Remove version-specific features

Closes #852

.circleci/config.yml

@@ -55,7 +55,6 @@ job: &JOB
       cargo test \
         --manifest-path=openssl/Cargo.toml \
         --target $TARGET \
-        --all-features \
         $TEST_ARGS
   - run:
       command: |
@@ -87,7 +86,7 @@ macos_job: &MACOS_JOB
   - run: cargo run --manifest-path=systest/Cargo.toml
   - run: |
       PATH=/usr/local/opt/openssl/bin:$PATH
-      cargo test --manifest-path=openssl/Cargo.toml --all-features
+      cargo test --manifest-path=openssl/Cargo.toml
   - *SAVE_DEPS
 
 openssl_111: &OPENSSL_111

openssl/Cargo.toml

@@ -13,6 +13,7 @@ build = "build.rs"
 [package.metadata.docs.rs]
 all-features = true
 
+# these are deprecated and don't do anything anymore
 [features]
 v101 = []
 v102 = []

openssl/src/dh.rs

@@ -83,9 +83,8 @@ impl Dh<Params> {
         ffi::d2i_DHparams
     }
 
-    /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
+    /// Requires OpenSSL 1.0.2 or newer.
-    #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
+    #[cfg(any(ossl102, ossl110))]
-              all(feature = "v111", ossl111)))]
     pub fn get_1024_160() -> Result<Dh<Params>, ErrorStack> {
         unsafe {
             ffi::init();
@@ -93,9 +92,8 @@ impl Dh<Params> {
         }
     }
 
-    /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
+    /// Requires OpenSSL 1.0.2 or newer.
-    #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
+    #[cfg(any(ossl102, ossl110))]
-              all(feature = "v111", ossl111)))]
     pub fn get_2048_224() -> Result<Dh<Params>, ErrorStack> {
         unsafe {
             ffi::init();
@@ -103,9 +101,8 @@ impl Dh<Params> {
         }
     }
 
-    /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
+    /// Requires OpenSSL 1.0.2 or newer.
-    #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
+    #[cfg(any(ossl102, ossl110))]
-              all(feature = "v111", ossl111)))]
     pub fn get_2048_256() -> Result<Dh<Params>, ErrorStack> {
         unsafe {
             ffi::init();
@@ -145,8 +142,7 @@ mod tests {
     use ssl::{SslContext, SslMethod};
 
     #[test]
-    #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
+    #[cfg(any(ossl102, ossl110))]
-              all(feature = "v111", ossl111)))]
     fn test_dh_rfc5114() {
         let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
         let dh1 = Dh::get_1024_160().unwrap();

openssl/src/pkcs5.rs

@@ -107,8 +107,8 @@ pub fn pbkdf2_hmac(
 
 /// Derives a key from a password and salt using the scrypt algorithm.
 ///
-/// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
+/// Requires OpenSSL 1.1.0 or newer.
-#[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
+#[cfg(any(ossl110))]
 pub fn scrypt(
     pass: &[u8],
     salt: &[u8],
@@ -271,7 +271,7 @@ mod tests {
     }
 
     #[test]
-    #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
+    #[cfg(any(ossl110))]
     fn scrypt() {
         use hex;
 

openssl/src/ssl/callbacks.rs

@@ -1,30 +1,29 @@
 use ffi;
 use libc::{c_char, c_int, c_uchar, c_uint, c_void};
-#[cfg(all(feature = "v111", ossl111))]
+#[cfg(ossl111)]
 use libc::size_t;
 use std::ffi::CStr;
 use std::ptr;
 use std::slice;
 use std::mem;
-#[cfg(all(feature = "v111", ossl111))]
+#[cfg(ossl111)]
 use std::str;
 use foreign_types::ForeignTypeRef;
 use foreign_types::ForeignType;
 
 use error::ErrorStack;
 use dh::Dh;
-#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))]
+#[cfg(any(ossl101, ossl102))]
 use ec::EcKey;
 use pkey::Params;
 use ssl::{get_callback_idx, get_ssl_callback_idx, SniError, SslAlert, SslContextRef, SslRef,
           SslSession, SslSessionRef};
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
+#[cfg(any(ossl102, ossl110))]
-          all(feature = "v111", ossl111)))]
 use ssl::AlpnError;
 use x509::X509StoreContextRef;
-#[cfg(all(feature = "v111", ossl111))]
+#[cfg(ossl111)]
 use ssl::ExtensionContext;
-#[cfg(all(feature = "v111", ossl111))]
+#[cfg(ossl111)]
 use x509::X509Ref;
 
 pub extern "C" fn raw_verify<F>(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX) -> c_int
@@ -118,8 +117,7 @@ where
     }
 }
 
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
+#[cfg(any(ossl102, ossl110))]
-          all(feature = "v111", ossl111)))]
 pub extern "C" fn raw_alpn_select<F>(
     ssl: *mut ffi::SSL,
     out: *mut *const c_uchar,
@@ -175,7 +173,7 @@ where
     }
 }
 
-#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))]
+#[cfg(any(ossl101, ossl102))]
 pub unsafe extern "C" fn raw_tmp_ecdh<F>(
     ssl: *mut ffi::SSL,
     is_export: c_int,
@@ -227,7 +225,7 @@ where
     }
 }
 
-#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))]
+#[cfg(any(ossl101, ossl102))]
 pub unsafe extern "C" fn raw_tmp_ecdh_ssl<F>(
     ssl: *mut ffi::SSL,
     is_export: c_int,
@@ -320,9 +318,9 @@ pub unsafe extern "C" fn raw_remove_session<F>(
     callback(ctx, session)
 }
 
-#[cfg(any(ossl110, ossl111))]
+#[cfg(any(ossl110))]
 type DataPtr = *const c_uchar;
-#[cfg(not(any(ossl110, ossl111)))]
+#[cfg(not(any(ossl110)))]
 type DataPtr = *mut c_uchar;
 
 pub unsafe extern "C" fn raw_get_session<F>(
@@ -352,7 +350,7 @@ where
     }
 }
 
-#[cfg(all(feature = "v111", ossl111))]
+#[cfg(ossl111)]
 pub unsafe extern "C" fn raw_keylog<F>(ssl: *const ffi::SSL, line: *const c_char)
 where
     F: Fn(&SslRef, &str) + 'static + Sync + Send,
@@ -423,10 +421,10 @@ where
     }
 }
 
-#[cfg(all(feature = "v111", ossl111))]
+#[cfg(ossl111)]
 pub struct CustomExtAddState<T>(Option<T>);
 
-#[cfg(all(feature = "v111", ossl111))]
+#[cfg(ossl111)]
 pub extern "C" fn raw_custom_ext_add<F, T>(
     ssl: *mut ffi::SSL,
     _: c_uint,
@@ -480,7 +478,7 @@ where
     }
 }
 
-#[cfg(all(feature = "v111", ossl111))]
+#[cfg(ossl111)]
 pub extern "C" fn raw_custom_ext_free<T>(
     ssl: *mut ffi::SSL,
     _: c_uint,
@@ -497,7 +495,7 @@ pub extern "C" fn raw_custom_ext_free<T>(
     }
 }
 
-#[cfg(all(feature = "v111", ossl111))]
+#[cfg(ossl111)]
 pub extern "C" fn raw_custom_ext_parse<F>(
     ssl: *mut ffi::SSL,
     _: c_uint,

openssl/src/ssl/connector.rs

@@ -296,7 +296,7 @@ fn setup_curves(ctx: &mut SslContextBuilder) -> Result<(), ErrorStack> {
 
 #[cfg(ossl102)]
 fn setup_curves(ctx: &mut SslContextBuilder) -> Result<(), ErrorStack> {
-    ctx._set_ecdh_auto(true)
+    ctx.set_ecdh_auto(true)
 }
 
 #[cfg(ossl110)]
@@ -316,7 +316,7 @@ fn setup_verify(ctx: &mut SslContextBuilder) {
 
 #[cfg(any(ossl102, ossl110))]
 fn setup_verify_hostname(ssl: &mut Ssl, domain: &str) -> Result<(), ErrorStack> {
-    let param = ssl._param_mut();
+    let param = ssl.param_mut();
     param.set_hostflags(::verify::X509CheckFlags::NO_PARTIAL_WILDCARDS);
     match domain.parse() {
         Ok(ip) => param.set_ip(ip),

openssl/src/ssl/mod.rs

@@ -80,12 +80,11 @@ use std::sync::Mutex;
 use {cvt, cvt_n, cvt_p, init};
 use dh::{Dh, DhRef};
 use ec::EcKeyRef;
-#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))]
+#[cfg(any(ossl101, ossl102))]
 use ec::EcKey;
 use x509::{X509, X509Name, X509Ref, X509StoreContextRef, X509VerifyResult};
 use x509::store::{X509StoreBuilderRef, X509StoreRef};
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
+#[cfg(any(ossl102, ossl110))]
-          all(feature = "v111", ossl111)))]
 use x509::store::X509Store;
 #[cfg(any(ossl102, ossl110))]
 use verify::X509VerifyParamRef;
@@ -97,6 +96,7 @@ use ssl::bio::BioMethod;
 use ssl::error::InnerError;
 use ssl::callbacks::*;
 use nid::Nid;
+#[cfg(ossl111)]
 use hash::MessageDigest;
 
 pub use ssl::connector::{ConnectConfiguration, SslAcceptor, SslAcceptorBuilder, SslConnector,
@@ -181,28 +181,27 @@ bitflags! {
 
         /// Disables the use of TLSv1.3.
         ///
-        /// Requires the `v111` feature and OpenSSL 1.1.1.
+        /// Requires OpenSSL 1.1.1 or newer.
-        #[cfg(all(feature = "v111", ossl111))]
+        #[cfg(ossl111)]
         const NO_TLSV1_3 = ffi::SSL_OP_NO_TLSv1_3;
 
         /// Disables the use of DTLSv1.0
         ///
-        /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
+        /// Requires OpenSSL 1.0.2 or newer.
-        #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
+        #[cfg(any(ossl102, ossl110))]
-                all(feature = "v111", ossl111)))]
         const NO_DTLSV1 = ffi::SSL_OP_NO_DTLSv1;
 
         /// Disables the use of DTLSv1.2.
-        /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
+        ///
-        #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
+        /// Requires OpenSSL 1.0.2, or newer.
-                all(feature = "v111", ossl111)))]
+        #[cfg(any(ossl102, ossl110))]
         const NO_DTLSV1_2 = ffi::SSL_OP_NO_DTLSv1_2;
 
         /// Disables the use of all (D)TLS protocol versions.
         ///
         /// This can be used as a mask when whitelisting protocol versions.
         ///
-        /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
+        /// Requires OpenSSL 1.0.2 or newer.
         ///
         /// # Examples
         ///
@@ -213,15 +212,14 @@ bitflags! {
         ///
         /// let options = SslOptions::NO_SSL_MASK & !SslOptions::NO_TLSV1_2;
         /// ```
-        #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
+        #[cfg(any(ossl102, ossl110))]
-                all(feature = "v111", ossl111)))]
         const NO_SSL_MASK = ffi::SSL_OP_NO_SSL_MASK;
 
         /// Enable TLSv1.3 Compatibility mode.
         ///
-        /// This is on by default in OpenSSL 1.1.1. A future version may have this
+        /// Requires OpenSSL 1.1.1 or newer. This is on by default in 1.1.1, but a future version
-        /// disabled by default.
+        /// may have this disabled by default.
-        #[cfg(all(feature = "v111", ossl111))]
+        #[cfg(ossl111)]
         const ENABLE_MIDDLEBOX_COMPAT = ffi::SSL_OP_ENABLE_MIDDLEBOX_COMPAT;
     }
 }
@@ -368,7 +366,7 @@ bitflags! {
     }
 }
 
-#[cfg(all(feature = "v111", ossl111))]
+#[cfg(ossl111)]
 bitflags! {
     /// Which messages and under which conditions an extension should be added or expected.
     pub struct ExtensionContext: c_uint {
@@ -542,19 +540,17 @@ impl SslAlert {
 
 /// An error returned from an ALPN selection callback.
 ///
-/// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
+/// Requires OpenSSL 1.0.2 or newer.
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
+#[cfg(any(ossl102, ossl110))]
-          all(feature = "v111", ossl111)))]
 #[derive(Debug, Copy, Clone, PartialEq, Eq)]
 pub struct AlpnError(c_int);
 
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
+#[cfg(any(ossl102, ossl110))]
-          all(feature = "v111", ossl111)))]
 impl AlpnError {
     /// Terminate the handshake with a fatal alert.
     ///
-    /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
+    /// Requires OpenSSL 1.1.0 or newer.
-    #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
+    #[cfg(any(ossl110))]
     pub const ALERT_FATAL: AlpnError = AlpnError(ffi::SSL_TLSEXT_ERR_ALERT_FATAL);
 
     /// Do not select a protocol, but continue the handshake.
@@ -580,8 +576,8 @@ impl SslVersion {
 
     /// TLSv1.3
     ///
-    /// Requires OpenSSL 1.1.1 and the corresponding Cargo feature.
+    /// Requires OpenSSL 1.1.1 or newer.
-    #[cfg(all(feature = "v111", ossl111))]
+    #[cfg(ossl111)]
     pub const TLS1_3: SslVersion = SslVersion(ffi::TLS1_3_VERSION);
 }
 
@@ -725,13 +721,12 @@ impl SslContextBuilder {
 
     /// Sets a custom certificate store for verifying peer certificates.
     ///
-    /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
+    /// Requires OpenSSL 1.0.2 or newer.
     ///
     /// This corresponds to [`SSL_CTX_set0_verify_cert_store`].
     ///
     /// [`SSL_CTX_set0_verify_cert_store`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set0_verify_cert_store.html
-    #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
+    #[cfg(any(ossl102, ossl110))]
-              all(feature = "v111", ossl111)))]
     pub fn set_verify_cert_store(&mut self, cert_store: X509Store) -> Result<(), ErrorStack> {
         unsafe {
             let ptr = cert_store.as_ptr();
@@ -819,10 +814,10 @@ impl SslContextBuilder {
     /// indicating if the selected cipher is export-grade, and the key length. The export and key
     /// length options are archaic and should be ignored in almost all cases.
     ///
-    /// Requires the `v101` feature and OpenSSL 1.0.1, or the `v102` feature and OpenSSL 1.0.2.
+    /// Requires OpenSSL 1.0.1 or 1.0.2.
     ///
     /// This corresponds to `SSL_CTX_set_tmp_ecdh_callback`.
-    #[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))]
+    #[cfg(any(ossl101, ossl102))]
     pub fn set_tmp_ecdh_callback<F>(&mut self, callback: F)
     where
         F: Fn(&mut SslRef, bool, u32) -> Result<EcKey<Params>, ErrorStack> + 'static + Sync + Send,
@@ -1032,18 +1027,13 @@ impl SslContextBuilder {
 
     /// Enables ECDHE key exchange with an automatically chosen curve list.
     ///
-    /// Requires the `v102` feature and OpenSSL 1.0.2.
+    /// Requires OpenSSL 1.0.2.
     ///
     /// This corresponds to [`SSL_CTX_set_ecdh_auto`].
     ///
     /// [`SSL_CTX_set_ecdh_auto`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_ecdh_auto.html
-    #[cfg(all(feature = "v102", any(ossl102, libressl)))]
-    pub fn set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> {
-        self._set_ecdh_auto(onoff)
-    }
-
     #[cfg(any(ossl102, libressl))]
-    fn _set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> {
+    pub fn set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> {
         unsafe { cvt(ffi::SSL_CTX_set_ecdh_auto(self.as_ptr(), onoff as c_int)).map(|_| ()) }
     }
 
@@ -1089,10 +1079,10 @@ impl SslContextBuilder {
     ///
     /// This corresponds to [`SSL_CTX_set_min_proto_version`].
     ///
-    /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
+    /// Requires OpenSSL 1.1.0 or newer.
     ///
     /// [`SSL_CTX_set_min_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html
-    #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
+    #[cfg(any(ossl110))]
     pub fn set_min_proto_version(&mut self, version: Option<SslVersion>) -> Result<(), ErrorStack> {
         unsafe {
             cvt(ffi::SSL_CTX_set_min_proto_version(
@@ -1109,10 +1099,10 @@ impl SslContextBuilder {
     ///
     /// This corresponds to [`SSL_CTX_set_max_proto_version`].
     ///
-    /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
+    /// Requires OpenSSL 1.1.0 or newer.
     ///
     /// [`SSL_CTX_set_max_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html
-    #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
+    #[cfg(any(ossl110))]
     pub fn set_max_proto_version(&mut self, version: Option<SslVersion>) -> Result<(), ErrorStack> {
         unsafe {
             cvt(ffi::SSL_CTX_set_max_proto_version(
@@ -1129,10 +1119,10 @@ impl SslContextBuilder {
     ///
     /// This corresponds to [`SSL_CTX_get_min_proto_version`].
     ///
-    /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
+    /// Requires OpenSSL 1.1.0 or newer.
     ///
     /// [`SSL_CTX_get_min_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html
-    #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
+    #[cfg(any(ossl110))]
     pub fn min_proto_version(&mut self) -> Option<SslVersion> {
         unsafe {
             let r = ffi::SSL_CTX_get_min_proto_version(self.as_ptr());
@@ -1151,10 +1141,10 @@ impl SslContextBuilder {
     ///
     /// This corresponds to [`SSL_CTX_get_max_proto_version`].
     ///
-    /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
+    /// Requires OpenSSL 1.1.0 or newer.
     ///
     /// [`SSL_CTX_get_max_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html
-    #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
+    #[cfg(any(ossl110))]
     pub fn max_proto_version(&mut self) -> Option<SslVersion> {
         unsafe {
             let r = ffi::SSL_CTX_get_max_proto_version(self.as_ptr());
@@ -1175,11 +1165,10 @@ impl SslContextBuilder {
     ///
     /// This corresponds to [`SSL_CTX_set_alpn_protos`].
     ///
-    /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
+    /// Requires OpenSSL 1.0.2 or newer.
     ///
     /// [`SSL_CTX_set_alpn_protos`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_alpn_protos.html
-    #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
+    #[cfg(any(ossl102, ossl110))]
-              all(feature = "v111", ossl111)))]
     pub fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack> {
         unsafe {
             assert!(protocols.len() <= c_uint::max_value() as usize);
@@ -1207,13 +1196,12 @@ impl SslContextBuilder {
     ///
     /// This corresponds to [`SSL_CTX_set_alpn_select_cb`].
     ///
-    /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
+    /// Requires OpenSSL 1.0.2 or newer.
     ///
     /// [`SslContextBuilder::set_alpn_protos`]: struct.SslContextBuilder.html#method.set_alpn_protos
     /// [`select_next_proto`]: fn.select_next_proto.html
     /// [`SSL_CTX_set_alpn_select_cb`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_alpn_protos.html
-    #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
+    #[cfg(any(ossl102, ossl110))]
-              all(feature = "v111", ossl111)))]
     pub fn set_alpn_select_callback<F>(&mut self, callback: F)
     where
         F: for<'a> Fn(&mut SslRef, &'a [u8]) -> Result<&'a [u8], AlpnError> + 'static + Sync + Send,
@@ -1409,12 +1397,12 @@ impl SslContextBuilder {
     /// SSLKEYLOGFILE-formatted text. This can be used by tools like Wireshark to decrypt message
     /// traffic. The line does not contain a trailing newline.
     ///
-    /// Requires OpenSSL 1.1.1 and the corresponding Cargo feature.
+    /// Requires OpenSSL 1.1.1 or newer.
     ///
     /// This corresponds to [`SSL_CTX_set_keylog_callback`].
     ///
     /// [`SSL_CTX_set_keylog_callback`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_keylog_callback.html
-    #[cfg(all(feature = "v111", ossl111))]
+    #[cfg(ossl111)]
     pub fn set_keylog_callback<F>(&mut self, callback: F)
     where
         F: Fn(&SslRef, &str) + 'static + Sync + Send,
@@ -1510,10 +1498,12 @@ impl SslContextBuilder {
 
     /// Adds a custom extension for a TLS/DTLS client or server for all supported protocol versions.
     ///
+    /// Requires OpenSSL 1.1.1 or newer.
+    ///
     /// This corresponds to [`SSL_CTX_add_custom_ext`].
     ///
     /// [`SSL_CTX_add_custom_ext`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_add_custom_ext.html
-    #[cfg(all(feature = "v111", ossl111))]
+    #[cfg(ossl111)]
     pub fn add_custom_ext<AddFn, ParseFn, T>(
         &mut self,
         ext_type: u16,
@@ -1632,13 +1622,12 @@ impl SslContext {
 impl SslContextRef {
     /// Returns the certificate associated with this `SslContext`, if present.
     ///
-    /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
+    /// Requires OpenSSL 1.0.2 or newer.
     ///
     /// This corresponds to [`SSL_CTX_get0_certificate`].
     ///
     /// [`SSL_CTX_get0_certificate`]: https://www.openssl.org/docs/man1.1.0/ssl/ssl.html
-    #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
+    #[cfg(any(ossl102, ossl110))]
-              all(feature = "v111", ossl111)))]
     pub fn certificate(&self) -> Option<&X509Ref> {
         unsafe {
             let ptr = ffi::SSL_CTX_get0_certificate(self.as_ptr());
@@ -1652,13 +1641,12 @@ impl SslContextRef {
 
     /// Returns the private key associated with this `SslContext`, if present.
     ///
-    /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
+    /// Requires OpenSSL 1.0.2 or newer.
     ///
     /// This corresponds to [`SSL_CTX_get0_privatekey`].
     ///
     /// [`SSL_CTX_get0_privatekey`]: https://www.openssl.org/docs/man1.1.0/ssl/ssl.html
-    #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
+    #[cfg(any(ossl102, ossl110))]
-              all(feature = "v111", ossl111)))]
     pub fn private_key(&self) -> Option<&PKeyRef<Private>> {
         unsafe {
             let ptr = ffi::SSL_CTX_get0_privatekey(self.as_ptr());
@@ -1819,26 +1807,38 @@ impl SslCipherRef {
 
     /// Returns the handshake digest of the cipher.
     ///
-    /// Available as of OpenSSL 1.1.1. This corresponds to [`SSL_CIPHER_get_handshake_digest`].
+    /// Requires OpenSSL 1.1.1 or newer.
+    ///
+    /// This corresponds to [`SSL_CIPHER_get_handshake_digest`].
     ///
     /// [`SSL_CIPHER_get_handshake_digest`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CIPHER_get_handshake_digest.html
-    #[cfg(all(feature = "v111", ossl111))]
+    #[cfg(ossl111)]
     pub fn handshake_digest(&self) -> Option<MessageDigest> {
         unsafe {
             let ptr = ffi::SSL_CIPHER_get_handshake_digest(self.as_ptr());
-            if ptr.is_null() { None } else { Some(MessageDigest::from_ptr(ptr)) }
+            if ptr.is_null() {
+                None
+            } else {
+                Some(MessageDigest::from_ptr(ptr))
+            }
         }
     }
 
     /// Returns the NID corresponding to the cipher.
     ///
-    /// Available as of OpenSSL 1.1.0. This corresponds to [`SSL_CIPHER_get_cipher_nid`]
+    /// Requires OpenSSL 1.1.0 or newer.
+    ///
+    /// This corresponds to [`SSL_CIPHER_get_cipher_nid`].
     ///
     /// [`SSL_CIPHER_get_cipher_nid`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CIPHER_get_cipher_nid.html
-    #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
+    #[cfg(any(ossl110))]
     pub fn cipher_nid(&self) -> Option<Nid> {
         let n = unsafe { ffi::SSL_CIPHER_get_cipher_nid(self.as_ptr()) };
-        if n == 0 { None } else { Some(Nid::from_raw(n)) }
+        if n == 0 {
+            None
+        } else {
+            Some(Nid::from_raw(n))
+        }
     }
 }
 
@@ -2053,12 +2053,12 @@ impl SslRef {
 
     /// Like [`SslContextBuilder::set_tmp_ecdh_callback`].
     ///
-    /// Requires the `v101` feature and OpenSSL 1.0.1, or the `v102` feature and OpenSSL 1.0.2.
+    /// Requires OpenSSL 1.0.1 or 1.0.2.
     ///
     /// This corresponds to `SSL_set_tmp_ecdh_callback`.
     ///
     /// [`SslContextBuilder::set_tmp_ecdh_callback`]: struct.SslContextBuilder.html#method.set_tmp_ecdh_callback
-    #[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))]
+    #[cfg(any(ossl101, ossl102))]
     pub fn set_tmp_ecdh_callback<F>(&mut self, callback: F)
     where
         F: Fn(&mut SslRef, bool, u32) -> Result<EcKey<Params>, ErrorStack> + 'static + Sync + Send,
@@ -2077,13 +2077,13 @@ impl SslRef {
 
     /// Like [`SslContextBuilder::set_ecdh_auto`].
     ///
-    /// Requires the `v102` feature and OpenSSL 1.0.2.
+    /// Requires OpenSSL 1.0.2.
     ///
     /// This corresponds to [`SSL_set_ecdh_auto`].
     ///
     /// [`SslContextBuilder::set_tmp_ecdh`]: struct.SslContextBuilder.html#method.set_tmp_ecdh
     /// [`SSL_set_ecdh_auto`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_set_ecdh_auto.html
-    #[cfg(all(feature = "v102", ossl102))]
+    #[cfg(ossl102)]
     pub fn set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> {
         unsafe { cvt(ffi::SSL_set_ecdh_auto(self.as_ptr(), onoff as c_int)).map(|_| ()) }
     }
@@ -2255,13 +2255,12 @@ impl SslRef {
     /// The protocol's name is returned is an opaque sequence of bytes. It is up to the client
     /// to interpret it.
     ///
-    /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
+    /// Requires OpenSSL 1.0.2 or newer.
     ///
     /// This corresponds to [`SSL_get0_alpn_selected`].
     ///
     /// [`SSL_get0_alpn_selected`]: https://www.openssl.org/docs/manmaster/man3/SSL_get0_next_proto_negotiated.html
-    #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
+    #[cfg(any(ossl102, ossl110))]
-              all(feature = "v111", ossl111)))]
     pub fn selected_alpn_protocol(&self) -> Option<&[u8]> {
         unsafe {
             let mut data: *const c_uchar = ptr::null();
@@ -2331,19 +2330,13 @@ impl SslRef {
 
     /// Returns a mutable reference to the X509 verification configuration.
     ///
-    /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
+    /// Requires OpenSSL 1.0.2 or newer.
     ///
     /// This corresponds to [`SSL_get0_param`].
     ///
     /// [`SSL_get0_param`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_get0_param.html
-    #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
-              all(feature = "v111", ossl111)))]
-    pub fn param_mut(&mut self) -> &mut X509VerifyParamRef {
-        self._param_mut()
-    }
-
     #[cfg(any(ossl102, ossl110))]
-    fn _param_mut(&mut self) -> &mut X509VerifyParamRef {
+    pub fn param_mut(&mut self) -> &mut X509VerifyParamRef {
         unsafe { X509VerifyParamRef::from_ptr_mut(ffi::SSL_get0_param(self.as_ptr())) }
     }
 
@@ -2377,12 +2370,12 @@ impl SslRef {
     /// Returns the number of bytes copied, or if the buffer is empty, the size of the client_random
     /// value.
     ///
-    /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
+    /// Requires OpenSSL 1.1.0 or newer.
     ///
     /// This corresponds to [`SSL_get_client_random`].
     ///
     /// [`SSL_get_client_random`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_get_client_random.html
-    #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
+    #[cfg(any(ossl110))]
     pub fn client_random(&self, buf: &mut [u8]) -> usize {
         unsafe {
             ffi::SSL_get_client_random(self.as_ptr(), buf.as_mut_ptr() as *mut c_uchar, buf.len())
@@ -2394,12 +2387,12 @@ impl SslRef {
     /// Returns the number of bytes copied, or if the buffer is empty, the size of the server_random
     /// value.
     ///
-    /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
+    /// Requires OpenSSL 1.1.0 or newer.
     ///
     /// This corresponds to [`SSL_get_server_random`].
     ///
     /// [`SSL_get_server_random`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_get_client_random.html
-    #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
+    #[cfg(any(ossl110))]
     pub fn server_random(&self, buf: &mut [u8]) -> usize {
         unsafe {
             ffi::SSL_get_server_random(self.as_ptr(), buf.as_mut_ptr() as *mut c_uchar, buf.len())

openssl/src/ssl/test.rs

@@ -20,11 +20,10 @@ use ocsp::{OcspResponse, OcspResponseStatus};
 use ssl;
 use ssl::{Error, HandshakeError, ShutdownResult, Ssl, SslAcceptor, SslConnector, SslContext,
           SslFiletype, SslMethod, SslSessionCacheMode, SslStream, SslVerifyMode, StatusType};
-#[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
+#[cfg(any(ossl110))]
 use ssl::SslVersion;
 use x509::{X509, X509Name, X509StoreContext, X509VerifyResult};
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
+#[cfg(any(ossl102, ossl110))]
-          all(feature = "v111", ossl111)))]
 use x509::verify::X509CheckFlags;
 use pkey::PKey;
 
@@ -138,17 +137,14 @@ macro_rules! run_test(
             use ssl::{SslContext, Ssl, SslStream, SslVerifyMode, SslOptions};
             use hash::MessageDigest;
             use x509::{X509StoreContext, X509VerifyResult};
-            #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
+            #[cfg(any(ossl102, ossl110))]
-                    all(feature = "v111", ossl111)))]
             use x509::X509;
-            #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
+            #[cfg(any(ossl102, ossl110))]
-                    all(feature = "v111", ossl111)))]
             use x509::store::X509StoreBuilder;
             use hex::FromHex;
             use foreign_types::ForeignTypeRef;
             use super::Server;
-            #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
+            #[cfg(any(ossl102, ossl110))]
-                    all(feature = "v111", ossl111)))]
             use super::ROOT_CERT;
 
             #[test]
@@ -188,8 +184,7 @@ run_test!(verify_trusted, |method, stream| {
     }
 });
 
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
+#[cfg(any(ossl102, ossl110))]
-          all(feature = "v111", ossl111)))]
 run_test!(verify_trusted_with_set_cert, |method, stream| {
     let x509 = X509::from_pem(ROOT_CERT).unwrap();
     let mut store = X509StoreBuilder::new().unwrap();
@@ -484,8 +479,7 @@ fn test_state() {
 /// Tests that connecting with the client using ALPN, but the server not does not
 /// break the existing connection behavior.
 #[test]
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
+#[cfg(any(ossl102, ossl110))]
-          all(feature = "v111", ossl111)))]
 fn test_connect_with_unilateral_alpn() {
     let (_s, stream) = Server::new();
     let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
@@ -507,8 +501,7 @@ fn test_connect_with_unilateral_alpn() {
 /// Tests that when both the client as well as the server use ALPN and their
 /// lists of supported protocols have an overlap, the correct protocol is chosen.
 #[test]
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
+#[cfg(any(ossl102, ossl110))]
-          all(feature = "v111", ossl111)))]
 fn test_connect_with_alpn_successful_multiple_matching() {
     let (_s, stream) = Server::new_alpn();
     let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
@@ -531,8 +524,7 @@ fn test_connect_with_alpn_successful_multiple_matching() {
 /// lists of supported protocols have an overlap -- with only ONE protocol
 /// being valid for both.
 #[test]
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
+#[cfg(any(ossl102, ossl110))]
-          all(feature = "v111", ossl111)))]
 fn test_connect_with_alpn_successful_single_match() {
     let (_s, stream) = Server::new_alpn();
     let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
@@ -554,8 +546,7 @@ fn test_connect_with_alpn_successful_single_match() {
 /// Tests that when the `SslStream` is created as a server stream, the protocols
 /// are correctly advertised to the client.
 #[test]
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
+#[cfg(any(ossl102, ossl110))]
-          all(feature = "v111", ossl111)))]
 fn test_alpn_server_advertise_multiple() {
     let listener = TcpListener::bind("127.0.0.1:0").unwrap();
     let localhost = listener.local_addr().unwrap();
@@ -597,7 +588,7 @@ fn test_alpn_server_advertise_multiple() {
 }
 
 #[test]
-#[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
+#[cfg(any(ossl110))]
 fn test_alpn_server_select_none_fatal() {
     let listener = TcpListener::bind("127.0.0.1:0").unwrap();
     let localhost = listener.local_addr().unwrap();
@@ -631,8 +622,7 @@ fn test_alpn_server_select_none_fatal() {
 }
 
 #[test]
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
+#[cfg(any(ossl102, ossl110))]
-          all(feature = "v111", ossl111)))]
 fn test_alpn_server_select_none() {
     let listener = TcpListener::bind("127.0.0.1:0").unwrap();
     let localhost = listener.local_addr().unwrap();
@@ -799,8 +789,7 @@ fn add_extra_chain_cert() {
 }
 
 #[test]
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
+#[cfg(any(ossl102, ossl110))]
-          all(feature = "v111", ossl111)))]
 fn verify_valid_hostname() {
     let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
     ctx.set_default_verify_paths().unwrap();
@@ -825,8 +814,7 @@ fn verify_valid_hostname() {
 }
 
 #[test]
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
+#[cfg(any(ossl102, ossl110))]
-          all(feature = "v111", ossl111)))]
 fn verify_invalid_hostname() {
     let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
     ctx.set_default_verify_paths().unwrap();
@@ -1070,8 +1058,7 @@ fn tmp_dh_callback() {
 }
 
 #[test]
-#[cfg(any(all(feature = "v101", ossl101, not(any(libressl261, libressl262, libressl26x))),
+#[cfg(any(all(ossl101, not(libressl)), ossl102))]
-          all(feature = "v102", ossl102)))]
 fn tmp_ecdh_callback() {
     use ec::EcKey;
     use nid::Nid;
@@ -1145,8 +1132,7 @@ fn tmp_dh_callback_ssl() {
 }
 
 #[test]
-#[cfg(any(all(feature = "v101", ossl101, not(any(libressl261, libressl262, libressl26x))),
+#[cfg(any(all(ossl101, not(libressl)), ossl102))]
-          all(feature = "v102", ossl102)))]
 fn tmp_ecdh_callback_ssl() {
     use ec::EcKey;
     use nid::Nid;
@@ -1323,7 +1309,7 @@ fn keying_export() {
 }
 
 #[test]
-#[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
+#[cfg(any(ossl110))]
 fn no_version_overlap() {
     let listener = TcpListener::bind("127.0.0.1:0").unwrap();
     let addr = listener.local_addr().unwrap();
@@ -1354,7 +1340,7 @@ fn no_version_overlap() {
 }
 
 #[test]
-#[cfg(all(feature = "v111", ossl111))]
+#[cfg(ossl111)]
 fn custom_extensions() {
     static FOUND_EXTENSION: AtomicBool = ATOMIC_BOOL_INIT;
 
@@ -1369,9 +1355,13 @@ fn custom_extensions() {
         ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM)
             .unwrap();
         ctx.add_custom_ext(
-            12345, ssl::ExtensionContext::CLIENT_HELLO,
+            12345,
+            ssl::ExtensionContext::CLIENT_HELLO,
             |_, _, _| -> Result<Option<&'static [u8]>, _> { unreachable!() },
-            |_, _, data, _| { FOUND_EXTENSION.store(data == b"hello", Ordering::SeqCst); Ok(()) }
+            |_, _, data, _| {
+                FOUND_EXTENSION.store(data == b"hello", Ordering::SeqCst);
+                Ok(())
+            },
         ).unwrap();
         let ssl = Ssl::new(&ctx.build()).unwrap();
         ssl.accept(stream).unwrap();
@@ -1380,9 +1370,10 @@ fn custom_extensions() {
     let stream = TcpStream::connect(addr).unwrap();
     let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
     ctx.add_custom_ext(
-        12345, ssl::ExtensionContext::CLIENT_HELLO,
+        12345,
+        ssl::ExtensionContext::CLIENT_HELLO,
         |_, _, _| Ok(Some(b"hello")),
-        |_, _, _, _| unreachable!()
+        |_, _, _, _| unreachable!(),
     ).unwrap();
     let ssl = Ssl::new(&ctx.build()).unwrap();
     ssl.connect(stream).unwrap();

openssl/src/symm.rs

@@ -83,7 +83,11 @@ impl Cipher {
     /// [`EVP_get_cipherbynid`]: https://www.openssl.org/docs/man1.0.2/crypto/EVP_get_cipherbyname.html
     pub fn from_nid(nid: Nid) -> Option<Cipher> {
         let ptr = unsafe { ffi::EVP_get_cipherbyname(ffi::OBJ_nid2sn(nid.as_raw())) };
-        if ptr.is_null() { None } else { Some(Cipher(ptr)) }
+        if ptr.is_null() {
+            None
+        } else {
+            Some(Cipher(ptr))
+        }
     }
 
     pub fn aes_128_ecb() -> Cipher {
@@ -194,14 +198,14 @@ impl Cipher {
         unsafe { Cipher(ffi::EVP_rc4()) }
     }
 
-    /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
+    /// Requires OpenSSL 1.1.0 or newer.
-    #[cfg(any(all(ossl110, feature = "v110"), all(ossl111, feature = "v111")))]
+    #[cfg(any(ossl110))]
     pub fn chacha20() -> Cipher {
         unsafe { Cipher(ffi::EVP_chacha20()) }
     }
 
-    /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
+    /// Requires OpenSSL 1.1.0 or newer.
-    #[cfg(any(all(ossl110, feature = "v110"), all(ossl111, feature = "v111")))]
+    #[cfg(any(ossl110))]
     pub fn chacha20_poly1305() -> Cipher {
         unsafe { Cipher(ffi::EVP_chacha20_poly1305()) }
     }
@@ -439,7 +443,7 @@ impl Crypter {
     ///
     /// The total plaintext or ciphertext length MUST be passed to the cipher when it operates in
     /// CCM mode.
-    pub fn set_data_len(&mut self, data_len: usize)-> Result<(), ErrorStack> {
+    pub fn set_data_len(&mut self, data_len: usize) -> Result<(), ErrorStack> {
         unsafe {
             assert!(data_len <= c_int::max_value() as usize);
             let mut len = 0;
@@ -1203,7 +1207,7 @@ mod tests {
     }
 
     #[test]
-    #[cfg(any(all(ossl110, feature = "v110"), all(ossl111, feature = "v111")))]
+    #[cfg(any(ossl110))]
     fn test_chacha20() {
         let key = "0000000000000000000000000000000000000000000000000000000000000000";
         let iv = "00000000000000000000000000000000";
@@ -1218,7 +1222,7 @@ mod tests {
     }
 
     #[test]
-    #[cfg(any(all(ossl110, feature = "v110"), all(ossl111, feature = "v111")))]
+    #[cfg(any(ossl110))]
     fn test_chacha20_poly1305() {
         let key = "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f";
         let iv = "070000004041424344454647";

openssl/src/verify.rs

@@ -15,8 +15,8 @@ bitflags! {
         const MULTI_LABEL_WILDCARDS = ffi::X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS;
         const SINGLE_LABEL_SUBDOMAINS
             = ffi::X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS;
-        /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
+        /// Requires OpenSSL 1.1.0 or newer.
-        #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
+        #[cfg(any(ossl110))]
         const NEVER_CHECK_SUBJECT = ffi::X509_CHECK_FLAG_NEVER_CHECK_SUBJECT;
     }
 }

openssl/src/x509/mod.rs

@@ -40,8 +40,7 @@ use ffi::{ASN1_STRING_get0_data as ASN1_STRING_data,
           X509_STORE_CTX_get0_chain as X509_STORE_CTX_get_chain,
           X509_set1_notAfter as X509_set_notAfter, X509_set1_notBefore as X509_set_notBefore};
 
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
+#[cfg(any(ossl102, ossl110))]
-          all(feature = "v111", ossl111)))]
 pub mod verify;
 
 pub mod extension;