Merge remote-tracking branch 'upstream/master'

boring-sys/build/config.rs

@@ -34,6 +34,7 @@ pub(crate) struct Env {
     pub(crate) opt_level: Option<OsString>,
     pub(crate) android_ndk_home: Option<PathBuf>,
     pub(crate) cmake_toolchain_file: Option<PathBuf>,
+    pub(crate) cpp_runtime_lib: Option<OsString>,
 }
 
 impl Config {
@@ -164,6 +165,7 @@ impl Env {
             opt_level: target_var("OPT_LEVEL"),
             android_ndk_home: target_var("ANDROID_NDK_HOME").map(Into::into),
             cmake_toolchain_file: target_var("CMAKE_TOOLCHAIN_FILE").map(Into::into),
+            cpp_runtime_lib: target_var("BORING_BSSL_RUST_CPPLIB").map(Into::into),
         }
     }
 }

boring-sys/build/main.rs

@@ -1,4 +1,5 @@
 use fslock::LockFile;
+use std::env;
 use std::ffi::OsString;
 use std::fs;
 use std::io;
@@ -637,6 +638,22 @@ fn link_in_precompiled_bcm_o(config: &Config) {
     .unwrap();
 }
 
+fn get_cpp_runtime_lib(config: &Config) -> Option<String> {
+    if let Some(ref cpp_lib) = config.env.cpp_runtime_lib {
+        return cpp_lib.clone().into_string().ok();
+    }
+
+    // TODO(rmehra): figure out how to do this for windows
+    if env::var_os("CARGO_CFG_UNIX").is_some() {
+        match env::var("CARGO_CFG_TARGET_OS").unwrap().as_ref() {
+            "macos" | "ios" => Some("c++".into()),
+            _ => Some("stdc++".into()),
+        }
+    } else {
+        None
+    }
+}
+
 fn main() {
     let config = Config::from_env();
     let bssl_dir = built_boring_source_path(&config);
@@ -674,6 +691,9 @@ fn main() {
         link_in_precompiled_bcm_o(&config);
     }
 
+    if let Some(cpp_lib) = get_cpp_runtime_lib(&config) {
+        println!("cargo:rustc-link-lib={}", cpp_lib);
+    }
     println!("cargo:rustc-link-lib=static=crypto");
     println!("cargo:rustc-link-lib=static=ssl");
 

boring-sys/src/lib.rs

@@ -16,9 +16,11 @@ use std::convert::TryInto;
 use std::ffi::c_void;
 use std::os::raw::{c_char, c_int, c_uint, c_ulong};
 
-#[allow(dead_code)]
+#[allow(
-#[allow(clippy::all)]
+    clippy::useless_transmute,
-#[rustfmt::skip]
+    clippy::derive_partial_eq_without_eq,
+    dead_code
+)]
 mod generated {
     include!(concat!(env!("OUT_DIR"), "/bindings.rs"));
 }

boring/src/ssl/error.rs

@@ -1,4 +1,5 @@
 use crate::ffi;
+use crate::x509::X509VerifyError;
 use libc::c_int;
 use std::error;
 use std::error::Error as StdError;
@@ -206,7 +207,9 @@ fn fmt_mid_handshake_error(
     }
 
     match s.ssl().verify_result() {
-        Ok(()) => write!(f, "{}", prefix)?,
+        // INVALID_CALL is returned if no verification took place,
+        // such as before a cert is sent.
+        Ok(()) | Err(X509VerifyError::INVALID_CALL) => write!(f, "{}", prefix)?,
         Err(verify) => write!(f, "{}: cert verification failed - {}", prefix, verify)?,
     }
 

boring/src/x509/tests/trusted_first.rs

@@ -93,12 +93,12 @@ fn verify(
 
     let mut store_ctx = X509StoreContext::new().unwrap();
 
-    let _ = store_ctx.init(&trusted, cert, &untrusted, |ctx| {
+    store_ctx
-        configure(ctx.verify_param_mut());
+        .init(&trusted, cert, &untrusted, |ctx| {
-        ctx.verify_cert().unwrap();
+            configure(ctx.verify_param_mut());
+            ctx.verify_cert().unwrap();
 
-        Ok(())
+            Ok(ctx.verify_result())
-    });
+        })
-
+        .expect("failed to obtain X509VerifyResult")
-    store_ctx.verify_result()
 }