From 7a1b59d605e6e64ad88c0968f7d22576e5805553 Mon Sep 17 00:00:00 2001
From: Steven Fackler <sfackler@palantir.com>
Date: Wed, 9 May 2018 19:35:14 +0100
Subject: [PATCH] Fix base version for min/max proto accessors

Closes #911
---
 openssl-sys/build.rs       |  4 +++
 openssl-sys/src/ossl110.rs |  8 ++++-
 openssl/build.rs           |  8 +++++
 openssl/src/ssl/mod.rs     | 70 ++++++++++++++++++++++----------------
 openssl/src/ssl/test.rs    | 11 ++++--
 5 files changed, 68 insertions(+), 33 deletions(-)

diff --git a/openssl-sys/build.rs b/openssl-sys/build.rs
index 285357b8..0b8341fa 100644
--- a/openssl-sys/build.rs
+++ b/openssl-sys/build.rs
@@ -441,6 +441,10 @@ See rust-openssl README for more information:
             println!("cargo:rustc-cfg=ossl102h");
         }
 
+        if openssl_version >= 0x1_01_00_07_0 {
+            println!("cargo:rustc-cfg=ossl110g");
+        }
+
         if openssl_version >= 0x1_01_02_00_0 {
             version_error()
         } else if openssl_version >= 0x1_01_01_00_0 {
diff --git a/openssl-sys/src/ossl110.rs b/openssl-sys/src/ossl110.rs
index 96e9b1e3..d1d7a34b 100644
--- a/openssl-sys/src/ossl110.rs
+++ b/openssl-sys/src/ossl110.rs
@@ -1,6 +1,6 @@
 use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void, size_t};
-use std::sync::{Once, ONCE_INIT};
 use std::ptr;
+use std::sync::{Once, ONCE_INIT};
 
 pub enum BIGNUM {}
 pub enum BIO {}
@@ -36,7 +36,9 @@ pub enum X509_REQ {}
 
 pub const SSL_CTRL_SET_MIN_PROTO_VERSION: c_int = 123;
 pub const SSL_CTRL_SET_MAX_PROTO_VERSION: c_int = 124;
+#[cfg(ossl110g)]
 pub const SSL_CTRL_GET_MIN_PROTO_VERSION: c_int = 130;
+#[cfg(ossl110g)]
 pub const SSL_CTRL_GET_MAX_PROTO_VERSION: c_int = 131;
 
 pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_ulong = 0x00000000;
@@ -98,10 +100,12 @@ pub unsafe fn SSL_CTX_set_max_proto_version(ctx: *mut ::SSL_CTX, version: c_int)
     ) as c_int
 }
 
+#[cfg(ossl110g)]
 pub unsafe fn SSL_CTX_get_min_proto_version(ctx: *mut ::SSL_CTX) -> c_int {
     ::SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, ptr::null_mut()) as c_int
 }
 
+#[cfg(ossl110g)]
 pub unsafe fn SSL_CTX_get_max_proto_version(ctx: *mut ::SSL_CTX) -> c_int {
     ::SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, ptr::null_mut()) as c_int
 }
@@ -124,10 +128,12 @@ pub unsafe fn SSL_set_max_proto_version(s: *mut ::SSL, version: c_int) -> c_int
     ) as c_int
 }
 
+#[cfg(ossl110g)]
 pub unsafe fn SSL_get_min_proto_version(s: *mut ::SSL) -> c_int {
     ::SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, ptr::null_mut()) as c_int
 }
 
+#[cfg(ossl110g)]
 pub unsafe fn SSL_get_max_proto_version(s: *mut ::SSL) -> c_int {
     ::SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, ptr::null_mut()) as c_int
 }
diff --git a/openssl/build.rs b/openssl/build.rs
index 2d44c46d..612322fe 100644
--- a/openssl/build.rs
+++ b/openssl/build.rs
@@ -33,4 +33,12 @@ fn main() {
             println!("cargo:rustc-cfg=osslconf=\"{}\"", var);
         }
     }
+
+    if let Ok(version) = env::var("DEP_OPENSSL_VERSION_NUMBER") {
+        let version = u64::from_str_radix(&version, 16).unwrap();
+
+        if version >= 0x1_01_00_07_0 {
+            println!("cargo:rustc-cfg=ossl110g");
+        }
+    }
 }
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index ce98b18f..e17acea6 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -77,36 +77,37 @@ use std::slice;
 use std::str;
 use std::sync::Mutex;
 
-use {cvt, cvt_n, cvt_p, init};
 use dh::{Dh, DhRef};
-use ec::EcKeyRef;
 #[cfg(any(ossl101, ossl102))]
 use ec::EcKey;
-use x509::{X509, X509Name, X509Ref, X509StoreContextRef, X509VerifyResult};
-use x509::store::{X509StoreBuilderRef, X509StoreRef};
-#[cfg(any(ossl102, ossl110))]
-use x509::store::X509Store;
-#[cfg(any(ossl102, ossl110))]
-use x509::verify::X509VerifyParamRef;
-use pkey::{HasPrivate, PKeyRef, Params, Private};
+use ec::EcKeyRef;
 use error::ErrorStack;
 use ex_data::Index;
-use stack::{Stack, StackRef};
-use ssl::bio::BioMethod;
-use ssl::error::InnerError;
-use ssl::callbacks::*;
-use nid::Nid;
 #[cfg(ossl111)]
 use hash::MessageDigest;
+use nid::Nid;
+use pkey::{HasPrivate, PKeyRef, Params, Private};
+use ssl::bio::BioMethod;
+use ssl::callbacks::*;
+use ssl::error::InnerError;
+use stack::{Stack, StackRef};
+#[cfg(any(ossl102, ossl110))]
+use x509::store::X509Store;
+use x509::store::{X509StoreBuilderRef, X509StoreRef};
+#[cfg(any(ossl102, ossl110))]
+use x509::verify::X509VerifyParamRef;
+use x509::{X509, X509Name, X509Ref, X509StoreContextRef, X509VerifyResult};
+use {cvt, cvt_n, cvt_p, init};
 
-pub use ssl::connector::{ConnectConfiguration, SslAcceptor, SslAcceptorBuilder, SslConnector,
-                         SslConnectorBuilder};
+pub use ssl::connector::{
+    ConnectConfiguration, SslAcceptor, SslAcceptorBuilder, SslConnector, SslConnectorBuilder,
+};
 pub use ssl::error::{Error, ErrorCode, HandshakeError};
 
-mod error;
+mod bio;
 mod callbacks;
 mod connector;
-mod bio;
+mod error;
 #[cfg(test)]
 mod test;
 
@@ -1119,10 +1120,10 @@ impl SslContextBuilder {
     ///
     /// This corresponds to [`SSL_CTX_get_min_proto_version`].
     ///
-    /// Requires OpenSSL 1.1.0 or newer.
+    /// Requires OpenSSL 1.1.0g or newer.
     ///
     /// [`SSL_CTX_get_min_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html
-    #[cfg(any(ossl110))]
+    #[cfg(any(ossl110g))]
     pub fn min_proto_version(&mut self) -> Option<SslVersion> {
         unsafe {
             let r = ffi::SSL_CTX_get_min_proto_version(self.as_ptr());
@@ -1141,10 +1142,10 @@ impl SslContextBuilder {
     ///
     /// This corresponds to [`SSL_CTX_get_max_proto_version`].
     ///
-    /// Requires OpenSSL 1.1.0 or newer.
+    /// Requires OpenSSL 1.1.0g or newer.
     ///
     /// [`SSL_CTX_get_max_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html
-    #[cfg(any(ossl110))]
+    #[cfg(any(ossl110g))]
     pub fn max_proto_version(&mut self) -> Option<SslVersion> {
         unsafe {
             let r = ffi::SSL_CTX_get_max_proto_version(self.as_ptr());
@@ -1451,7 +1452,10 @@ impl SslContextBuilder {
                 get_callback_idx::<F>(),
                 Box::into_raw(callback) as *mut _,
             );
-            ffi::SSL_CTX_set_stateless_cookie_generate_cb(self.as_ptr(), Some(raw_stateless_cookie_generate::<F>))
+            ffi::SSL_CTX_set_stateless_cookie_generate_cb(
+                self.as_ptr(),
+                Some(raw_stateless_cookie_generate::<F>),
+            )
         }
     }
 
@@ -1477,7 +1481,10 @@ impl SslContextBuilder {
                 get_callback_idx::<F>(),
                 Box::into_raw(callback) as *mut _,
             );
-            ffi::SSL_CTX_set_stateless_cookie_verify_cb(self.as_ptr(), Some(raw_stateless_cookie_verify::<F>))
+            ffi::SSL_CTX_set_stateless_cookie_verify_cb(
+                self.as_ptr(),
+                Some(raw_stateless_cookie_verify::<F>),
+            )
         }
     }
 
@@ -2950,11 +2957,12 @@ impl<S: Read + Write> Write for SslStream<S> {
 
 /// A partially constructed `SslStream`, useful for unusual handshakes.
 pub struct SslStreamBuilder<S> {
-    inner: SslStream<S>
+    inner: SslStream<S>,
 }
 
 impl<S> SslStreamBuilder<S>
-    where S: Read + Write
+where
+    S: Read + Write,
 {
     /// Begin creating an `SslStream` atop `stream`
     pub fn new(ssl: Ssl, stream: S) -> Self {
@@ -3053,7 +3061,9 @@ impl<S> SslStreamBuilder<S> {
     }
 
     /// Returns a shared reference to the `Ssl` object associated with this builder.
-    pub fn ssl(&self) -> &SslRef { &self.inner.ssl }
+    pub fn ssl(&self) -> &SslRef {
+        &self.inner.ssl
+    }
 }
 
 /// The result of a shutdown request.
@@ -3073,8 +3083,10 @@ mod compat {
     use ffi;
     use libc::c_int;
 
-    pub use ffi::{SSL_CTX_clear_options, SSL_CTX_get_options, SSL_CTX_set_options, SSL_CTX_up_ref,
-                  SSL_SESSION_get_master_key, SSL_SESSION_up_ref, SSL_is_server};
+    pub use ffi::{
+        SSL_CTX_clear_options, SSL_CTX_get_options, SSL_CTX_set_options, SSL_CTX_up_ref,
+        SSL_SESSION_get_master_key, SSL_SESSION_up_ref, SSL_is_server,
+    };
 
     pub unsafe fn get_new_idx(f: ffi::CRYPTO_EX_free) -> c_int {
         ffi::CRYPTO_get_ex_new_index(
diff --git a/openssl/src/ssl/test.rs b/openssl/src/ssl/test.rs
index 150b4cdc..3c372767 100644
--- a/openssl/src/ssl/test.rs
+++ b/openssl/src/ssl/test.rs
@@ -21,9 +21,10 @@ use pkey::PKey;
 use ssl;
 #[cfg(any(ossl110, ossl111))]
 use ssl::SslVersion;
-use ssl::{Error, HandshakeError, MidHandshakeSslStream, ShutdownResult, Ssl, SslAcceptor,
-          SslConnector, SslContext, SslFiletype, SslMethod, SslSessionCacheMode, SslStream,
-          SslVerifyMode, StatusType};
+use ssl::{
+    Error, HandshakeError, MidHandshakeSslStream, ShutdownResult, Ssl, SslAcceptor, SslConnector,
+    SslContext, SslFiletype, SslMethod, SslSessionCacheMode, SslStream, SslVerifyMode, StatusType,
+};
 #[cfg(any(ossl102, ossl110))]
 use x509::verify::X509CheckFlags;
 use x509::{X509, X509Name, X509StoreContext, X509VerifyResult};
@@ -1323,7 +1324,9 @@ fn no_version_overlap() {
         ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM)
             .unwrap();
         ctx.set_max_proto_version(Some(SslVersion::TLS1_1)).unwrap();
+        #[cfg(ossl110g)]
         assert_eq!(ctx.min_proto_version(), None);
+        #[cfg(ossl110g)]
         assert_eq!(ctx.max_proto_version(), Some(SslVersion::TLS1_1));
         let ssl = Ssl::new(&ctx.build()).unwrap();
         ssl.accept(stream).unwrap_err();
@@ -1332,7 +1335,9 @@ fn no_version_overlap() {
     let stream = TcpStream::connect(addr).unwrap();
     let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
     ctx.set_min_proto_version(Some(SslVersion::TLS1_2)).unwrap();
+    #[cfg(ossl110g)]
     assert_eq!(ctx.min_proto_version(), Some(SslVersion::TLS1_2));
+    #[cfg(ossl110g)]
     assert_eq!(ctx.max_proto_version(), None);
     let ssl = Ssl::new(&ctx.build()).unwrap();
     ssl.connect(stream).unwrap_err();