min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix base version for min/max proto accessors 

Closes #911
This commit is contained in:
Steven Fackler 2018-05-09 19:35:14 +01:00
parent 5b0a0e5692
commit 7a1b59d605
5 changed files with 68 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
openssl-sys/build.rs
View File

@ -441,6 +441,10 @@ See rust-openssl README for more information:
println!("cargo:rustc-cfg=ossl102h"); println!("cargo:rustc-cfg=ossl102h");
} }
if openssl_version >= 0x1_01_00_07_0 {
println!("cargo:rustc-cfg=ossl110g");
}
if openssl_version >= 0x1_01_02_00_0 { if openssl_version >= 0x1_01_02_00_0 {
version_error() version_error()
} else if openssl_version >= 0x1_01_01_00_0 { } else if openssl_version >= 0x1_01_01_00_0 {

8
openssl-sys/src/ossl110.rs
View File

@ -1,6 +1,6 @@
use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void, size_t}; use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void, size_t};
use std::sync::{Once, ONCE_INIT};
use std::ptr; use std::ptr;
use std::sync::{Once, ONCE_INIT};
pub enum BIGNUM {} pub enum BIGNUM {}
pub enum BIO {} pub enum BIO {}
@ -36,7 +36,9 @@ pub enum X509_REQ {}
pub const SSL_CTRL_SET_MIN_PROTO_VERSION: c_int = 123; pub const SSL_CTRL_SET_MIN_PROTO_VERSION: c_int = 123;
pub const SSL_CTRL_SET_MAX_PROTO_VERSION: c_int = 124; pub const SSL_CTRL_SET_MAX_PROTO_VERSION: c_int = 124;
#[cfg(ossl110g)]
pub const SSL_CTRL_GET_MIN_PROTO_VERSION: c_int = 130; pub const SSL_CTRL_GET_MIN_PROTO_VERSION: c_int = 130;
#[cfg(ossl110g)]
pub const SSL_CTRL_GET_MAX_PROTO_VERSION: c_int = 131; pub const SSL_CTRL_GET_MAX_PROTO_VERSION: c_int = 131;
pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_ulong = 0x00000000; pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_ulong = 0x00000000;
@ -98,10 +100,12 @@ pub unsafe fn SSL_CTX_set_max_proto_version(ctx: *mut ::SSL_CTX, version: c_int)
) as c_int ) as c_int
} }
#[cfg(ossl110g)]
pub unsafe fn SSL_CTX_get_min_proto_version(ctx: *mut ::SSL_CTX) -> c_int { pub unsafe fn SSL_CTX_get_min_proto_version(ctx: *mut ::SSL_CTX) -> c_int {
::SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, ptr::null_mut()) as c_int ::SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, ptr::null_mut()) as c_int
} }
#[cfg(ossl110g)]
pub unsafe fn SSL_CTX_get_max_proto_version(ctx: *mut ::SSL_CTX) -> c_int { pub unsafe fn SSL_CTX_get_max_proto_version(ctx: *mut ::SSL_CTX) -> c_int {
::SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, ptr::null_mut()) as c_int ::SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, ptr::null_mut()) as c_int
} }
@ -124,10 +128,12 @@ pub unsafe fn SSL_set_max_proto_version(s: *mut ::SSL, version: c_int) -> c_int
) as c_int ) as c_int
} }
#[cfg(ossl110g)]
pub unsafe fn SSL_get_min_proto_version(s: *mut ::SSL) -> c_int { pub unsafe fn SSL_get_min_proto_version(s: *mut ::SSL) -> c_int {
::SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, ptr::null_mut()) as c_int ::SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, ptr::null_mut()) as c_int
} }
#[cfg(ossl110g)]
pub unsafe fn SSL_get_max_proto_version(s: *mut ::SSL) -> c_int { pub unsafe fn SSL_get_max_proto_version(s: *mut ::SSL) -> c_int {
::SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, ptr::null_mut()) as c_int ::SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, ptr::null_mut()) as c_int
} }

8
openssl/build.rs
View File

@ -33,4 +33,12 @@ fn main() {
println!("cargo:rustc-cfg=osslconf=\"{}\"", var); println!("cargo:rustc-cfg=osslconf=\"{}\"", var);
} }
} }
if let Ok(version) = env::var("DEP_OPENSSL_VERSION_NUMBER") {
let version = u64::from_str_radix(&version, 16).unwrap();
if version >= 0x1_01_00_07_0 {
println!("cargo:rustc-cfg=ossl110g");
}
}
} }

70
openssl/src/ssl/mod.rs
View File

@ -77,36 +77,37 @@ use std::slice;
use std::str; use std::str;
use std::sync::Mutex; use std::sync::Mutex;
use {cvt, cvt_n, cvt_p, init};
use dh::{Dh, DhRef}; use dh::{Dh, DhRef};
use ec::EcKeyRef;
#[cfg(any(ossl101, ossl102))] #[cfg(any(ossl101, ossl102))]
use ec::EcKey; use ec::EcKey;
use x509::{X509, X509Name, X509Ref, X509StoreContextRef, X509VerifyResult}; use ec::EcKeyRef;
use x509::store::{X509StoreBuilderRef, X509StoreRef};
#[cfg(any(ossl102, ossl110))]
use x509::store::X509Store;
#[cfg(any(ossl102, ossl110))]
use x509::verify::X509VerifyParamRef;
use pkey::{HasPrivate, PKeyRef, Params, Private};
use error::ErrorStack; use error::ErrorStack;
use ex_data::Index; use ex_data::Index;
use stack::{Stack, StackRef};
use ssl::bio::BioMethod;
use ssl::error::InnerError;
use ssl::callbacks::*;
use nid::Nid;
#[cfg(ossl111)] #[cfg(ossl111)]
use hash::MessageDigest; use hash::MessageDigest;
use nid::Nid;
use pkey::{HasPrivate, PKeyRef, Params, Private};
use ssl::bio::BioMethod;
use ssl::callbacks::*;
use ssl::error::InnerError;
use stack::{Stack, StackRef};
#[cfg(any(ossl102, ossl110))]
use x509::store::X509Store;
use x509::store::{X509StoreBuilderRef, X509StoreRef};
#[cfg(any(ossl102, ossl110))]
use x509::verify::X509VerifyParamRef;
use x509::{X509, X509Name, X509Ref, X509StoreContextRef, X509VerifyResult};
use {cvt, cvt_n, cvt_p, init};
pub use ssl::connector::{ConnectConfiguration, SslAcceptor, SslAcceptorBuilder, SslConnector, pub use ssl::connector::{
SslConnectorBuilder}; ConnectConfiguration, SslAcceptor, SslAcceptorBuilder, SslConnector, SslConnectorBuilder,
};
pub use ssl::error::{Error, ErrorCode, HandshakeError}; pub use ssl::error::{Error, ErrorCode, HandshakeError};
mod error; mod bio;
mod callbacks; mod callbacks;
mod connector; mod connector;
mod bio; mod error;
#[cfg(test)] #[cfg(test)]
mod test; mod test;
@ -1119,10 +1120,10 @@ impl SslContextBuilder {
/// ///
/// This corresponds to [`SSL_CTX_get_min_proto_version`]. /// This corresponds to [`SSL_CTX_get_min_proto_version`].
/// ///
/// Requires OpenSSL 1.1.0 or newer. /// Requires OpenSSL 1.1.0g or newer.
/// ///
/// [`SSL_CTX_get_min_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html /// [`SSL_CTX_get_min_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html
#[cfg(any(ossl110))] #[cfg(any(ossl110g))]
pub fn min_proto_version(&mut self) -> Option<SslVersion> { pub fn min_proto_version(&mut self) -> Option<SslVersion> {
unsafe { unsafe {
let r = ffi::SSL_CTX_get_min_proto_version(self.as_ptr()); let r = ffi::SSL_CTX_get_min_proto_version(self.as_ptr());
@ -1141,10 +1142,10 @@ impl SslContextBuilder {
/// ///
/// This corresponds to [`SSL_CTX_get_max_proto_version`]. /// This corresponds to [`SSL_CTX_get_max_proto_version`].
/// ///
/// Requires OpenSSL 1.1.0 or newer. /// Requires OpenSSL 1.1.0g or newer.
/// ///
/// [`SSL_CTX_get_max_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html /// [`SSL_CTX_get_max_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html
#[cfg(any(ossl110))] #[cfg(any(ossl110g))]
pub fn max_proto_version(&mut self) -> Option<SslVersion> { pub fn max_proto_version(&mut self) -> Option<SslVersion> {
unsafe { unsafe {
let r = ffi::SSL_CTX_get_max_proto_version(self.as_ptr()); let r = ffi::SSL_CTX_get_max_proto_version(self.as_ptr());
@ -1451,7 +1452,10 @@ impl SslContextBuilder {
get_callback_idx::<F>(), get_callback_idx::<F>(),
Box::into_raw(callback) as *mut _, Box::into_raw(callback) as *mut _,
); );
ffi::SSL_CTX_set_stateless_cookie_generate_cb(self.as_ptr(), Some(raw_stateless_cookie_generate::<F>)) ffi::SSL_CTX_set_stateless_cookie_generate_cb(
self.as_ptr(),
Some(raw_stateless_cookie_generate::<F>),
)
} }
} }
@ -1477,7 +1481,10 @@ impl SslContextBuilder {
get_callback_idx::<F>(), get_callback_idx::<F>(),
Box::into_raw(callback) as *mut _, Box::into_raw(callback) as *mut _,
); );
ffi::SSL_CTX_set_stateless_cookie_verify_cb(self.as_ptr(), Some(raw_stateless_cookie_verify::<F>)) ffi::SSL_CTX_set_stateless_cookie_verify_cb(
self.as_ptr(),
Some(raw_stateless_cookie_verify::<F>),
)
} }
} }
@ -2950,11 +2957,12 @@ impl<S: Read + Write> Write for SslStream<S> {
/// A partially constructed `SslStream`, useful for unusual handshakes. /// A partially constructed `SslStream`, useful for unusual handshakes.
pub struct SslStreamBuilder<S> { pub struct SslStreamBuilder<S> {
inner: SslStream<S> inner: SslStream<S>,
} }
impl<S> SslStreamBuilder<S> impl<S> SslStreamBuilder<S>
where S: Read + Write where
S: Read + Write,
{ {
/// Begin creating an `SslStream` atop `stream` /// Begin creating an `SslStream` atop `stream`
pub fn new(ssl: Ssl, stream: S) -> Self { pub fn new(ssl: Ssl, stream: S) -> Self {
@ -3053,7 +3061,9 @@ impl<S> SslStreamBuilder<S> {
} }
/// Returns a shared reference to the `Ssl` object associated with this builder. /// Returns a shared reference to the `Ssl` object associated with this builder.
pub fn ssl(&self) -> &SslRef { &self.inner.ssl } pub fn ssl(&self) -> &SslRef {
&self.inner.ssl
}
} }
/// The result of a shutdown request. /// The result of a shutdown request.
@ -3073,8 +3083,10 @@ mod compat {
use ffi; use ffi;
use libc::c_int; use libc::c_int;
pub use ffi::{SSL_CTX_clear_options, SSL_CTX_get_options, SSL_CTX_set_options, SSL_CTX_up_ref, pub use ffi::{
SSL_SESSION_get_master_key, SSL_SESSION_up_ref, SSL_is_server}; SSL_CTX_clear_options, SSL_CTX_get_options, SSL_CTX_set_options, SSL_CTX_up_ref,
SSL_SESSION_get_master_key, SSL_SESSION_up_ref, SSL_is_server,
};
pub unsafe fn get_new_idx(f: ffi::CRYPTO_EX_free) -> c_int { pub unsafe fn get_new_idx(f: ffi::CRYPTO_EX_free) -> c_int {
ffi::CRYPTO_get_ex_new_index( ffi::CRYPTO_get_ex_new_index(

11
openssl/src/ssl/test.rs
View File

@ -21,9 +21,10 @@ use pkey::PKey;
use ssl; use ssl;
#[cfg(any(ossl110, ossl111))] #[cfg(any(ossl110, ossl111))]
use ssl::SslVersion; use ssl::SslVersion;
use ssl::{Error, HandshakeError, MidHandshakeSslStream, ShutdownResult, Ssl, SslAcceptor, use ssl::{
SslConnector, SslContext, SslFiletype, SslMethod, SslSessionCacheMode, SslStream, Error, HandshakeError, MidHandshakeSslStream, ShutdownResult, Ssl, SslAcceptor, SslConnector,
SslVerifyMode, StatusType}; SslContext, SslFiletype, SslMethod, SslSessionCacheMode, SslStream, SslVerifyMode, StatusType,
};
#[cfg(any(ossl102, ossl110))] #[cfg(any(ossl102, ossl110))]
use x509::verify::X509CheckFlags; use x509::verify::X509CheckFlags;
use x509::{X509, X509Name, X509StoreContext, X509VerifyResult}; use x509::{X509, X509Name, X509StoreContext, X509VerifyResult};
@ -1323,7 +1324,9 @@ fn no_version_overlap() {
ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM) ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM)
.unwrap(); .unwrap();
ctx.set_max_proto_version(Some(SslVersion::TLS1_1)).unwrap(); ctx.set_max_proto_version(Some(SslVersion::TLS1_1)).unwrap();
#[cfg(ossl110g)]
assert_eq!(ctx.min_proto_version(), None); assert_eq!(ctx.min_proto_version(), None);
#[cfg(ossl110g)]
assert_eq!(ctx.max_proto_version(), Some(SslVersion::TLS1_1)); assert_eq!(ctx.max_proto_version(), Some(SslVersion::TLS1_1));
let ssl = Ssl::new(&ctx.build()).unwrap(); let ssl = Ssl::new(&ctx.build()).unwrap();
ssl.accept(stream).unwrap_err(); ssl.accept(stream).unwrap_err();
@ -1332,7 +1335,9 @@ fn no_version_overlap() {
let stream = TcpStream::connect(addr).unwrap(); let stream = TcpStream::connect(addr).unwrap();
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
ctx.set_min_proto_version(Some(SslVersion::TLS1_2)).unwrap(); ctx.set_min_proto_version(Some(SslVersion::TLS1_2)).unwrap();
#[cfg(ossl110g)]
assert_eq!(ctx.min_proto_version(), Some(SslVersion::TLS1_2)); assert_eq!(ctx.min_proto_version(), Some(SslVersion::TLS1_2));
#[cfg(ossl110g)]
assert_eq!(ctx.max_proto_version(), None); assert_eq!(ctx.max_proto_version(), None);
let ssl = Ssl::new(&ctx.build()).unwrap(); let ssl = Ssl::new(&ctx.build()).unwrap();
ssl.connect(stream).unwrap_err(); ssl.connect(stream).unwrap_err();