSLv2, SSLv3 and TLSv1 protocols
Sslv23 Sslv23
} }
@ -55,8 +63,11 @@ impl SslMethod {
} }
} }
/// Determines the type of certificate verification used
pub enum SslVerifyMode { pub enum SslVerifyMode {
/// Verify that the server's certificate is trusted
SslVerifyPeer = ffi::SSL_VERIFY_PEER, SslVerifyPeer = ffi::SSL_VERIFY_PEER,
/// Do not verify the server's certificate
SslVerifyNone = ffi::SSL_VERIFY_NONE SslVerifyNone = ffi::SSL_VERIFY_NONE
} }
@ -77,8 +88,10 @@ extern "C" fn raw_verify(preverify_ok: c_int, x509_ctx: *ffi::X509_STORE_CTX)
} }
} }
/// The signature of functions that can be used to manually verify certificates
pub type VerifyCallback = extern "Rust" fn(preverify_ok: bool) -> bool; pub type VerifyCallback = extern "Rust" fn(preverify_ok: bool) -> bool;
/// An SSL context object
pub struct SslContext { pub struct SslContext {
priv ctx: *ffi::SSL_CTX priv ctx: *ffi::SSL_CTX
} }
@ -90,6 +103,7 @@ impl Drop for SslContext {
} }
impl SslContext { impl SslContext {
/// Attempts to create a new SSL context.
pub fn try_new(method: SslMethod) -> Result<SslContext, SslError> { pub fn try_new(method: SslMethod) -> Result<SslContext, SslError> {
init(); init();
@ -101,6 +115,7 @@ impl SslContext {
Ok(SslContext { ctx: ctx }) Ok(SslContext { ctx: ctx })
} }
/// A convenience wrapper around `try_new`.
pub fn new(method: SslMethod) -> SslContext { pub fn new(method: SslMethod) -> SslContext {
match SslContext::try_new(method) { match SslContext::try_new(method) {
Ok(ctx) => ctx, Ok(ctx) => ctx,
@ -108,7 +123,7 @@ impl SslContext {
} }
} }
// TODO: support callback (see SSL_CTX_set_ex_data) /// Configures the certificate verification method for new connections.
pub fn set_verify(&mut self, mode: SslVerifyMode, pub fn set_verify(&mut self, mode: SslVerifyMode,
verify: Option<VerifyCallback>) { verify: Option<VerifyCallback>) {
unsafe { unsafe {
@ -119,6 +134,7 @@ impl SslContext {
} }
} }
/// Specifies the file that contains trusted CA certificates.
pub fn set_CA_file(&mut self, file: &str) -> Option<SslError> { pub fn set_CA_file(&mut self, file: &str) -> Option<SslError> {
let ret = do file.with_c_str |file| { let ret = do file.with_c_str |file| {
unsafe { unsafe {
@ -251,6 +267,7 @@ impl<'self> MemBio<'self> {
} }
} }
/// A stream wrapper which handles SSL encryption for an underlying stream.
pub struct SslStream<S> { pub struct SslStream<S> {
priv stream: S, priv stream: S,
priv ssl: Ssl, priv ssl: Ssl,
@ -258,6 +275,7 @@ pub struct SslStream<S> {
} }
impl<S: Stream> SslStream<S> { impl<S: Stream> SslStream<S> {
/// Attempts to create a new SSL stream
pub fn try_new(ctx: &SslContext, stream: S) -> Result<SslStream<S>, pub fn try_new(ctx: &SslContext, stream: S) -> Result<SslStream<S>,
SslError> { SslError> {
let ssl = match Ssl::try_new(ctx) { let ssl = match Ssl::try_new(ctx) {
@ -278,6 +296,7 @@ impl<S: Stream> SslStream<S> {
} }
} }
/// A convenience wrapper around `try_new`.
pub fn new(ctx: &SslContext, stream: S) -> SslStream<S> { pub fn new(ctx: &SslContext, stream: S) -> SslStream<S> {
match SslStream::try_new(ctx, stream) { match SslStream::try_new(ctx, stream) {
Ok(stream) => stream, Ok(stream) => stream,