Merge pull request #1257 from sfackler/set-cert-store

Add SslContextBuilder::set_cert_store
2020-04-07 20:47:25 -04:00 · 2020-04-07 20:47:25 -04:00 · 847eeb16cb
parent b027f16031 1ed175f85f
commit 847eeb16cb
3 changed files with 21 additions and 4 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@ -8,6 +8,9 @@ jobs:
      library:
        type: string
        default: ""
+      dl_path:
+        type: string
+        default: ""
      version:
        type: string
        default: ""
@ -71,7 +74,7 @@ jobs:
                  URL="https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-<< parameters.version >>.tar.gz"
                  ;;
                "openssl")
-                  URL="https://openssl.org/source/openssl-<< parameters.version >>.tar.gz"
+                  URL="https://openssl.org/source<< parameters.dl_path >>/openssl-<< parameters.version >>.tar.gz"
                  ;;
                esac

@ -210,12 +213,15 @@ openssl_111: &openssl_111
 openssl_110: &openssl_110
  library: openssl
  version: 1.1.0l
+  dl_path: /old/1.1.0
 openssl_102: &openssl_102
  library: openssl
  version: 1.0.2u
+  dl_path: /old/1.0.2
 openssl_101: &openssl_101
  library: openssl
  version: 1.0.1u
+  dl_path: /old/1.0.1

 workflows:
  test:
--- a/openssl-sys/src/ssl.rs
+++ b/openssl-sys/src/ssl.rs
@ -901,6 +901,7 @@ extern "C" {
    #[cfg(any(ossl110, libressl273))]
    pub fn SSL_CTX_up_ref(x: *mut SSL_CTX) -> c_int;
    pub fn SSL_CTX_get_cert_store(ctx: *const SSL_CTX) -> *mut X509_STORE;
+    pub fn SSL_CTX_set_cert_store(ctx: *mut SSL_CTX, store: *mut X509_STORE);

    pub fn SSL_get_current_cipher(ssl: *const SSL) -> *const SSL_CIPHER;
    pub fn SSL_CIPHER_get_bits(cipher: *const SSL_CIPHER, alg_bits: *mut c_int) -> c_int;
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@ -93,9 +93,7 @@ use ssl::bio::BioMethod;
 use ssl::callbacks::*;
 use ssl::error::InnerError;
 use stack::{Stack, StackRef};
-#[cfg(ossl102)]
-use x509::store::X509Store;
-use x509::store::{X509StoreBuilderRef, X509StoreRef};
+use x509::store::{X509Store, X509StoreBuilderRef, X509StoreRef};
 #[cfg(any(ossl102, libressl261))]
 use x509::verify::X509VerifyParamRef;
 use x509::{X509Name, X509Ref, X509StoreContextRef, X509VerifyResult, X509};
@ -762,6 +760,18 @@ impl SslContextBuilder {
        }
    }

+    /// Replaces the context's certificate store.
+    ///
+    /// This corresponds to [`SSL_CTX_set_cert_store`].
+    ///
+    /// [`SSL_CTX_set_cert_store`]: https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_cert_store.html
+    pub fn set_cert_store(&mut self, cert_store: X509Store) {
+        unsafe {
+            ffi::SSL_CTX_set_cert_store(self.as_ptr(), cert_store.as_ptr());
+            mem::forget(cert_store);
+        }
+    }
+
    /// Controls read ahead behavior.
    ///
    /// If enabled, OpenSSL will read as much data as is available from the underlying stream,