Merge remote-tracking branch 'upstream/master'

2025-01-07 15:10:56 +08:00 · 2025-01-07 15:10:56 +08:00 · 74c03ad71f
parent 787606f830 796afe1637
commit 74c03ad71f
5 changed files with 38 additions and 11 deletions
--- a/boring-sys/build/config.rs
+++ b/boring-sys/build/config.rs
@ -34,6 +34,7 @@ pub(crate) struct Env {
    pub(crate) opt_level: Option<OsString>,
    pub(crate) android_ndk_home: Option<PathBuf>,
    pub(crate) cmake_toolchain_file: Option<PathBuf>,
    pub(crate) cpp_runtime_lib: Option<OsString>,
 }
 impl Config {
@ -164,6 +165,7 @@ impl Env {
            opt_level: target_var("OPT_LEVEL"),
            android_ndk_home: target_var("ANDROID_NDK_HOME").map(Into::into),
            cmake_toolchain_file: target_var("CMAKE_TOOLCHAIN_FILE").map(Into::into),
            cpp_runtime_lib: target_var("BORING_BSSL_RUST_CPPLIB").map(Into::into),
        }
    }
 }
--- a/boring-sys/build/main.rs
+++ b/boring-sys/build/main.rs
@ -1,4 +1,5 @@
 use fslock::LockFile;
 use std::env;
 use std::ffi::OsString;
 use std::fs;
 use std::io;
@ -637,6 +638,22 @@ fn link_in_precompiled_bcm_o(config: &Config) {
    .unwrap();
 }
 fn get_cpp_runtime_lib(config: &Config) -> Option<String> {
    if let Some(ref cpp_lib) = config.env.cpp_runtime_lib {
        return cpp_lib.clone().into_string().ok();
    }
    // TODO(rmehra): figure out how to do this for windows
    if env::var_os("CARGO_CFG_UNIX").is_some() {
        match env::var("CARGO_CFG_TARGET_OS").unwrap().as_ref() {
            "macos" | "ios" => Some("c++".into()),
            _ => Some("stdc++".into()),
        }
    } else {
        None
    }
 }
 fn main() {
    let config = Config::from_env();
    let bssl_dir = built_boring_source_path(&config);
@ -674,6 +691,9 @@ fn main() {
        link_in_precompiled_bcm_o(&config);
    }
    if let Some(cpp_lib) = get_cpp_runtime_lib(&config) {
        println!("cargo:rustc-link-lib={}", cpp_lib);
    }
    println!("cargo:rustc-link-lib=static=crypto");
    println!("cargo:rustc-link-lib=static=ssl");
--- a/boring-sys/src/lib.rs
+++ b/boring-sys/src/lib.rs
@ -16,9 +16,11 @@ use std::convert::TryInto;
 use std::ffi::c_void;
 use std::os::raw::{c_char, c_int, c_uint, c_ulong};
-#[allow(dead_code)]
+#[allow(
-#[allow(clippy::all)]
+    clippy::useless_transmute,
-#[rustfmt::skip]
+    clippy::derive_partial_eq_without_eq,
    dead_code
 )]
 mod generated {
    include!(concat!(env!("OUT_DIR"), "/bindings.rs"));
 }
--- a/boring/src/ssl/error.rs
+++ b/boring/src/ssl/error.rs
@ -1,4 +1,5 @@
 use crate::ffi;
 use crate::x509::X509VerifyError;
 use libc::c_int;
 use std::error;
 use std::error::Error as StdError;
@ -206,7 +207,9 @@ fn fmt_mid_handshake_error(
    }
    match s.ssl().verify_result() {
-        Ok(()) => write!(f, "{}", prefix)?,
+        // INVALID_CALL is returned if no verification took place,
        // such as before a cert is sent.
        Ok(()) | Err(X509VerifyError::INVALID_CALL) => write!(f, "{}", prefix)?,
        Err(verify) => write!(f, "{}: cert verification failed - {}", prefix, verify)?,
    }
--- a/boring/src/x509/tests/trusted_first.rs
+++ b/boring/src/x509/tests/trusted_first.rs
@ -93,12 +93,12 @@ fn verify(
    let mut store_ctx = X509StoreContext::new().unwrap();
-    let _ = store_ctx.init(&trusted, cert, &untrusted, |ctx| {
+    store_ctx
        .init(&trusted, cert, &untrusted, |ctx| {
            configure(ctx.verify_param_mut());
            ctx.verify_cert().unwrap();
-        Ok(())
+            Ok(ctx.verify_result())
-    });
+        })
-
+        .expect("failed to obtain X509VerifyResult")
    store_ctx.verify_result()
 }