diff --git a/openssl-sys/build.rs b/openssl-sys/build.rs index e0692034..9db1f76b 100644 --- a/openssl-sys/build.rs +++ b/openssl-sys/build.rs @@ -187,9 +187,6 @@ fn main() { let mut cfgs = vec![]; - cfgs.push("ossl102"); - cfgs.push("ossl102f"); - cfgs.push("ossl102h"); cfgs.push("ossl110"); for cfg in cfgs { diff --git a/openssl-sys/src/asn1.rs b/openssl-sys/src/asn1.rs index b1fdf9e8..29f420a0 100644 --- a/openssl-sys/src/asn1.rs +++ b/openssl-sys/src/asn1.rs @@ -37,7 +37,6 @@ extern "C" { pub fn ASN1_GENERALIZEDTIME_free(tm: *mut ASN1_GENERALIZEDTIME); pub fn ASN1_GENERALIZEDTIME_print(b: *mut BIO, tm: *const ASN1_GENERALIZEDTIME) -> c_int; pub fn ASN1_TIME_new() -> *mut ASN1_TIME; - #[cfg(ossl102)] pub fn ASN1_TIME_diff( pday: *mut c_int, psec: *mut c_int, diff --git a/openssl-sys/src/bio.rs b/openssl-sys/src/bio.rs index bf9006a8..b0338bf8 100644 --- a/openssl-sys/src/bio.rs +++ b/openssl-sys/src/bio.rs @@ -99,16 +99,9 @@ cfg_if! { } } } -cfg_if! { - if #[cfg(any(ossl102, libressl280))] { - extern "C" { - pub fn BIO_new_mem_buf(buf: *const c_void, len: c_int) -> *mut BIO; - } - } else { - extern "C" { - pub fn BIO_new_mem_buf(buf: *mut c_void, len: c_int) -> *mut BIO; - } - } + +extern "C" { + pub fn BIO_new_mem_buf(buf: *const c_void, len: c_int) -> *mut BIO; } extern "C" { diff --git a/openssl-sys/src/evp.rs b/openssl-sys/src/evp.rs index 5cd3ecc3..8f7bac9b 100644 --- a/openssl-sys/src/evp.rs +++ b/openssl-sys/src/evp.rs @@ -168,24 +168,12 @@ extern "C" { ) -> c_int; } -cfg_if! { - if #[cfg(any(ossl102, libressl280))] { - extern "C" { - pub fn EVP_DigestVerifyFinal( - ctx: *mut EVP_MD_CTX, - sigret: *const c_uchar, - siglen: size_t, - ) -> c_int; - } - } else { - extern "C" { - pub fn EVP_DigestVerifyFinal( - ctx: *mut EVP_MD_CTX, - sigret: *mut c_uchar, - siglen: size_t, - ) -> c_int; - } - } +extern "C" { + pub fn EVP_DigestVerifyFinal( + ctx: *mut EVP_MD_CTX, + sigret: *const c_uchar, + siglen: size_t, + ) -> c_int; } extern "C" { diff --git a/openssl-sys/src/ossl_typ.rs b/openssl-sys/src/ossl_typ.rs index c897205f..f3a43465 100644 --- a/openssl-sys/src/ossl_typ.rs +++ b/openssl-sys/src/ossl_typ.rs @@ -327,26 +327,7 @@ cfg_if! { } pub enum X509_STORE_CTX {} - -cfg_if! { - if #[cfg(any(ossl110, libressl280))] { - pub enum X509_VERIFY_PARAM {} - } else { - #[repr(C)] - pub struct X509_VERIFY_PARAM { - pub name: *mut c_char, - pub check_time: time_t, - pub inh_flags: c_ulong, - pub flags: c_ulong, - pub purpose: c_int, - pub trust: c_int, - pub depth: c_int, - pub policies: *mut stack_st_ASN1_OBJECT, - #[cfg(ossl102)] - pub id: *mut X509_VERIFY_PARAM_ID, - } - } -} +pub enum X509_VERIFY_PARAM {} #[repr(C)] pub struct X509V3_CTX { @@ -522,9 +503,9 @@ cfg_if! { renegotiate: c_int, #[cfg(not(osslconf = "OPENSSL_NO_SRP"))] srp_ctx: ::SRP_CTX, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT")))] alpn_client_proto_list: *mut c_uchar, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT")))] alpn_client_proto_list_len: c_uint, } } @@ -645,37 +626,33 @@ cfg_if! { #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT")))] srtp_profiles: *mut c_void, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT")))] alpn_select_cb: *mut c_void, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT")))] alpn_select_cb_arg: *mut c_void, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT")))] alpn_client_proto_list: *mut c_void, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT")))] alpn_client_proto_list_len: c_uint, #[cfg(all( not(osslconf = "OPENSSL_NO_TLSEXT"), - not(osslconf = "OPENSSL_NO_EC"), - ossl102 + not(osslconf = "OPENSSL_NO_EC") ))] tlsext_ecpointformatlist_length: size_t, #[cfg(all( not(osslconf = "OPENSSL_NO_TLSEXT"), - not(osslconf = "OPENSSL_NO_EC"), - ossl102 + not(osslconf = "OPENSSL_NO_EC") ))] tlsext_ecpointformatlist: *mut c_uchar, #[cfg(all( not(osslconf = "OPENSSL_NO_TLSEXT"), - not(osslconf = "OPENSSL_NO_EC"), - ossl102 + not(osslconf = "OPENSSL_NO_EC") ))] tlsext_ellipticcurvelist_length: size_t, #[cfg(all( not(osslconf = "OPENSSL_NO_TLSEXT"), - not(osslconf = "OPENSSL_NO_EC"), - ossl102 + not(osslconf = "OPENSSL_NO_EC") ))] tlsext_ellipticcurvelist: *mut c_uchar, } diff --git a/openssl-sys/src/ssl.rs b/openssl-sys/src/ssl.rs index 53520d9c..1d07d41b 100644 --- a/openssl-sys/src/ssl.rs +++ b/openssl-sys/src/ssl.rs @@ -126,9 +126,7 @@ pub const SSL_OP_NO_TLSv1_1: c_uint = 0x10000000; pub const SSL_OP_NO_TLSv1_2: c_uint = 0x08000000; pub const SSL_OP_NO_TLSv1: c_uint = 0x04000000; -#[cfg(ossl102)] pub const SSL_OP_NO_DTLSv1: c_uint = 0x04000000; -#[cfg(ossl102)] pub const SSL_OP_NO_DTLSv1_2: c_uint = 0x08000000; pub const SSL_OP_NO_TLSv1_3: c_uint = 0x20000000; @@ -258,12 +256,8 @@ pub const OPENSSL_NPN_NEGOTIATED: c_int = 1; pub const OPENSSL_NPN_NO_OVERLAP: c_int = 2; extern "C" { - #[cfg(any(ossl102, libressl261))] pub fn SSL_CTX_set_alpn_protos(s: *mut SSL_CTX, data: *const c_uchar, len: c_uint) -> c_int; - #[cfg(any(ossl102, libressl261))] pub fn SSL_set_alpn_protos(s: *mut SSL, data: *const c_uchar, len: c_uint) -> c_int; - // FIXME should take an Option - #[cfg(any(ossl102, libressl261))] pub fn SSL_CTX_set_alpn_select_cb( ssl: *mut SSL_CTX, cb: extern "C" fn( @@ -276,7 +270,6 @@ extern "C" { ) -> c_int, arg: *mut c_void, ); - #[cfg(any(ossl102, libressl261))] pub fn SSL_get0_alpn_selected(s: *const SSL, data: *mut *const c_uchar, len: *mut c_uint); } @@ -454,7 +447,6 @@ extern "C" { pub fn SSL_new(ctx: *mut SSL_CTX) -> *mut SSL; - #[cfg(any(ossl102, libressl261))] pub fn SSL_get0_param(ssl: *mut SSL) -> *mut X509_VERIFY_PARAM; } @@ -499,7 +491,6 @@ cfg_if! { pub fn DTLSv1_method() -> *const SSL_METHOD; - #[cfg(ossl102)] pub fn DTLSv1_2_method() -> *const SSL_METHOD; } } @@ -540,22 +531,13 @@ extern "C" { pub fn SSL_get_certificate(ssl: *const SSL) -> *mut X509; } -cfg_if! { - if #[cfg(any(ossl102, libressl280))] { - extern "C" { - pub fn SSL_get_privatekey(ssl: *const SSL) -> *mut EVP_PKEY; - } - } else { - extern "C" { - pub fn SSL_get_privatekey(ssl: *mut SSL) -> *mut EVP_PKEY; - } - } + +extern "C" { + pub fn SSL_get_privatekey(ssl: *const SSL) -> *mut EVP_PKEY; } extern "C" { - #[cfg(ossl102)] pub fn SSL_CTX_get0_certificate(ctx: *const SSL_CTX) -> *mut X509; - #[cfg(ossl102)] pub fn SSL_CTX_get0_privatekey(ctx: *const SSL_CTX) -> *mut EVP_PKEY; pub fn SSL_set_shutdown(ss: *mut SSL, mode: c_int); diff --git a/openssl-sys/src/x509.rs b/openssl-sys/src/x509.rs index c653aad4..f27795ed 100644 --- a/openssl-sys/src/x509.rs +++ b/openssl-sys/src/x509.rs @@ -211,26 +211,13 @@ extern "C" { pub fn i2d_ECPrivateKey(ec_key: *const EC_KEY, pp: *mut *mut c_uchar) -> c_int; } -cfg_if! { - if #[cfg(ossl110)] { - extern "C" { - pub fn X509_ALGOR_get0( - paobj: *mut *const ASN1_OBJECT, - pptype: *mut c_int, - ppval: *mut *const c_void, - alg: *const X509_ALGOR, - ); - } - } else if #[cfg(ossl102)] { - extern "C" { - pub fn X509_ALGOR_get0( - paobj: *mut *mut ASN1_OBJECT, - pptype: *mut c_int, - ppval: *mut *mut c_void, - alg: *mut X509_ALGOR, - ); - } - } +extern "C" { + pub fn X509_ALGOR_get0( + paobj: *mut *const ASN1_OBJECT, + pptype: *mut c_int, + ppval: *mut *const c_void, + alg: *const X509_ALGOR, + ); } extern "C" { @@ -269,27 +256,15 @@ extern "C" { pub fn i2d_X509_REQ(x: *mut X509_REQ, buf: *mut *mut u8) -> c_int; } -cfg_if! { - if #[cfg(any(ossl110, libressl273))] { - extern "C" { - pub fn X509_get0_signature( - psig: *mut *const ASN1_BIT_STRING, - palg: *mut *const X509_ALGOR, - x: *const X509, - ); - } - } else if #[cfg(ossl102)] { - extern "C" { - pub fn X509_get0_signature( - psig: *mut *mut ASN1_BIT_STRING, - palg: *mut *mut X509_ALGOR, - x: *const X509, - ); - } - } -} extern "C" { - #[cfg(ossl102)] + pub fn X509_get0_signature( + psig: *mut *const ASN1_BIT_STRING, + palg: *mut *const X509_ALGOR, + x: *const X509, + ); +} + +extern "C" { pub fn X509_get_signature_nid(x: *const X509) -> c_int; pub fn X509_EXTENSION_free(ext: *mut X509_EXTENSION); diff --git a/openssl-sys/src/x509_vfy.rs b/openssl-sys/src/x509_vfy.rs index 8ab77e2b..8b2482fb 100644 --- a/openssl-sys/src/x509_vfy.rs +++ b/openssl-sys/src/x509_vfy.rs @@ -2,11 +2,9 @@ use libc::*; use *; -#[cfg(any(libressl, all(ossl102, not(ossl110))))] pub enum X509_VERIFY_PARAM_ID {} pub const X509_V_OK: c_int = 0; -#[cfg(ossl102f)] pub const X509_V_ERR_UNSPECIFIED: c_int = 1; pub const X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: c_int = 2; pub const X509_V_ERR_UNABLE_TO_GET_CRL: c_int = 3; @@ -61,23 +59,14 @@ pub const X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: c_int = 51; pub const X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: c_int = 52; pub const X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: c_int = 53; pub const X509_V_ERR_CRL_PATH_VALIDATION_ERROR: c_int = 54; -#[cfg(ossl102)] pub const X509_V_ERR_SUITE_B_INVALID_VERSION: c_int = 56; -#[cfg(ossl102)] pub const X509_V_ERR_SUITE_B_INVALID_ALGORITHM: c_int = 57; -#[cfg(ossl102)] pub const X509_V_ERR_SUITE_B_INVALID_CURVE: c_int = 58; -#[cfg(ossl102)] pub const X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM: c_int = 59; -#[cfg(ossl102)] pub const X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED: c_int = 60; -#[cfg(ossl102)] pub const X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256: c_int = 61; -#[cfg(ossl102)] pub const X509_V_ERR_HOSTNAME_MISMATCH: c_int = 62; -#[cfg(ossl102)] pub const X509_V_ERR_EMAIL_MISMATCH: c_int = 63; -#[cfg(ossl102)] pub const X509_V_ERR_IP_ADDRESS_MISMATCH: c_int = 64; pub const X509_V_ERR_INVALID_CALL: c_int = 65; @@ -122,18 +111,14 @@ cfg_if! { } extern "C" { - #[cfg(any(ossl102, libressl261))] pub fn X509_VERIFY_PARAM_free(param: *mut X509_VERIFY_PARAM); - #[cfg(any(ossl102, libressl261))] pub fn X509_VERIFY_PARAM_set1_host( param: *mut X509_VERIFY_PARAM, name: *const c_char, namelen: size_t, ) -> c_int; - #[cfg(any(ossl102, libressl261))] pub fn X509_VERIFY_PARAM_set_hostflags(param: *mut X509_VERIFY_PARAM, flags: c_uint); - #[cfg(any(ossl102, libressl261))] pub fn X509_VERIFY_PARAM_set1_ip( param: *mut X509_VERIFY_PARAM, ip: *const c_uchar, diff --git a/openssl-sys/src/x509v3.rs b/openssl-sys/src/x509v3.rs index 19356309..813e28d1 100644 --- a/openssl-sys/src/x509v3.rs +++ b/openssl-sys/src/x509v3.rs @@ -36,17 +36,11 @@ extern "C" { pub fn AUTHORITY_KEYID_free(akid: *mut AUTHORITY_KEYID); } -#[cfg(any(ossl102, libressl261))] pub const X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT: c_uint = 0x1; -#[cfg(any(ossl102, libressl261))] pub const X509_CHECK_FLAG_NO_WILDCARDS: c_uint = 0x2; -#[cfg(any(ossl102, libressl261))] pub const X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS: c_uint = 0x4; -#[cfg(any(ossl102, libressl261))] pub const X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS: c_uint = 0x8; -#[cfg(any(ossl102, libressl261))] pub const X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS: c_uint = 0x10; -#[cfg(ossl110)] pub const X509_CHECK_FLAG_NEVER_CHECK_SUBJECT: c_uint = 0x20; cfg_if! { @@ -148,8 +142,6 @@ pub const EXFLAG_CRITICAL: u32 = 0x200; pub const EXFLAG_PROXY: u32 = 0x400; pub const EXFLAG_INVALID_POLICY: u32 = 0x800; pub const EXFLAG_FRESHEST: u32 = 0x1000; -// before ossl102 / libressl260 EXFLAG_SS was 0x20 (the same as EXFLAG_SI); probably not useful semantic -#[cfg(any(ossl102, libressl261))] pub const EXFLAG_SS: u32 = 0x2000; /* cfg_if! { diff --git a/openssl/build.rs b/openssl/build.rs index 28ee51cf..86285532 100644 --- a/openssl/build.rs +++ b/openssl/build.rs @@ -1,9 +1,6 @@ fn main() { let mut cfgs = vec![]; - cfgs.push("ossl102"); - cfgs.push("ossl102f"); - cfgs.push("ossl102h"); cfgs.push("ossl110"); for cfg in cfgs { diff --git a/openssl/src/asn1.rs b/openssl/src/asn1.rs index 31bb070b..6690f911 100644 --- a/openssl/src/asn1.rs +++ b/openssl/src/asn1.rs @@ -27,7 +27,6 @@ use ffi; use foreign_types::{ForeignType, ForeignTypeRef}; use libc::{c_char, c_int, c_long, time_t}; -#[cfg(ossl102)] use std::cmp::Ordering; use std::ffi::CString; use std::fmt; @@ -91,7 +90,6 @@ impl fmt::Display for Asn1GeneralizedTimeRef { /// [`diff`]: struct.Asn1TimeRef.html#method.diff /// [`Asn1TimeRef`]: struct.Asn1TimeRef.html #[derive(Debug, Clone, PartialEq, Eq, Hash)] -#[cfg(ossl102)] pub struct TimeDiff { /// Difference in days pub days: c_int, @@ -127,7 +125,6 @@ impl Asn1TimeRef { /// This corresponds to [`ASN1_TIME_diff`]. /// /// [`ASN1_TIME_diff`]: https://www.openssl.org/docs/man1.1.0/crypto/ASN1_TIME_diff.html - #[cfg(ossl102)] pub fn diff(&self, compare: &Self) -> Result { let mut days = 0; let mut secs = 0; @@ -148,7 +145,6 @@ impl Asn1TimeRef { /// /// [`ASN1_TIME_compare`]: https://www.openssl.org/docs/man1.1.1/man3/ASN1_TIME_compare.html /// [`diff`]: struct.Asn1TimeRef.html#method.diff - #[cfg(ossl102)] pub fn compare(&self, other: &Self) -> Result { let d = self.diff(other)?; if d.days > 0 || d.secs > 0 { @@ -162,7 +158,6 @@ impl Asn1TimeRef { } } -#[cfg(ossl102)] impl PartialEq for Asn1TimeRef { fn eq(&self, other: &Asn1TimeRef) -> bool { self.diff(other) @@ -171,7 +166,6 @@ impl PartialEq for Asn1TimeRef { } } -#[cfg(ossl102)] impl PartialEq for Asn1TimeRef { fn eq(&self, other: &Asn1Time) -> bool { self.diff(other) @@ -180,7 +174,6 @@ impl PartialEq for Asn1TimeRef { } } -#[cfg(ossl102)] impl<'a> PartialEq for &'a Asn1TimeRef { fn eq(&self, other: &Asn1Time) -> bool { self.diff(other) @@ -189,21 +182,18 @@ impl<'a> PartialEq for &'a Asn1TimeRef { } } -#[cfg(ossl102)] impl PartialOrd for Asn1TimeRef { fn partial_cmp(&self, other: &Asn1TimeRef) -> Option { self.compare(other).ok() } } -#[cfg(ossl102)] impl PartialOrd for Asn1TimeRef { fn partial_cmp(&self, other: &Asn1Time) -> Option { self.compare(other).ok() } } -#[cfg(ossl102)] impl<'a> PartialOrd for &'a Asn1TimeRef { fn partial_cmp(&self, other: &Asn1Time) -> Option { self.compare(other).ok() @@ -284,7 +274,6 @@ impl Asn1Time { } } -#[cfg(ossl102)] impl PartialEq for Asn1Time { fn eq(&self, other: &Asn1Time) -> bool { self.diff(other) @@ -293,7 +282,6 @@ impl PartialEq for Asn1Time { } } -#[cfg(ossl102)] impl PartialEq for Asn1Time { fn eq(&self, other: &Asn1TimeRef) -> bool { self.diff(other) @@ -302,7 +290,6 @@ impl PartialEq for Asn1Time { } } -#[cfg(ossl102)] impl<'a> PartialEq<&'a Asn1TimeRef> for Asn1Time { fn eq(&self, other: &&'a Asn1TimeRef) -> bool { self.diff(other) @@ -311,21 +298,18 @@ impl<'a> PartialEq<&'a Asn1TimeRef> for Asn1Time { } } -#[cfg(ossl102)] impl PartialOrd for Asn1Time { fn partial_cmp(&self, other: &Asn1Time) -> Option { self.compare(other).ok() } } -#[cfg(ossl102)] impl PartialOrd for Asn1Time { fn partial_cmp(&self, other: &Asn1TimeRef) -> Option { self.compare(other).ok() } } -#[cfg(ossl102)] impl<'a> PartialOrd<&'a Asn1TimeRef> for Asn1Time { fn partial_cmp(&self, other: &&'a Asn1TimeRef) -> Option { self.compare(other).ok() @@ -611,7 +595,6 @@ mod tests { } #[test] - #[cfg(ossl102)] fn time_eq() { let a = Asn1Time::from_str("99991231235959Z").unwrap(); let b = Asn1Time::from_str("99991231235959Z").unwrap(); @@ -630,7 +613,6 @@ mod tests { } #[test] - #[cfg(ossl102)] fn time_ord() { let a = Asn1Time::from_str("99991231235959Z").unwrap(); let b = Asn1Time::from_str("99991231235959Z").unwrap(); diff --git a/openssl/src/bio.rs b/openssl/src/bio.rs index 51724e3f..d6997021 100644 --- a/openssl/src/bio.rs +++ b/openssl/src/bio.rs @@ -3,6 +3,7 @@ use libc::c_int; use std::marker::PhantomData; use std::ptr; use std::slice; +use ffi::BIO_new_mem_buf; use cvt_p; use error::ErrorStack; @@ -68,13 +69,5 @@ impl MemBio { } } -cfg_if! { - if #[cfg(ossl102)] { - use ffi::BIO_new_mem_buf; - } else { - #[allow(bad_style)] - unsafe fn BIO_new_mem_buf(buf: *const ::libc::c_void, len: ::libc::c_int) -> *mut ffi::BIO { - ffi::BIO_new_mem_buf(buf as *mut _, len) - } - } -} + + diff --git a/openssl/src/ssl/callbacks.rs b/openssl/src/ssl/callbacks.rs index 0df11cd7..cb008fd2 100644 --- a/openssl/src/ssl/callbacks.rs +++ b/openssl/src/ssl/callbacks.rs @@ -11,7 +11,6 @@ use std::str; use std::sync::Arc; use error::ErrorStack; -#[cfg(any(ossl102, libressl261))] use ssl::AlpnError; use ssl::{ SniError, Ssl, SslAlert, SslContext, SslContextRef, SslRef, SslSession, SslSessionRef, @@ -161,7 +160,6 @@ where } } -#[cfg(any(ossl102, libressl261))] pub extern "C" fn raw_alpn_select( ssl: *mut ffi::SSL, out: *mut *const c_uchar, diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs index 6edc6fd1..d6682c31 100644 --- a/openssl/src/ssl/connector.rs +++ b/openssl/src/ssl/connector.rs @@ -324,228 +324,21 @@ impl DerefMut for SslAcceptorBuilder { } } -cfg_if! { - if #[cfg(ossl110)] { - fn setup_curves(_: &mut SslContextBuilder) -> Result<(), ErrorStack> { - Ok(()) - } - } else if #[cfg(any(ossl102, libressl))] { - fn setup_curves(ctx: &mut SslContextBuilder) -> Result<(), ErrorStack> { - ctx.set_ecdh_auto(true) - } - } else { - fn setup_curves(ctx: &mut SslContextBuilder) -> Result<(), ErrorStack> { - use ec::EcKey; - use nid::Nid; - - let curve = EcKey::from_curve_name(Nid::X9_62_PRIME256V1)?; - ctx.set_tmp_ecdh(&curve) - } - } +fn setup_curves(_: &mut SslContextBuilder) -> Result<(), ErrorStack> { + Ok(()) } -cfg_if! { - if #[cfg(any(ossl102, libressl261))] { - fn setup_verify(ctx: &mut SslContextBuilder) { - ctx.set_verify(SslVerifyMode::PEER); - } +fn setup_verify(ctx: &mut SslContextBuilder) { + ctx.set_verify(SslVerifyMode::PEER); +} - fn setup_verify_hostname(ssl: &mut SslRef, domain: &str) -> Result<(), ErrorStack> { - use x509::verify::X509CheckFlags; +fn setup_verify_hostname(ssl: &mut SslRef, domain: &str) -> Result<(), ErrorStack> { + use x509::verify::X509CheckFlags; - let param = ssl.param_mut(); - param.set_hostflags(X509CheckFlags::NO_PARTIAL_WILDCARDS); - match domain.parse() { - Ok(ip) => param.set_ip(ip), - Err(_) => param.set_host(domain), - } - } - } else { - fn setup_verify(ctx: &mut SslContextBuilder) { - ctx.set_verify_callback(SslVerifyMode::PEER, verify::verify_callback); - } - - fn setup_verify_hostname(ssl: &mut Ssl, domain: &str) -> Result<(), ErrorStack> { - let domain = domain.to_string(); - ssl.set_ex_data(*verify::HOSTNAME_IDX, domain); - Ok(()) - } - - mod verify { - use std::net::IpAddr; - use std::str; - - use ex_data::Index; - use nid::Nid; - use ssl::Ssl; - use stack::Stack; - use x509::{ - GeneralName, X509NameRef, X509Ref, X509StoreContext, X509StoreContextRef, - X509VerifyResult, - }; - - lazy_static! { - pub static ref HOSTNAME_IDX: Index = Ssl::new_ex_index().unwrap(); - } - - pub fn verify_callback(preverify_ok: bool, x509_ctx: &mut X509StoreContextRef) -> bool { - if !preverify_ok || x509_ctx.error_depth() != 0 { - return preverify_ok; - } - - let ok = match ( - x509_ctx.current_cert(), - X509StoreContext::ssl_idx() - .ok() - .and_then(|idx| x509_ctx.ex_data(idx)) - .and_then(|ssl| ssl.ex_data(*HOSTNAME_IDX)), - ) { - (Some(x509), Some(domain)) => verify_hostname(domain, &x509), - _ => true, - }; - - if !ok { - x509_ctx.set_error(X509VerifyResult::APPLICATION_VERIFICATION); - } - - ok - } - - fn verify_hostname(domain: &str, cert: &X509Ref) -> bool { - match cert.subject_alt_names() { - Some(names) => verify_subject_alt_names(domain, names), - None => verify_subject_name(domain, &cert.subject_name()), - } - } - - fn verify_subject_alt_names(domain: &str, names: Stack) -> bool { - let ip = domain.parse(); - - for name in &names { - match ip { - Ok(ip) => { - if let Some(actual) = name.ipaddress() { - if matches_ip(&ip, actual) { - return true; - } - } - } - Err(_) => { - if let Some(pattern) = name.dnsname() { - if matches_dns(pattern, domain) { - return true; - } - } - } - } - } - - false - } - - fn verify_subject_name(domain: &str, subject_name: &X509NameRef) -> bool { - match subject_name.entries_by_nid(Nid::COMMONNAME).next() { - Some(pattern) => { - let pattern = match str::from_utf8(pattern.data().as_slice()) { - Ok(pattern) => pattern, - Err(_) => return false, - }; - - // Unlike SANs, IP addresses in the subject name don't have a - // different encoding. - match domain.parse::() { - Ok(ip) => pattern - .parse::() - .ok() - .map_or(false, |pattern| pattern == ip), - Err(_) => matches_dns(pattern, domain), - } - } - None => false, - } - } - - fn matches_dns(mut pattern: &str, mut hostname: &str) -> bool { - // first strip trailing . off of pattern and hostname to normalize - if pattern.ends_with('.') { - pattern = &pattern[..pattern.len() - 1]; - } - if hostname.ends_with('.') { - hostname = &hostname[..hostname.len() - 1]; - } - - matches_wildcard(pattern, hostname).unwrap_or_else(|| pattern == hostname) - } - - fn matches_wildcard(pattern: &str, hostname: &str) -> Option { - // internationalized domains can't involved in wildcards - if pattern.starts_with("xn--") { - return None; - } - - let wildcard_location = match pattern.find('*') { - Some(l) => l, - None => return None, - }; - - let mut dot_idxs = pattern.match_indices('.').map(|(l, _)| l); - let wildcard_end = match dot_idxs.next() { - Some(l) => l, - None => return None, - }; - - // Never match wildcards if the pattern has less than 2 '.'s (no *.com) - // - // This is a bit dubious, as it doesn't disallow other TLDs like *.co.uk. - // Chrome has a black- and white-list for this, but Firefox (via NSS) does - // the same thing we do here. - // - // The Public Suffix (https://www.publicsuffix.org/) list could - // potentially be used here, but it's both huge and updated frequently - // enough that management would be a PITA. - if dot_idxs.next().is_none() { - return None; - } - - // Wildcards can only be in the first component - if wildcard_location > wildcard_end { - return None; - } - - let hostname_label_end = match hostname.find('.') { - Some(l) => l, - None => return None, - }; - - // check that the non-wildcard parts are identical - if pattern[wildcard_end..] != hostname[hostname_label_end..] { - return Some(false); - } - - let wildcard_prefix = &pattern[..wildcard_location]; - let wildcard_suffix = &pattern[wildcard_location + 1..wildcard_end]; - - let hostname_label = &hostname[..hostname_label_end]; - - // check the prefix of the first label - if !hostname_label.starts_with(wildcard_prefix) { - return Some(false); - } - - // and the suffix - if !hostname_label[wildcard_prefix.len()..].ends_with(wildcard_suffix) { - return Some(false); - } - - Some(true) - } - - fn matches_ip(expected: &IpAddr, actual: &[u8]) -> bool { - match *expected { - IpAddr::V4(ref addr) => actual == addr.octets(), - IpAddr::V6(ref addr) => actual == addr.octets(), - } - } - } + let param = ssl.param_mut(); + param.set_hostflags(X509CheckFlags::NO_PARTIAL_WILDCARDS); + match domain.parse() { + Ok(ip) => param.set_ip(ip), + Err(_) => param.set_host(domain), } } diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index c9f1f2fc..1666e35e 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -91,7 +91,6 @@ use ssl::callbacks::*; use ssl::error::InnerError; use stack::{Stack, StackRef}; use x509::store::{X509Store, X509StoreBuilderRef, X509StoreRef}; -#[cfg(any(ossl102, libressl261))] use x509::verify::X509VerifyParamRef; use x509::{X509Name, X509Ref, X509StoreContextRef, X509VerifyResult, X509}; use {cvt, cvt_n, cvt_p, init}; @@ -178,13 +177,11 @@ bitflags! { /// Disables the use of DTLSv1.0 /// /// Requires OpenSSL 1.0.2 or newer. - #[cfg(any(ossl102, ossl110))] const NO_DTLSV1 = ffi::SSL_OP_NO_DTLSv1; /// Disables the use of DTLSv1.2. /// /// Requires OpenSSL 1.0.2, or newer. - #[cfg(any(ossl102, ossl110))] const NO_DTLSV1_2 = ffi::SSL_OP_NO_DTLSv1_2; /// Disallow all renegotiation in TLSv1.2 and earlier. @@ -472,11 +469,9 @@ impl SslAlert { /// An error returned from an ALPN selection callback. /// /// Requires OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer. -#[cfg(any(ossl102, libressl261))] #[derive(Debug, Copy, Clone, PartialEq, Eq)] pub struct AlpnError(c_int); -#[cfg(any(ossl102, libressl261))] impl AlpnError { /// Terminate the handshake with a fatal alert. /// @@ -655,7 +650,6 @@ impl SslContextBuilder { /// This corresponds to [`SSL_CTX_set0_verify_cert_store`]. /// /// [`SSL_CTX_set0_verify_cert_store`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set0_verify_cert_store.html - #[cfg(any(ossl102, ossl110))] pub fn set_verify_cert_store(&mut self, cert_store: X509Store) -> Result<(), ErrorStack> { unsafe { let ptr = cert_store.as_ptr(); @@ -932,18 +926,6 @@ impl SslContextBuilder { } } - /// Enables ECDHE key exchange with an automatically chosen curve list. - /// - /// Requires OpenSSL 1.0.2. - /// - /// This corresponds to [`SSL_CTX_set_ecdh_auto`]. - /// - /// [`SSL_CTX_set_ecdh_auto`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_ecdh_auto.html - #[cfg(any(libressl, all(ossl102, not(ossl110))))] - pub fn set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> { - unsafe { cvt(ffi::SSL_CTX_set_ecdh_auto(self.as_ptr(), onoff as c_int)).map(|_| ()) } - } - /// Sets the options used by the context, returning the old set. /// /// This corresponds to [`SSL_CTX_set_options`]. @@ -1075,7 +1057,6 @@ impl SslContextBuilder { /// Requires OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer. /// /// [`SSL_CTX_set_alpn_protos`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_alpn_protos.html - #[cfg(any(ossl102, libressl261))] pub fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack> { unsafe { assert!(protocols.len() <= c_uint::max_value() as usize); @@ -1127,7 +1108,6 @@ impl SslContextBuilder { /// [`SslContextBuilder::set_alpn_protos`]: struct.SslContextBuilder.html#method.set_alpn_protos /// [`select_next_proto`]: fn.select_next_proto.html /// [`SSL_CTX_set_alpn_select_cb`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_alpn_protos.html - #[cfg(any(ossl102, libressl261))] pub fn set_alpn_select_callback(&mut self, callback: F) where F: for<'a> Fn(&mut SslRef, &'a [u8]) -> Result<&'a [u8], AlpnError> + 'static + Sync + Send, @@ -1399,7 +1379,6 @@ impl SslContextBuilder { /// Requires OpenSSL 1.0.2 or newer. /// /// [`SSL_CTX_set1_sigalgs_list`]: https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_set1_sigalgs_list.html - #[cfg(ossl102)] pub fn set_sigalgs_list(&mut self, sigalgs: &str) -> Result<(), ErrorStack> { let sigalgs = CString::new(sigalgs).unwrap(); unsafe { @@ -1495,7 +1474,6 @@ impl SslContextRef { /// This corresponds to [`SSL_CTX_get0_certificate`]. /// /// [`SSL_CTX_get0_certificate`]: https://www.openssl.org/docs/man1.1.0/ssl/ssl.html - #[cfg(any(ossl102, ossl110))] pub fn certificate(&self) -> Option<&X509Ref> { unsafe { let ptr = ffi::SSL_CTX_get0_certificate(self.as_ptr()); @@ -1514,7 +1492,6 @@ impl SslContextRef { /// This corresponds to [`SSL_CTX_get0_privatekey`]. /// /// [`SSL_CTX_get0_privatekey`]: https://www.openssl.org/docs/man1.1.0/ssl/ssl.html - #[cfg(any(ossl102, ossl110))] pub fn private_key(&self) -> Option<&PKeyRef> { unsafe { let ptr = ffi::SSL_CTX_get0_privatekey(self.as_ptr()); @@ -2085,19 +2062,6 @@ impl SslRef { unsafe { cvt(ffi::SSL_set_tmp_ecdh(self.as_ptr(), key.as_ptr()) as c_int).map(|_| ()) } } - /// Like [`SslContextBuilder::set_ecdh_auto`]. - /// - /// Requires OpenSSL 1.0.2. - /// - /// This corresponds to [`SSL_set_ecdh_auto`]. - /// - /// [`SslContextBuilder::set_tmp_ecdh`]: struct.SslContextBuilder.html#method.set_tmp_ecdh - /// [`SSL_set_ecdh_auto`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_set_ecdh_auto.html - #[cfg(all(ossl102, not(ossl110)))] - pub fn set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> { - unsafe { cvt(ffi::SSL_set_ecdh_auto(self.as_ptr(), onoff as c_int)).map(|_| ()) } - } - /// Like [`SslContextBuilder::set_alpn_protos`]. /// /// Requires OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer. @@ -2106,7 +2070,6 @@ impl SslRef { /// /// [`SslContextBuilder::set_alpn_protos`]: struct.SslContextBuilder.html#method.set_alpn_protos /// [`SSL_set_alpn_protos`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_alpn_protos.html - #[cfg(any(ossl102, libressl261))] pub fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack> { unsafe { assert!(protocols.len() <= c_uint::max_value() as usize); @@ -2296,7 +2259,6 @@ impl SslRef { /// This corresponds to [`SSL_get0_alpn_selected`]. /// /// [`SSL_get0_alpn_selected`]: https://www.openssl.org/docs/manmaster/man3/SSL_get0_next_proto_negotiated.html - #[cfg(any(ossl102, libressl261))] pub fn selected_alpn_protocol(&self) -> Option<&[u8]> { unsafe { let mut data: *const c_uchar = ptr::null(); @@ -2452,7 +2414,6 @@ impl SslRef { /// This corresponds to [`SSL_get0_param`]. /// /// [`SSL_get0_param`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_get0_param.html - #[cfg(any(ossl102, libressl261))] pub fn param_mut(&mut self) -> &mut X509VerifyParamRef { unsafe { X509VerifyParamRef::from_ptr_mut(ffi::SSL_get0_param(self.as_ptr())) } } diff --git a/openssl/src/ssl/test/mod.rs b/openssl/src/ssl/test/mod.rs index 7f8c2965..fbf12b1c 100644 --- a/openssl/src/ssl/test/mod.rs +++ b/openssl/src/ssl/test/mod.rs @@ -29,9 +29,7 @@ use ssl::{ SslAcceptorBuilder, SslConnector, SslContext, SslContextBuilder, SslFiletype, SslMethod, SslOptions, SslSessionCacheMode, SslStream, SslStreamBuilder, SslVerifyMode, StatusType, }; -#[cfg(ossl102)] use x509::store::X509StoreBuilder; -#[cfg(ossl102)] use x509::verify::X509CheckFlags; use x509::{X509Name, X509StoreContext, X509VerifyResult, X509}; @@ -64,7 +62,6 @@ fn verify_trusted() { } #[test] -#[cfg(ossl102)] fn verify_trusted_with_set_cert() { let server = Server::builder().build(); @@ -432,7 +429,6 @@ fn test_connect_with_srtp_ssl() { /// Tests that when the `SslStream` is created as a server stream, the protocols /// are correctly advertised to the client. #[test] -#[cfg(any(ossl102, libressl261))] fn test_alpn_server_advertise_multiple() { let mut server = Server::builder(); server.ctx().set_alpn_select_callback(|_, client| { @@ -464,7 +460,6 @@ fn test_alpn_server_select_none_fatal() { } #[test] -#[cfg(any(ossl102, libressl261))] fn test_alpn_server_select_none() { let mut server = Server::builder(); server.ctx().set_alpn_select_callback(|_, client| { @@ -479,7 +474,6 @@ fn test_alpn_server_select_none() { } #[test] -#[cfg(any(ossl102, libressl261))] fn test_alpn_server_unilateral() { let server = Server::builder().build(); @@ -629,7 +623,6 @@ fn add_extra_chain_cert() { } #[test] -#[cfg(ossl102)] fn verify_valid_hostname() { let server = Server::builder().build(); @@ -647,7 +640,6 @@ fn verify_valid_hostname() { } #[test] -#[cfg(ossl102)] fn verify_invalid_hostname() { let mut server = Server::builder(); server.should_error(); diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 9cc7352c..9d256d10 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -33,9 +33,7 @@ use stack::{Stack, StackRef, Stackable}; use string::OpensslString; use {cvt, cvt_n, cvt_p}; -#[cfg(any(ossl102, libressl261))] pub mod verify; - pub mod extension; pub mod store; diff --git a/systest/build.rs b/systest/build.rs index e63abe57..fadddc21 100644 --- a/systest/build.rs +++ b/systest/build.rs @@ -25,9 +25,6 @@ fn main() { let mut cfgs = vec![]; - cfgs.push("ossl102"); - cfgs.push("ossl102f"); - cfgs.push("ossl102h"); cfgs.push("ossl110"); for c in cfgs {