min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove ossl102 gate

This commit is contained in:
Ivan Nikulin 2020-11-11 13:34:48 +00:00
parent 61b600331b
commit 7d9a77e916
18 changed files with 53 additions and 454 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
openssl-sys/build.rs
View File

@ -187,9 +187,6 @@ fn main() {
let mut cfgs = vec![]; let mut cfgs = vec![];
cfgs.push("ossl102");
cfgs.push("ossl102f");
cfgs.push("ossl102h");
cfgs.push("ossl110"); cfgs.push("ossl110");
for cfg in cfgs { for cfg in cfgs {

1
openssl-sys/src/asn1.rs
View File

@ -37,7 +37,6 @@ extern "C" {
pub fn ASN1_GENERALIZEDTIME_free(tm: *mut ASN1_GENERALIZEDTIME); pub fn ASN1_GENERALIZEDTIME_free(tm: *mut ASN1_GENERALIZEDTIME);
pub fn ASN1_GENERALIZEDTIME_print(b: *mut BIO, tm: *const ASN1_GENERALIZEDTIME) -> c_int; pub fn ASN1_GENERALIZEDTIME_print(b: *mut BIO, tm: *const ASN1_GENERALIZEDTIME) -> c_int;
pub fn ASN1_TIME_new() -> *mut ASN1_TIME; pub fn ASN1_TIME_new() -> *mut ASN1_TIME;
#[cfg(ossl102)]
pub fn ASN1_TIME_diff( pub fn ASN1_TIME_diff(
pday: *mut c_int, pday: *mut c_int,
psec: *mut c_int, psec: *mut c_int,

13
openssl-sys/src/bio.rs
View File

@ -99,16 +99,9 @@ cfg_if! {
} }
} }
} }
cfg_if! {
if #[cfg(any(ossl102, libressl280))] { extern "C" {
extern "C" { pub fn BIO_new_mem_buf(buf: *const c_void, len: c_int) -> *mut BIO;
pub fn BIO_new_mem_buf(buf: *const c_void, len: c_int) -> *mut BIO;
}
} else {
extern "C" {
pub fn BIO_new_mem_buf(buf: *mut c_void, len: c_int) -> *mut BIO;
}
}
} }
extern "C" { extern "C" {

24
openssl-sys/src/evp.rs
View File

@ -168,24 +168,12 @@ extern "C" {
) -> c_int; ) -> c_int;
} }
cfg_if! { extern "C" {
if #[cfg(any(ossl102, libressl280))] { pub fn EVP_DigestVerifyFinal(
extern "C" { ctx: *mut EVP_MD_CTX,
pub fn EVP_DigestVerifyFinal( sigret: *const c_uchar,
ctx: *mut EVP_MD_CTX, siglen: size_t,
sigret: *const c_uchar, ) -> c_int;
siglen: size_t,
) -> c_int;
}
} else {
extern "C" {
pub fn EVP_DigestVerifyFinal(
ctx: *mut EVP_MD_CTX,
sigret: *mut c_uchar,
siglen: size_t,
) -> c_int;
}
}
} }
extern "C" { extern "C" {

45
openssl-sys/src/ossl_typ.rs
View File

@ -327,26 +327,7 @@ cfg_if! {
} }
pub enum X509_STORE_CTX {} pub enum X509_STORE_CTX {}
pub enum X509_VERIFY_PARAM {}
cfg_if! {
if #[cfg(any(ossl110, libressl280))] {
pub enum X509_VERIFY_PARAM {}
} else {
#[repr(C)]
pub struct X509_VERIFY_PARAM {
pub name: *mut c_char,
pub check_time: time_t,
pub inh_flags: c_ulong,
pub flags: c_ulong,
pub purpose: c_int,
pub trust: c_int,
pub depth: c_int,
pub policies: *mut stack_st_ASN1_OBJECT,
#[cfg(ossl102)]
pub id: *mut X509_VERIFY_PARAM_ID,
}
}
}
#[repr(C)] #[repr(C)]
pub struct X509V3_CTX { pub struct X509V3_CTX {
@ -522,9 +503,9 @@ cfg_if! {
renegotiate: c_int, renegotiate: c_int,
#[cfg(not(osslconf = "OPENSSL_NO_SRP"))] #[cfg(not(osslconf = "OPENSSL_NO_SRP"))]
srp_ctx: ::SRP_CTX, srp_ctx: ::SRP_CTX,
#[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT")))]
alpn_client_proto_list: *mut c_uchar, alpn_client_proto_list: *mut c_uchar,
#[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT")))]
alpn_client_proto_list_len: c_uint, alpn_client_proto_list_len: c_uint,
} }
} }
@ -645,37 +626,33 @@ cfg_if! {
#[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT")))] #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT")))]
srtp_profiles: *mut c_void, srtp_profiles: *mut c_void,
#[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT")))]
alpn_select_cb: *mut c_void, alpn_select_cb: *mut c_void,
#[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT")))]
alpn_select_cb_arg: *mut c_void, alpn_select_cb_arg: *mut c_void,
#[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT")))]
alpn_client_proto_list: *mut c_void, alpn_client_proto_list: *mut c_void,
#[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT")))]
alpn_client_proto_list_len: c_uint, alpn_client_proto_list_len: c_uint,
#[cfg(all( #[cfg(all(
not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_TLSEXT"),
not(osslconf = "OPENSSL_NO_EC"), not(osslconf = "OPENSSL_NO_EC")
ossl102
))] ))]
tlsext_ecpointformatlist_length: size_t, tlsext_ecpointformatlist_length: size_t,
#[cfg(all( #[cfg(all(
not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_TLSEXT"),
not(osslconf = "OPENSSL_NO_EC"), not(osslconf = "OPENSSL_NO_EC")
ossl102
))] ))]
tlsext_ecpointformatlist: *mut c_uchar, tlsext_ecpointformatlist: *mut c_uchar,
#[cfg(all( #[cfg(all(
not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_TLSEXT"),
not(osslconf = "OPENSSL_NO_EC"), not(osslconf = "OPENSSL_NO_EC")
ossl102
))] ))]
tlsext_ellipticcurvelist_length: size_t, tlsext_ellipticcurvelist_length: size_t,
#[cfg(all( #[cfg(all(
not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_TLSEXT"),
not(osslconf = "OPENSSL_NO_EC"), not(osslconf = "OPENSSL_NO_EC")
ossl102
))] ))]
tlsext_ellipticcurvelist: *mut c_uchar, tlsext_ellipticcurvelist: *mut c_uchar,
} }

24
openssl-sys/src/ssl.rs
View File

@ -126,9 +126,7 @@ pub const SSL_OP_NO_TLSv1_1: c_uint = 0x10000000;
pub const SSL_OP_NO_TLSv1_2: c_uint = 0x08000000; pub const SSL_OP_NO_TLSv1_2: c_uint = 0x08000000;
pub const SSL_OP_NO_TLSv1: c_uint = 0x04000000; pub const SSL_OP_NO_TLSv1: c_uint = 0x04000000;
#[cfg(ossl102)]
pub const SSL_OP_NO_DTLSv1: c_uint = 0x04000000; pub const SSL_OP_NO_DTLSv1: c_uint = 0x04000000;
#[cfg(ossl102)]
pub const SSL_OP_NO_DTLSv1_2: c_uint = 0x08000000; pub const SSL_OP_NO_DTLSv1_2: c_uint = 0x08000000;
pub const SSL_OP_NO_TLSv1_3: c_uint = 0x20000000; pub const SSL_OP_NO_TLSv1_3: c_uint = 0x20000000;
@ -258,12 +256,8 @@ pub const OPENSSL_NPN_NEGOTIATED: c_int = 1;
pub const OPENSSL_NPN_NO_OVERLAP: c_int = 2; pub const OPENSSL_NPN_NO_OVERLAP: c_int = 2;
extern "C" { extern "C" {
#[cfg(any(ossl102, libressl261))]
pub fn SSL_CTX_set_alpn_protos(s: *mut SSL_CTX, data: *const c_uchar, len: c_uint) -> c_int; pub fn SSL_CTX_set_alpn_protos(s: *mut SSL_CTX, data: *const c_uchar, len: c_uint) -> c_int;
#[cfg(any(ossl102, libressl261))]
pub fn SSL_set_alpn_protos(s: *mut SSL, data: *const c_uchar, len: c_uint) -> c_int; pub fn SSL_set_alpn_protos(s: *mut SSL, data: *const c_uchar, len: c_uint) -> c_int;
// FIXME should take an Option<unsafe extern "C" fn>
#[cfg(any(ossl102, libressl261))]
pub fn SSL_CTX_set_alpn_select_cb( pub fn SSL_CTX_set_alpn_select_cb(
ssl: *mut SSL_CTX, ssl: *mut SSL_CTX,
cb: extern "C" fn( cb: extern "C" fn(
@ -276,7 +270,6 @@ extern "C" {
) -> c_int, ) -> c_int,
arg: *mut c_void, arg: *mut c_void,
); );
#[cfg(any(ossl102, libressl261))]
pub fn SSL_get0_alpn_selected(s: *const SSL, data: *mut *const c_uchar, len: *mut c_uint); pub fn SSL_get0_alpn_selected(s: *const SSL, data: *mut *const c_uchar, len: *mut c_uint);
} }
@ -454,7 +447,6 @@ extern "C" {
pub fn SSL_new(ctx: *mut SSL_CTX) -> *mut SSL; pub fn SSL_new(ctx: *mut SSL_CTX) -> *mut SSL;
#[cfg(any(ossl102, libressl261))]
pub fn SSL_get0_param(ssl: *mut SSL) -> *mut X509_VERIFY_PARAM; pub fn SSL_get0_param(ssl: *mut SSL) -> *mut X509_VERIFY_PARAM;
} }
@ -499,7 +491,6 @@ cfg_if! {
pub fn DTLSv1_method() -> *const SSL_METHOD; pub fn DTLSv1_method() -> *const SSL_METHOD;
#[cfg(ossl102)]
pub fn DTLSv1_2_method() -> *const SSL_METHOD; pub fn DTLSv1_2_method() -> *const SSL_METHOD;
} }
} }
@ -540,22 +531,13 @@ extern "C" {
pub fn SSL_get_certificate(ssl: *const SSL) -> *mut X509; pub fn SSL_get_certificate(ssl: *const SSL) -> *mut X509;
} }
cfg_if! {
if #[cfg(any(ossl102, libressl280))] { extern "C" {
extern "C" { pub fn SSL_get_privatekey(ssl: *const SSL) -> *mut EVP_PKEY;
pub fn SSL_get_privatekey(ssl: *const SSL) -> *mut EVP_PKEY;
}
} else {
extern "C" {
pub fn SSL_get_privatekey(ssl: *mut SSL) -> *mut EVP_PKEY;
}
}
} }
extern "C" { extern "C" {
#[cfg(ossl102)]
pub fn SSL_CTX_get0_certificate(ctx: *const SSL_CTX) -> *mut X509; pub fn SSL_CTX_get0_certificate(ctx: *const SSL_CTX) -> *mut X509;
#[cfg(ossl102)]
pub fn SSL_CTX_get0_privatekey(ctx: *const SSL_CTX) -> *mut EVP_PKEY; pub fn SSL_CTX_get0_privatekey(ctx: *const SSL_CTX) -> *mut EVP_PKEY;
pub fn SSL_set_shutdown(ss: *mut SSL, mode: c_int); pub fn SSL_set_shutdown(ss: *mut SSL, mode: c_int);

55
openssl-sys/src/x509.rs
View File

@ -211,26 +211,13 @@ extern "C" {
pub fn i2d_ECPrivateKey(ec_key: *const EC_KEY, pp: *mut *mut c_uchar) -> c_int; pub fn i2d_ECPrivateKey(ec_key: *const EC_KEY, pp: *mut *mut c_uchar) -> c_int;
} }
cfg_if! { extern "C" {
if #[cfg(ossl110)] { pub fn X509_ALGOR_get0(
extern "C" { paobj: *mut *const ASN1_OBJECT,
pub fn X509_ALGOR_get0( pptype: *mut c_int,
paobj: *mut *const ASN1_OBJECT, ppval: *mut *const c_void,
pptype: *mut c_int, alg: *const X509_ALGOR,
ppval: *mut *const c_void, );
alg: *const X509_ALGOR,
);
}
} else if #[cfg(ossl102)] {
extern "C" {
pub fn X509_ALGOR_get0(
paobj: *mut *mut ASN1_OBJECT,
pptype: *mut c_int,
ppval: *mut *mut c_void,
alg: *mut X509_ALGOR,
);
}
}
} }
extern "C" { extern "C" {
@ -269,27 +256,15 @@ extern "C" {
pub fn i2d_X509_REQ(x: *mut X509_REQ, buf: *mut *mut u8) -> c_int; pub fn i2d_X509_REQ(x: *mut X509_REQ, buf: *mut *mut u8) -> c_int;
} }
cfg_if! {
if #[cfg(any(ossl110, libressl273))] {
extern "C" {
pub fn X509_get0_signature(
psig: *mut *const ASN1_BIT_STRING,
palg: *mut *const X509_ALGOR,
x: *const X509,
);
}
} else if #[cfg(ossl102)] {
extern "C" {
pub fn X509_get0_signature(
psig: *mut *mut ASN1_BIT_STRING,
palg: *mut *mut X509_ALGOR,
x: *const X509,
);
}
}
}
extern "C" { extern "C" {
#[cfg(ossl102)] pub fn X509_get0_signature(
psig: *mut *const ASN1_BIT_STRING,
palg: *mut *const X509_ALGOR,
x: *const X509,
);
}
extern "C" {
pub fn X509_get_signature_nid(x: *const X509) -> c_int; pub fn X509_get_signature_nid(x: *const X509) -> c_int;
pub fn X509_EXTENSION_free(ext: *mut X509_EXTENSION); pub fn X509_EXTENSION_free(ext: *mut X509_EXTENSION);

15
openssl-sys/src/x509_vfy.rs
View File

@ -2,11 +2,9 @@ use libc::*;
use *; use *;
#[cfg(any(libressl, all(ossl102, not(ossl110))))]
pub enum X509_VERIFY_PARAM_ID {} pub enum X509_VERIFY_PARAM_ID {}
pub const X509_V_OK: c_int = 0; pub const X509_V_OK: c_int = 0;
#[cfg(ossl102f)]
pub const X509_V_ERR_UNSPECIFIED: c_int = 1; pub const X509_V_ERR_UNSPECIFIED: c_int = 1;
pub const X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: c_int = 2; pub const X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: c_int = 2;
pub const X509_V_ERR_UNABLE_TO_GET_CRL: c_int = 3; pub const X509_V_ERR_UNABLE_TO_GET_CRL: c_int = 3;
@ -61,23 +59,14 @@ pub const X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: c_int = 51;
pub const X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: c_int = 52; pub const X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: c_int = 52;
pub const X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: c_int = 53; pub const X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: c_int = 53;
pub const X509_V_ERR_CRL_PATH_VALIDATION_ERROR: c_int = 54; pub const X509_V_ERR_CRL_PATH_VALIDATION_ERROR: c_int = 54;
#[cfg(ossl102)]
pub const X509_V_ERR_SUITE_B_INVALID_VERSION: c_int = 56; pub const X509_V_ERR_SUITE_B_INVALID_VERSION: c_int = 56;
#[cfg(ossl102)]
pub const X509_V_ERR_SUITE_B_INVALID_ALGORITHM: c_int = 57; pub const X509_V_ERR_SUITE_B_INVALID_ALGORITHM: c_int = 57;
#[cfg(ossl102)]
pub const X509_V_ERR_SUITE_B_INVALID_CURVE: c_int = 58; pub const X509_V_ERR_SUITE_B_INVALID_CURVE: c_int = 58;
#[cfg(ossl102)]
pub const X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM: c_int = 59; pub const X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM: c_int = 59;
#[cfg(ossl102)]
pub const X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED: c_int = 60; pub const X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED: c_int = 60;
#[cfg(ossl102)]
pub const X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256: c_int = 61; pub const X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256: c_int = 61;
#[cfg(ossl102)]
pub const X509_V_ERR_HOSTNAME_MISMATCH: c_int = 62; pub const X509_V_ERR_HOSTNAME_MISMATCH: c_int = 62;
#[cfg(ossl102)]
pub const X509_V_ERR_EMAIL_MISMATCH: c_int = 63; pub const X509_V_ERR_EMAIL_MISMATCH: c_int = 63;
#[cfg(ossl102)]
pub const X509_V_ERR_IP_ADDRESS_MISMATCH: c_int = 64; pub const X509_V_ERR_IP_ADDRESS_MISMATCH: c_int = 64;
pub const X509_V_ERR_INVALID_CALL: c_int = 65; pub const X509_V_ERR_INVALID_CALL: c_int = 65;
@ -122,18 +111,14 @@ cfg_if! {
} }
extern "C" { extern "C" {
#[cfg(any(ossl102, libressl261))]
pub fn X509_VERIFY_PARAM_free(param: *mut X509_VERIFY_PARAM); pub fn X509_VERIFY_PARAM_free(param: *mut X509_VERIFY_PARAM);
#[cfg(any(ossl102, libressl261))]
pub fn X509_VERIFY_PARAM_set1_host( pub fn X509_VERIFY_PARAM_set1_host(
param: *mut X509_VERIFY_PARAM, param: *mut X509_VERIFY_PARAM,
name: *const c_char, name: *const c_char,
namelen: size_t, namelen: size_t,
) -> c_int; ) -> c_int;
#[cfg(any(ossl102, libressl261))]
pub fn X509_VERIFY_PARAM_set_hostflags(param: *mut X509_VERIFY_PARAM, flags: c_uint); pub fn X509_VERIFY_PARAM_set_hostflags(param: *mut X509_VERIFY_PARAM, flags: c_uint);
#[cfg(any(ossl102, libressl261))]
pub fn X509_VERIFY_PARAM_set1_ip( pub fn X509_VERIFY_PARAM_set1_ip(
param: *mut X509_VERIFY_PARAM, param: *mut X509_VERIFY_PARAM,
ip: *const c_uchar, ip: *const c_uchar,

8
openssl-sys/src/x509v3.rs
View File

@ -36,17 +36,11 @@ extern "C" {
pub fn AUTHORITY_KEYID_free(akid: *mut AUTHORITY_KEYID); pub fn AUTHORITY_KEYID_free(akid: *mut AUTHORITY_KEYID);
} }
#[cfg(any(ossl102, libressl261))]
pub const X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT: c_uint = 0x1; pub const X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT: c_uint = 0x1;
#[cfg(any(ossl102, libressl261))]
pub const X509_CHECK_FLAG_NO_WILDCARDS: c_uint = 0x2; pub const X509_CHECK_FLAG_NO_WILDCARDS: c_uint = 0x2;
#[cfg(any(ossl102, libressl261))]
pub const X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS: c_uint = 0x4; pub const X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS: c_uint = 0x4;
#[cfg(any(ossl102, libressl261))]
pub const X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS: c_uint = 0x8; pub const X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS: c_uint = 0x8;
#[cfg(any(ossl102, libressl261))]
pub const X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS: c_uint = 0x10; pub const X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS: c_uint = 0x10;
#[cfg(ossl110)]
pub const X509_CHECK_FLAG_NEVER_CHECK_SUBJECT: c_uint = 0x20; pub const X509_CHECK_FLAG_NEVER_CHECK_SUBJECT: c_uint = 0x20;
cfg_if! { cfg_if! {
@ -148,8 +142,6 @@ pub const EXFLAG_CRITICAL: u32 = 0x200;
pub const EXFLAG_PROXY: u32 = 0x400; pub const EXFLAG_PROXY: u32 = 0x400;
pub const EXFLAG_INVALID_POLICY: u32 = 0x800; pub const EXFLAG_INVALID_POLICY: u32 = 0x800;
pub const EXFLAG_FRESHEST: u32 = 0x1000; pub const EXFLAG_FRESHEST: u32 = 0x1000;
// before ossl102 / libressl260 EXFLAG_SS was 0x20 (the same as EXFLAG_SI); probably not useful semantic
#[cfg(any(ossl102, libressl261))]
pub const EXFLAG_SS: u32 = 0x2000; pub const EXFLAG_SS: u32 = 0x2000;
/* /*
cfg_if! { cfg_if! {

3
openssl/build.rs
View File

@ -1,9 +1,6 @@
fn main() { fn main() {
let mut cfgs = vec![]; let mut cfgs = vec![];
cfgs.push("ossl102");
cfgs.push("ossl102f");
cfgs.push("ossl102h");
cfgs.push("ossl110"); cfgs.push("ossl110");
for cfg in cfgs { for cfg in cfgs {

18
openssl/src/asn1.rs
View File

@ -27,7 +27,6 @@
use ffi; use ffi;
use foreign_types::{ForeignType, ForeignTypeRef}; use foreign_types::{ForeignType, ForeignTypeRef};
use libc::{c_char, c_int, c_long, time_t}; use libc::{c_char, c_int, c_long, time_t};
#[cfg(ossl102)]
use std::cmp::Ordering; use std::cmp::Ordering;
use std::ffi::CString; use std::ffi::CString;
use std::fmt; use std::fmt;
@ -91,7 +90,6 @@ impl fmt::Display for Asn1GeneralizedTimeRef {
/// [`diff`]: struct.Asn1TimeRef.html#method.diff /// [`diff`]: struct.Asn1TimeRef.html#method.diff
/// [`Asn1TimeRef`]: struct.Asn1TimeRef.html /// [`Asn1TimeRef`]: struct.Asn1TimeRef.html
#[derive(Debug, Clone, PartialEq, Eq, Hash)] #[derive(Debug, Clone, PartialEq, Eq, Hash)]
#[cfg(ossl102)]
pub struct TimeDiff { pub struct TimeDiff {
/// Difference in days /// Difference in days
pub days: c_int, pub days: c_int,
@ -127,7 +125,6 @@ impl Asn1TimeRef {
/// This corresponds to [`ASN1_TIME_diff`]. /// This corresponds to [`ASN1_TIME_diff`].
/// ///
/// [`ASN1_TIME_diff`]: https://www.openssl.org/docs/man1.1.0/crypto/ASN1_TIME_diff.html /// [`ASN1_TIME_diff`]: https://www.openssl.org/docs/man1.1.0/crypto/ASN1_TIME_diff.html
#[cfg(ossl102)]
pub fn diff(&self, compare: &Self) -> Result<TimeDiff, ErrorStack> { pub fn diff(&self, compare: &Self) -> Result<TimeDiff, ErrorStack> {
let mut days = 0; let mut days = 0;
let mut secs = 0; let mut secs = 0;
@ -148,7 +145,6 @@ impl Asn1TimeRef {
/// ///
/// [`ASN1_TIME_compare`]: https://www.openssl.org/docs/man1.1.1/man3/ASN1_TIME_compare.html /// [`ASN1_TIME_compare`]: https://www.openssl.org/docs/man1.1.1/man3/ASN1_TIME_compare.html
/// [`diff`]: struct.Asn1TimeRef.html#method.diff /// [`diff`]: struct.Asn1TimeRef.html#method.diff
#[cfg(ossl102)]
pub fn compare(&self, other: &Self) -> Result<Ordering, ErrorStack> { pub fn compare(&self, other: &Self) -> Result<Ordering, ErrorStack> {
let d = self.diff(other)?; let d = self.diff(other)?;
if d.days > 0 || d.secs > 0 { if d.days > 0 || d.secs > 0 {
@ -162,7 +158,6 @@ impl Asn1TimeRef {
} }
} }
#[cfg(ossl102)]
impl PartialEq for Asn1TimeRef { impl PartialEq for Asn1TimeRef {
fn eq(&self, other: &Asn1TimeRef) -> bool { fn eq(&self, other: &Asn1TimeRef) -> bool {
self.diff(other) self.diff(other)
@ -171,7 +166,6 @@ impl PartialEq for Asn1TimeRef {
} }
} }
#[cfg(ossl102)]
impl PartialEq<Asn1Time> for Asn1TimeRef { impl PartialEq<Asn1Time> for Asn1TimeRef {
fn eq(&self, other: &Asn1Time) -> bool { fn eq(&self, other: &Asn1Time) -> bool {
self.diff(other) self.diff(other)
@ -180,7 +174,6 @@ impl PartialEq<Asn1Time> for Asn1TimeRef {
} }
} }
#[cfg(ossl102)]
impl<'a> PartialEq<Asn1Time> for &'a Asn1TimeRef { impl<'a> PartialEq<Asn1Time> for &'a Asn1TimeRef {
fn eq(&self, other: &Asn1Time) -> bool { fn eq(&self, other: &Asn1Time) -> bool {
self.diff(other) self.diff(other)
@ -189,21 +182,18 @@ impl<'a> PartialEq<Asn1Time> for &'a Asn1TimeRef {
} }
} }
#[cfg(ossl102)]
impl PartialOrd for Asn1TimeRef { impl PartialOrd for Asn1TimeRef {
fn partial_cmp(&self, other: &Asn1TimeRef) -> Option<Ordering> { fn partial_cmp(&self, other: &Asn1TimeRef) -> Option<Ordering> {
self.compare(other).ok() self.compare(other).ok()
} }
} }
#[cfg(ossl102)]
impl PartialOrd<Asn1Time> for Asn1TimeRef { impl PartialOrd<Asn1Time> for Asn1TimeRef {
fn partial_cmp(&self, other: &Asn1Time) -> Option<Ordering> { fn partial_cmp(&self, other: &Asn1Time) -> Option<Ordering> {
self.compare(other).ok() self.compare(other).ok()
} }
} }
#[cfg(ossl102)]
impl<'a> PartialOrd<Asn1Time> for &'a Asn1TimeRef { impl<'a> PartialOrd<Asn1Time> for &'a Asn1TimeRef {
fn partial_cmp(&self, other: &Asn1Time) -> Option<Ordering> { fn partial_cmp(&self, other: &Asn1Time) -> Option<Ordering> {
self.compare(other).ok() self.compare(other).ok()
@ -284,7 +274,6 @@ impl Asn1Time {
} }
} }
#[cfg(ossl102)]
impl PartialEq for Asn1Time { impl PartialEq for Asn1Time {
fn eq(&self, other: &Asn1Time) -> bool { fn eq(&self, other: &Asn1Time) -> bool {
self.diff(other) self.diff(other)
@ -293,7 +282,6 @@ impl PartialEq for Asn1Time {
} }
} }
#[cfg(ossl102)]
impl PartialEq<Asn1TimeRef> for Asn1Time { impl PartialEq<Asn1TimeRef> for Asn1Time {
fn eq(&self, other: &Asn1TimeRef) -> bool { fn eq(&self, other: &Asn1TimeRef) -> bool {
self.diff(other) self.diff(other)
@ -302,7 +290,6 @@ impl PartialEq<Asn1TimeRef> for Asn1Time {
} }
} }
#[cfg(ossl102)]
impl<'a> PartialEq<&'a Asn1TimeRef> for Asn1Time { impl<'a> PartialEq<&'a Asn1TimeRef> for Asn1Time {
fn eq(&self, other: &&'a Asn1TimeRef) -> bool { fn eq(&self, other: &&'a Asn1TimeRef) -> bool {
self.diff(other) self.diff(other)
@ -311,21 +298,18 @@ impl<'a> PartialEq<&'a Asn1TimeRef> for Asn1Time {
} }
} }
#[cfg(ossl102)]
impl PartialOrd for Asn1Time { impl PartialOrd for Asn1Time {
fn partial_cmp(&self, other: &Asn1Time) -> Option<Ordering> { fn partial_cmp(&self, other: &Asn1Time) -> Option<Ordering> {
self.compare(other).ok() self.compare(other).ok()
} }
} }
#[cfg(ossl102)]
impl PartialOrd<Asn1TimeRef> for Asn1Time { impl PartialOrd<Asn1TimeRef> for Asn1Time {
fn partial_cmp(&self, other: &Asn1TimeRef) -> Option<Ordering> { fn partial_cmp(&self, other: &Asn1TimeRef) -> Option<Ordering> {
self.compare(other).ok() self.compare(other).ok()
} }
} }
#[cfg(ossl102)]
impl<'a> PartialOrd<&'a Asn1TimeRef> for Asn1Time { impl<'a> PartialOrd<&'a Asn1TimeRef> for Asn1Time {
fn partial_cmp(&self, other: &&'a Asn1TimeRef) -> Option<Ordering> { fn partial_cmp(&self, other: &&'a Asn1TimeRef) -> Option<Ordering> {
self.compare(other).ok() self.compare(other).ok()
@ -611,7 +595,6 @@ mod tests {
} }
#[test] #[test]
#[cfg(ossl102)]
fn time_eq() { fn time_eq() {
let a = Asn1Time::from_str("99991231235959Z").unwrap(); let a = Asn1Time::from_str("99991231235959Z").unwrap();
let b = Asn1Time::from_str("99991231235959Z").unwrap(); let b = Asn1Time::from_str("99991231235959Z").unwrap();
@ -630,7 +613,6 @@ mod tests {
} }
#[test] #[test]
#[cfg(ossl102)]
fn time_ord() { fn time_ord() {
let a = Asn1Time::from_str("99991231235959Z").unwrap(); let a = Asn1Time::from_str("99991231235959Z").unwrap();
let b = Asn1Time::from_str("99991231235959Z").unwrap(); let b = Asn1Time::from_str("99991231235959Z").unwrap();

13
openssl/src/bio.rs
View File

@ -3,6 +3,7 @@ use libc::c_int;
use std::marker::PhantomData; use std::marker::PhantomData;
use std::ptr; use std::ptr;
use std::slice; use std::slice;
use ffi::BIO_new_mem_buf;
use cvt_p; use cvt_p;
use error::ErrorStack; use error::ErrorStack;
@ -68,13 +69,5 @@ impl MemBio {
} }
} }
cfg_if! {
if #[cfg(ossl102)] {
use ffi::BIO_new_mem_buf;
} else {
#[allow(bad_style)]
unsafe fn BIO_new_mem_buf(buf: *const ::libc::c_void, len: ::libc::c_int) -> *mut ffi::BIO {
ffi::BIO_new_mem_buf(buf as *mut _, len)
}
}
}

2
openssl/src/ssl/callbacks.rs
View File

@ -11,7 +11,6 @@ use std::str;
use std::sync::Arc; use std::sync::Arc;
use error::ErrorStack; use error::ErrorStack;
#[cfg(any(ossl102, libressl261))]
use ssl::AlpnError; use ssl::AlpnError;
use ssl::{ use ssl::{
SniError, Ssl, SslAlert, SslContext, SslContextRef, SslRef, SslSession, SslSessionRef, SniError, Ssl, SslAlert, SslContext, SslContextRef, SslRef, SslSession, SslSessionRef,
@ -161,7 +160,6 @@ where
} }
} }
#[cfg(any(ossl102, libressl261))]
pub extern "C" fn raw_alpn_select<F>( pub extern "C" fn raw_alpn_select<F>(
ssl: *mut ffi::SSL, ssl: *mut ffi::SSL,
out: *mut *const c_uchar, out: *mut *const c_uchar,

231
openssl/src/ssl/connector.rs
View File

@ -324,228 +324,21 @@ impl DerefMut for SslAcceptorBuilder {
} }
} }
cfg_if! { fn setup_curves(_: &mut SslContextBuilder) -> Result<(), ErrorStack> {
if #[cfg(ossl110)] { Ok(())
fn setup_curves(_: &mut SslContextBuilder) -> Result<(), ErrorStack> {
Ok(())
}
} else if #[cfg(any(ossl102, libressl))] {
fn setup_curves(ctx: &mut SslContextBuilder) -> Result<(), ErrorStack> {
ctx.set_ecdh_auto(true)
}
} else {
fn setup_curves(ctx: &mut SslContextBuilder) -> Result<(), ErrorStack> {
use ec::EcKey;
use nid::Nid;
let curve = EcKey::from_curve_name(Nid::X9_62_PRIME256V1)?;
ctx.set_tmp_ecdh(&curve)
}
}
} }
cfg_if! { fn setup_verify(ctx: &mut SslContextBuilder) {
if #[cfg(any(ossl102, libressl261))] { ctx.set_verify(SslVerifyMode::PEER);
fn setup_verify(ctx: &mut SslContextBuilder) { }
ctx.set_verify(SslVerifyMode::PEER);
}
fn setup_verify_hostname(ssl: &mut SslRef, domain: &str) -> Result<(), ErrorStack> { fn setup_verify_hostname(ssl: &mut SslRef, domain: &str) -> Result<(), ErrorStack> {
use x509::verify::X509CheckFlags; use x509::verify::X509CheckFlags;
let param = ssl.param_mut(); let param = ssl.param_mut();
param.set_hostflags(X509CheckFlags::NO_PARTIAL_WILDCARDS); param.set_hostflags(X509CheckFlags::NO_PARTIAL_WILDCARDS);
match domain.parse() { match domain.parse() {
Ok(ip) => param.set_ip(ip), Ok(ip) => param.set_ip(ip),
Err(_) => param.set_host(domain), Err(_) => param.set_host(domain),
}
}
} else {
fn setup_verify(ctx: &mut SslContextBuilder) {
ctx.set_verify_callback(SslVerifyMode::PEER, verify::verify_callback);
}
fn setup_verify_hostname(ssl: &mut Ssl, domain: &str) -> Result<(), ErrorStack> {
let domain = domain.to_string();
ssl.set_ex_data(*verify::HOSTNAME_IDX, domain);
Ok(())
}
mod verify {
use std::net::IpAddr;
use std::str;
use ex_data::Index;
use nid::Nid;
use ssl::Ssl;
use stack::Stack;
use x509::{
GeneralName, X509NameRef, X509Ref, X509StoreContext, X509StoreContextRef,
X509VerifyResult,
};
lazy_static! {
pub static ref HOSTNAME_IDX: Index<Ssl, String> = Ssl::new_ex_index().unwrap();
}
pub fn verify_callback(preverify_ok: bool, x509_ctx: &mut X509StoreContextRef) -> bool {
if !preverify_ok || x509_ctx.error_depth() != 0 {
return preverify_ok;
}
let ok = match (
x509_ctx.current_cert(),
X509StoreContext::ssl_idx()
.ok()
.and_then(|idx| x509_ctx.ex_data(idx))
.and_then(|ssl| ssl.ex_data(*HOSTNAME_IDX)),
) {
(Some(x509), Some(domain)) => verify_hostname(domain, &x509),
_ => true,
};
if !ok {
x509_ctx.set_error(X509VerifyResult::APPLICATION_VERIFICATION);
}
ok
}
fn verify_hostname(domain: &str, cert: &X509Ref) -> bool {
match cert.subject_alt_names() {
Some(names) => verify_subject_alt_names(domain, names),
None => verify_subject_name(domain, &cert.subject_name()),
}
}
fn verify_subject_alt_names(domain: &str, names: Stack<GeneralName>) -> bool {
let ip = domain.parse();
for name in &names {
match ip {
Ok(ip) => {
if let Some(actual) = name.ipaddress() {
if matches_ip(&ip, actual) {
return true;
}
}
}
Err(_) => {
if let Some(pattern) = name.dnsname() {
if matches_dns(pattern, domain) {
return true;
}
}
}
}
}
false
}
fn verify_subject_name(domain: &str, subject_name: &X509NameRef) -> bool {
match subject_name.entries_by_nid(Nid::COMMONNAME).next() {
Some(pattern) => {
let pattern = match str::from_utf8(pattern.data().as_slice()) {
Ok(pattern) => pattern,
Err(_) => return false,
};
// Unlike SANs, IP addresses in the subject name don't have a
// different encoding.
match domain.parse::<IpAddr>() {
Ok(ip) => pattern
.parse::<IpAddr>()
.ok()
.map_or(false, |pattern| pattern == ip),
Err(_) => matches_dns(pattern, domain),
}
}
None => false,
}
}
fn matches_dns(mut pattern: &str, mut hostname: &str) -> bool {
// first strip trailing . off of pattern and hostname to normalize
if pattern.ends_with('.') {
pattern = &pattern[..pattern.len() - 1];
}
if hostname.ends_with('.') {
hostname = &hostname[..hostname.len() - 1];
}
matches_wildcard(pattern, hostname).unwrap_or_else(|| pattern == hostname)
}
fn matches_wildcard(pattern: &str, hostname: &str) -> Option<bool> {
// internationalized domains can't involved in wildcards
if pattern.starts_with("xn--") {
return None;
}
let wildcard_location = match pattern.find('*') {
Some(l) => l,
None => return None,
};
let mut dot_idxs = pattern.match_indices('.').map(|(l, _)| l);
let wildcard_end = match dot_idxs.next() {
Some(l) => l,
None => return None,
};
// Never match wildcards if the pattern has less than 2 '.'s (no *.com)
//
// This is a bit dubious, as it doesn't disallow other TLDs like *.co.uk.
// Chrome has a black- and white-list for this, but Firefox (via NSS) does
// the same thing we do here.
//
// The Public Suffix (https://www.publicsuffix.org/) list could
// potentially be used here, but it's both huge and updated frequently
// enough that management would be a PITA.
if dot_idxs.next().is_none() {
return None;
}
// Wildcards can only be in the first component
if wildcard_location > wildcard_end {
return None;
}
let hostname_label_end = match hostname.find('.') {
Some(l) => l,
None => return None,
};
// check that the non-wildcard parts are identical
if pattern[wildcard_end..] != hostname[hostname_label_end..] {
return Some(false);
}
let wildcard_prefix = &pattern[..wildcard_location];
let wildcard_suffix = &pattern[wildcard_location + 1..wildcard_end];
let hostname_label = &hostname[..hostname_label_end];
// check the prefix of the first label
if !hostname_label.starts_with(wildcard_prefix) {
return Some(false);
}
// and the suffix
if !hostname_label[wildcard_prefix.len()..].ends_with(wildcard_suffix) {
return Some(false);
}
Some(true)
}
fn matches_ip(expected: &IpAddr, actual: &[u8]) -> bool {
match *expected {
IpAddr::V4(ref addr) => actual == addr.octets(),
IpAddr::V6(ref addr) => actual == addr.octets(),
}
}
}
} }
} }

39
openssl/src/ssl/mod.rs
View File

@ -91,7 +91,6 @@ use ssl::callbacks::*;
use ssl::error::InnerError; use ssl::error::InnerError;
use stack::{Stack, StackRef}; use stack::{Stack, StackRef};
use x509::store::{X509Store, X509StoreBuilderRef, X509StoreRef}; use x509::store::{X509Store, X509StoreBuilderRef, X509StoreRef};
#[cfg(any(ossl102, libressl261))]
use x509::verify::X509VerifyParamRef; use x509::verify::X509VerifyParamRef;
use x509::{X509Name, X509Ref, X509StoreContextRef, X509VerifyResult, X509}; use x509::{X509Name, X509Ref, X509StoreContextRef, X509VerifyResult, X509};
use {cvt, cvt_n, cvt_p, init}; use {cvt, cvt_n, cvt_p, init};
@ -178,13 +177,11 @@ bitflags! {
/// Disables the use of DTLSv1.0 /// Disables the use of DTLSv1.0
/// ///
/// Requires OpenSSL 1.0.2 or newer. /// Requires OpenSSL 1.0.2 or newer.
#[cfg(any(ossl102, ossl110))]
const NO_DTLSV1 = ffi::SSL_OP_NO_DTLSv1; const NO_DTLSV1 = ffi::SSL_OP_NO_DTLSv1;
/// Disables the use of DTLSv1.2. /// Disables the use of DTLSv1.2.
/// ///
/// Requires OpenSSL 1.0.2, or newer. /// Requires OpenSSL 1.0.2, or newer.
#[cfg(any(ossl102, ossl110))]
const NO_DTLSV1_2 = ffi::SSL_OP_NO_DTLSv1_2; const NO_DTLSV1_2 = ffi::SSL_OP_NO_DTLSv1_2;
/// Disallow all renegotiation in TLSv1.2 and earlier. /// Disallow all renegotiation in TLSv1.2 and earlier.
@ -472,11 +469,9 @@ impl SslAlert {
/// An error returned from an ALPN selection callback. /// An error returned from an ALPN selection callback.
/// ///
/// Requires OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer. /// Requires OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
#[cfg(any(ossl102, libressl261))]
#[derive(Debug, Copy, Clone, PartialEq, Eq)] #[derive(Debug, Copy, Clone, PartialEq, Eq)]
pub struct AlpnError(c_int); pub struct AlpnError(c_int);
#[cfg(any(ossl102, libressl261))]
impl AlpnError { impl AlpnError {
/// Terminate the handshake with a fatal alert. /// Terminate the handshake with a fatal alert.
/// ///
@ -655,7 +650,6 @@ impl SslContextBuilder {
/// This corresponds to [`SSL_CTX_set0_verify_cert_store`]. /// This corresponds to [`SSL_CTX_set0_verify_cert_store`].
/// ///
/// [`SSL_CTX_set0_verify_cert_store`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set0_verify_cert_store.html /// [`SSL_CTX_set0_verify_cert_store`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set0_verify_cert_store.html
#[cfg(any(ossl102, ossl110))]
pub fn set_verify_cert_store(&mut self, cert_store: X509Store) -> Result<(), ErrorStack> { pub fn set_verify_cert_store(&mut self, cert_store: X509Store) -> Result<(), ErrorStack> {
unsafe { unsafe {
let ptr = cert_store.as_ptr(); let ptr = cert_store.as_ptr();
@ -932,18 +926,6 @@ impl SslContextBuilder {
} }
} }
/// Enables ECDHE key exchange with an automatically chosen curve list.
///
/// Requires OpenSSL 1.0.2.
///
/// This corresponds to [`SSL_CTX_set_ecdh_auto`].
///
/// [`SSL_CTX_set_ecdh_auto`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_ecdh_auto.html
#[cfg(any(libressl, all(ossl102, not(ossl110))))]
pub fn set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> {
unsafe { cvt(ffi::SSL_CTX_set_ecdh_auto(self.as_ptr(), onoff as c_int)).map(|_| ()) }
}
/// Sets the options used by the context, returning the old set. /// Sets the options used by the context, returning the old set.
/// ///
/// This corresponds to [`SSL_CTX_set_options`]. /// This corresponds to [`SSL_CTX_set_options`].
@ -1075,7 +1057,6 @@ impl SslContextBuilder {
/// Requires OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer. /// Requires OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
/// ///
/// [`SSL_CTX_set_alpn_protos`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_alpn_protos.html /// [`SSL_CTX_set_alpn_protos`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_alpn_protos.html
#[cfg(any(ossl102, libressl261))]
pub fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack> { pub fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack> {
unsafe { unsafe {
assert!(protocols.len() <= c_uint::max_value() as usize); assert!(protocols.len() <= c_uint::max_value() as usize);
@ -1127,7 +1108,6 @@ impl SslContextBuilder {
/// [`SslContextBuilder::set_alpn_protos`]: struct.SslContextBuilder.html#method.set_alpn_protos /// [`SslContextBuilder::set_alpn_protos`]: struct.SslContextBuilder.html#method.set_alpn_protos
/// [`select_next_proto`]: fn.select_next_proto.html /// [`select_next_proto`]: fn.select_next_proto.html
/// [`SSL_CTX_set_alpn_select_cb`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_alpn_protos.html /// [`SSL_CTX_set_alpn_select_cb`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_alpn_protos.html
#[cfg(any(ossl102, libressl261))]
pub fn set_alpn_select_callback<F>(&mut self, callback: F) pub fn set_alpn_select_callback<F>(&mut self, callback: F)
where where
F: for<'a> Fn(&mut SslRef, &'a [u8]) -> Result<&'a [u8], AlpnError> + 'static + Sync + Send, F: for<'a> Fn(&mut SslRef, &'a [u8]) -> Result<&'a [u8], AlpnError> + 'static + Sync + Send,
@ -1399,7 +1379,6 @@ impl SslContextBuilder {
/// Requires OpenSSL 1.0.2 or newer. /// Requires OpenSSL 1.0.2 or newer.
/// ///
/// [`SSL_CTX_set1_sigalgs_list`]: https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_set1_sigalgs_list.html /// [`SSL_CTX_set1_sigalgs_list`]: https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_set1_sigalgs_list.html
#[cfg(ossl102)]
pub fn set_sigalgs_list(&mut self, sigalgs: &str) -> Result<(), ErrorStack> { pub fn set_sigalgs_list(&mut self, sigalgs: &str) -> Result<(), ErrorStack> {
let sigalgs = CString::new(sigalgs).unwrap(); let sigalgs = CString::new(sigalgs).unwrap();
unsafe { unsafe {
@ -1495,7 +1474,6 @@ impl SslContextRef {
/// This corresponds to [`SSL_CTX_get0_certificate`]. /// This corresponds to [`SSL_CTX_get0_certificate`].
/// ///
/// [`SSL_CTX_get0_certificate`]: https://www.openssl.org/docs/man1.1.0/ssl/ssl.html /// [`SSL_CTX_get0_certificate`]: https://www.openssl.org/docs/man1.1.0/ssl/ssl.html
#[cfg(any(ossl102, ossl110))]
pub fn certificate(&self) -> Option<&X509Ref> { pub fn certificate(&self) -> Option<&X509Ref> {
unsafe { unsafe {
let ptr = ffi::SSL_CTX_get0_certificate(self.as_ptr()); let ptr = ffi::SSL_CTX_get0_certificate(self.as_ptr());
@ -1514,7 +1492,6 @@ impl SslContextRef {
/// This corresponds to [`SSL_CTX_get0_privatekey`]. /// This corresponds to [`SSL_CTX_get0_privatekey`].
/// ///
/// [`SSL_CTX_get0_privatekey`]: https://www.openssl.org/docs/man1.1.0/ssl/ssl.html /// [`SSL_CTX_get0_privatekey`]: https://www.openssl.org/docs/man1.1.0/ssl/ssl.html
#[cfg(any(ossl102, ossl110))]
pub fn private_key(&self) -> Option<&PKeyRef<Private>> { pub fn private_key(&self) -> Option<&PKeyRef<Private>> {
unsafe { unsafe {
let ptr = ffi::SSL_CTX_get0_privatekey(self.as_ptr()); let ptr = ffi::SSL_CTX_get0_privatekey(self.as_ptr());
@ -2085,19 +2062,6 @@ impl SslRef {
unsafe { cvt(ffi::SSL_set_tmp_ecdh(self.as_ptr(), key.as_ptr()) as c_int).map(|_| ()) } unsafe { cvt(ffi::SSL_set_tmp_ecdh(self.as_ptr(), key.as_ptr()) as c_int).map(|_| ()) }
} }
/// Like [`SslContextBuilder::set_ecdh_auto`].
///
/// Requires OpenSSL 1.0.2.
///
/// This corresponds to [`SSL_set_ecdh_auto`].
///
/// [`SslContextBuilder::set_tmp_ecdh`]: struct.SslContextBuilder.html#method.set_tmp_ecdh
/// [`SSL_set_ecdh_auto`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_set_ecdh_auto.html
#[cfg(all(ossl102, not(ossl110)))]
pub fn set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> {
unsafe { cvt(ffi::SSL_set_ecdh_auto(self.as_ptr(), onoff as c_int)).map(|_| ()) }
}
/// Like [`SslContextBuilder::set_alpn_protos`]. /// Like [`SslContextBuilder::set_alpn_protos`].
/// ///
/// Requires OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer. /// Requires OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
@ -2106,7 +2070,6 @@ impl SslRef {
/// ///
/// [`SslContextBuilder::set_alpn_protos`]: struct.SslContextBuilder.html#method.set_alpn_protos /// [`SslContextBuilder::set_alpn_protos`]: struct.SslContextBuilder.html#method.set_alpn_protos
/// [`SSL_set_alpn_protos`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_alpn_protos.html /// [`SSL_set_alpn_protos`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_alpn_protos.html
#[cfg(any(ossl102, libressl261))]
pub fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack> { pub fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack> {
unsafe { unsafe {
assert!(protocols.len() <= c_uint::max_value() as usize); assert!(protocols.len() <= c_uint::max_value() as usize);
@ -2296,7 +2259,6 @@ impl SslRef {
/// This corresponds to [`SSL_get0_alpn_selected`]. /// This corresponds to [`SSL_get0_alpn_selected`].
/// ///
/// [`SSL_get0_alpn_selected`]: https://www.openssl.org/docs/manmaster/man3/SSL_get0_next_proto_negotiated.html /// [`SSL_get0_alpn_selected`]: https://www.openssl.org/docs/manmaster/man3/SSL_get0_next_proto_negotiated.html
#[cfg(any(ossl102, libressl261))]
pub fn selected_alpn_protocol(&self) -> Option<&[u8]> { pub fn selected_alpn_protocol(&self) -> Option<&[u8]> {
unsafe { unsafe {
let mut data: *const c_uchar = ptr::null(); let mut data: *const c_uchar = ptr::null();
@ -2452,7 +2414,6 @@ impl SslRef {
/// This corresponds to [`SSL_get0_param`]. /// This corresponds to [`SSL_get0_param`].
/// ///
/// [`SSL_get0_param`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_get0_param.html /// [`SSL_get0_param`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_get0_param.html
#[cfg(any(ossl102, libressl261))]
pub fn param_mut(&mut self) -> &mut X509VerifyParamRef { pub fn param_mut(&mut self) -> &mut X509VerifyParamRef {
unsafe { X509VerifyParamRef::from_ptr_mut(ffi::SSL_get0_param(self.as_ptr())) } unsafe { X509VerifyParamRef::from_ptr_mut(ffi::SSL_get0_param(self.as_ptr())) }
} }

8
openssl/src/ssl/test/mod.rs
View File

@ -29,9 +29,7 @@ use ssl::{
SslAcceptorBuilder, SslConnector, SslContext, SslContextBuilder, SslFiletype, SslMethod, SslAcceptorBuilder, SslConnector, SslContext, SslContextBuilder, SslFiletype, SslMethod,
SslOptions, SslSessionCacheMode, SslStream, SslStreamBuilder, SslVerifyMode, StatusType, SslOptions, SslSessionCacheMode, SslStream, SslStreamBuilder, SslVerifyMode, StatusType,
}; };
#[cfg(ossl102)]
use x509::store::X509StoreBuilder; use x509::store::X509StoreBuilder;
#[cfg(ossl102)]
use x509::verify::X509CheckFlags; use x509::verify::X509CheckFlags;
use x509::{X509Name, X509StoreContext, X509VerifyResult, X509}; use x509::{X509Name, X509StoreContext, X509VerifyResult, X509};
@ -64,7 +62,6 @@ fn verify_trusted() {
} }
#[test] #[test]
#[cfg(ossl102)]
fn verify_trusted_with_set_cert() { fn verify_trusted_with_set_cert() {
let server = Server::builder().build(); let server = Server::builder().build();
@ -432,7 +429,6 @@ fn test_connect_with_srtp_ssl() {
/// Tests that when the `SslStream` is created as a server stream, the protocols /// Tests that when the `SslStream` is created as a server stream, the protocols
/// are correctly advertised to the client. /// are correctly advertised to the client.
#[test] #[test]
#[cfg(any(ossl102, libressl261))]
fn test_alpn_server_advertise_multiple() { fn test_alpn_server_advertise_multiple() {
let mut server = Server::builder(); let mut server = Server::builder();
server.ctx().set_alpn_select_callback(|_, client| { server.ctx().set_alpn_select_callback(|_, client| {
@ -464,7 +460,6 @@ fn test_alpn_server_select_none_fatal() {
} }
#[test] #[test]
#[cfg(any(ossl102, libressl261))]
fn test_alpn_server_select_none() { fn test_alpn_server_select_none() {
let mut server = Server::builder(); let mut server = Server::builder();
server.ctx().set_alpn_select_callback(|_, client| { server.ctx().set_alpn_select_callback(|_, client| {
@ -479,7 +474,6 @@ fn test_alpn_server_select_none() {
} }
#[test] #[test]
#[cfg(any(ossl102, libressl261))]
fn test_alpn_server_unilateral() { fn test_alpn_server_unilateral() {
let server = Server::builder().build(); let server = Server::builder().build();
@ -629,7 +623,6 @@ fn add_extra_chain_cert() {
} }
#[test] #[test]
#[cfg(ossl102)]
fn verify_valid_hostname() { fn verify_valid_hostname() {
let server = Server::builder().build(); let server = Server::builder().build();
@ -647,7 +640,6 @@ fn verify_valid_hostname() {
} }
#[test] #[test]
#[cfg(ossl102)]
fn verify_invalid_hostname() { fn verify_invalid_hostname() {
let mut server = Server::builder(); let mut server = Server::builder();
server.should_error(); server.should_error();

2
openssl/src/x509/mod.rs
View File

@ -33,9 +33,7 @@ use stack::{Stack, StackRef, Stackable};
use string::OpensslString; use string::OpensslString;
use {cvt, cvt_n, cvt_p}; use {cvt, cvt_n, cvt_p};
#[cfg(any(ossl102, libressl261))]
pub mod verify; pub mod verify;
pub mod extension; pub mod extension;
pub mod store; pub mod store;

3
systest/build.rs
View File

@ -25,9 +25,6 @@ fn main() {
let mut cfgs = vec![]; let mut cfgs = vec![];
cfgs.push("ossl102");
cfgs.push("ossl102f");
cfgs.push("ossl102h");
cfgs.push("ossl110"); cfgs.push("ossl110");
for c in cfgs { for c in cfgs {