diff --git a/boring-sys/build/config.rs b/boring-sys/build/config.rs index 7af00f4b..1671981f 100644 --- a/boring-sys/build/config.rs +++ b/boring-sys/build/config.rs @@ -34,6 +34,7 @@ pub(crate) struct Env { pub(crate) opt_level: Option, pub(crate) android_ndk_home: Option, pub(crate) cmake_toolchain_file: Option, + pub(crate) cpp_runtime_lib: Option, } impl Config { @@ -164,6 +165,7 @@ impl Env { opt_level: target_var("OPT_LEVEL"), android_ndk_home: target_var("ANDROID_NDK_HOME").map(Into::into), cmake_toolchain_file: target_var("CMAKE_TOOLCHAIN_FILE").map(Into::into), + cpp_runtime_lib: target_var("BORING_BSSL_RUST_CPPLIB").map(Into::into), } } } diff --git a/boring-sys/build/main.rs b/boring-sys/build/main.rs index 31c23a90..9582cd3e 100644 --- a/boring-sys/build/main.rs +++ b/boring-sys/build/main.rs @@ -1,4 +1,5 @@ use fslock::LockFile; +use std::env; use std::ffi::OsString; use std::fs; use std::io; @@ -637,6 +638,22 @@ fn link_in_precompiled_bcm_o(config: &Config) { .unwrap(); } +fn get_cpp_runtime_lib(config: &Config) -> Option { + if let Some(ref cpp_lib) = config.env.cpp_runtime_lib { + return cpp_lib.clone().into_string().ok(); + } + + // TODO(rmehra): figure out how to do this for windows + if env::var_os("CARGO_CFG_UNIX").is_some() { + match env::var("CARGO_CFG_TARGET_OS").unwrap().as_ref() { + "macos" | "ios" => Some("c++".into()), + _ => Some("stdc++".into()), + } + } else { + None + } +} + fn main() { let config = Config::from_env(); let bssl_dir = built_boring_source_path(&config); @@ -674,6 +691,9 @@ fn main() { link_in_precompiled_bcm_o(&config); } + if let Some(cpp_lib) = get_cpp_runtime_lib(&config) { + println!("cargo:rustc-link-lib={}", cpp_lib); + } println!("cargo:rustc-link-lib=static=crypto"); println!("cargo:rustc-link-lib=static=ssl"); diff --git a/boring-sys/src/lib.rs b/boring-sys/src/lib.rs index b707ec0e..c821b3e5 100644 --- a/boring-sys/src/lib.rs +++ b/boring-sys/src/lib.rs @@ -16,9 +16,11 @@ use std::convert::TryInto; use std::ffi::c_void; use std::os::raw::{c_char, c_int, c_uint, c_ulong}; -#[allow(dead_code)] -#[allow(clippy::all)] -#[rustfmt::skip] +#[allow( + clippy::useless_transmute, + clippy::derive_partial_eq_without_eq, + dead_code +)] mod generated { include!(concat!(env!("OUT_DIR"), "/bindings.rs")); } diff --git a/boring/src/ssl/error.rs b/boring/src/ssl/error.rs index 014eb188..a17243df 100644 --- a/boring/src/ssl/error.rs +++ b/boring/src/ssl/error.rs @@ -1,4 +1,5 @@ use crate::ffi; +use crate::x509::X509VerifyError; use libc::c_int; use std::error; use std::error::Error as StdError; @@ -206,7 +207,9 @@ fn fmt_mid_handshake_error( } match s.ssl().verify_result() { - Ok(()) => write!(f, "{}", prefix)?, + // INVALID_CALL is returned if no verification took place, + // such as before a cert is sent. + Ok(()) | Err(X509VerifyError::INVALID_CALL) => write!(f, "{}", prefix)?, Err(verify) => write!(f, "{}: cert verification failed - {}", prefix, verify)?, } diff --git a/boring/src/x509/tests/trusted_first.rs b/boring/src/x509/tests/trusted_first.rs index 9823072f..d79ff2e3 100644 --- a/boring/src/x509/tests/trusted_first.rs +++ b/boring/src/x509/tests/trusted_first.rs @@ -93,12 +93,12 @@ fn verify( let mut store_ctx = X509StoreContext::new().unwrap(); - let _ = store_ctx.init(&trusted, cert, &untrusted, |ctx| { - configure(ctx.verify_param_mut()); - ctx.verify_cert().unwrap(); + store_ctx + .init(&trusted, cert, &untrusted, |ctx| { + configure(ctx.verify_param_mut()); + ctx.verify_cert().unwrap(); - Ok(()) - }); - - store_ctx.verify_result() + Ok(ctx.verify_result()) + }) + .expect("failed to obtain X509VerifyResult") }