min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Start of cert verification

This commit is contained in:
Steven Fackler 2013-10-12 21:48:08 -07:00
parent 709ba4e7b0
commit 8e2d5242a3
3 changed files with 40 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/ssl/ffi.rs
View File

@ -1,6 +1,6 @@
#[doc(hidden)]; #[doc(hidden)];
use std::libc::{c_int, c_void}; use std::libc::{c_int, c_void, c_ulong, c_char};
// openssl/ssl.h // openssl/ssl.h
pub type SSL_CTX = c_void; pub type SSL_CTX = c_void;
@ -8,6 +8,7 @@ pub type SSL_METHOD = c_void;
pub type SSL = c_void; pub type SSL = c_void;
pub type BIO = c_void; pub type BIO = c_void;
pub type BIO_METHOD = c_void; pub type BIO_METHOD = c_void;
pub type X509_STORE_CTX = c_void;
pub static SSL_ERROR_NONE: c_int = 0; pub static SSL_ERROR_NONE: c_int = 0;
pub static SSL_ERROR_SSL: c_int = 1; pub static SSL_ERROR_SSL: c_int = 1;
@ -19,15 +20,21 @@ pub static SSL_ERROR_ZERO_RETURN: c_int = 6;
pub static SSL_ERROR_WANT_CONNECT: c_int = 7; pub static SSL_ERROR_WANT_CONNECT: c_int = 7;
pub static SSL_ERROR_WANT_ACCEPT: c_int = 8; pub static SSL_ERROR_WANT_ACCEPT: c_int = 8;
pub static SSL_VERIFY_NONE: c_int = 0;
pub static SSL_VERIFY_PEER: c_int = 1;
#[link_args = "-lssl"] #[link_args = "-lssl"]
extern "C" { } extern "C" { }
externfn!(fn ERR_get_error() -> c_ulong)
externfn!(fn SSL_library_init() -> c_int) externfn!(fn SSL_library_init() -> c_int)
externfn!(fn SSL_load_error_strings())
externfn!(fn SSLv23_method() -> *SSL_METHOD) externfn!(fn SSLv23_method() -> *SSL_METHOD)
externfn!(fn SSL_CTX_new(method: *SSL_METHOD) -> *SSL_CTX) externfn!(fn SSL_CTX_new(method: *SSL_METHOD) -> *SSL_CTX)
externfn!(fn SSL_CTX_free(ctx: *SSL_CTX)) externfn!(fn SSL_CTX_free(ctx: *SSL_CTX))
externfn!(fn SSL_CTX_set_verify(ctx: *SSL_CTX, mode: c_int,
verify_callback: Option<extern "C" fn(int, *X509_STORE_CTX)>))
externfn!(fn SSL_new(ctx: *SSL_CTX) -> *SSL) externfn!(fn SSL_new(ctx: *SSL_CTX) -> *SSL)
externfn!(fn SSL_free(ssl: *SSL)) externfn!(fn SSL_free(ssl: *SSL))

20
src/ssl/lib.rs
View File

@ -22,7 +22,6 @@ pub fn init() {
} }
ffi::SSL_library_init(); ffi::SSL_library_init();
ffi::SSL_load_error_strings();
FINISHED_INIT.store(true, Release); FINISHED_INIT.store(true, Release);
} }
} }
@ -60,6 +59,15 @@ impl SslCtx {
ctx: ctx ctx: ctx
} }
} }
pub fn set_verify(&mut self, mode: SslVerifyMode) {
unsafe { ffi::SSL_CTX_set_verify(self.ctx, mode as c_int, None) }
}
}
pub enum SslVerifyMode {
SslVerifyNone = ffi::SSL_VERIFY_NONE,
SslVerifyPeer = ffi::SSL_VERIFY_PEER
} }
#[deriving(Eq, TotalEq, ToStr)] #[deriving(Eq, TotalEq, ToStr)]
@ -186,7 +194,7 @@ pub struct SslStream<S> {
} }
impl<S: Stream> SslStream<S> { impl<S: Stream> SslStream<S> {
pub fn new(ctx: SslCtx, stream: S) -> SslStream<S> { pub fn new(ctx: SslCtx, stream: S) -> Result<SslStream<S>, uint> {
let ssl = Ssl::new(&ctx); let ssl = Ssl::new(&ctx);
let rbio = MemBio::new(); let rbio = MemBio::new();
@ -205,11 +213,15 @@ impl<S: Stream> SslStream<S> {
stream: stream stream: stream
}; };
do stream.in_retry_wrapper |ssl| { let ret = do stream.in_retry_wrapper |ssl| {
ssl.ssl.connect() ssl.ssl.connect()
}; };
stream match ret {
Ok(_) => Ok(stream),
// FIXME
Err(_err) => Err(unsafe { ffi::ERR_get_error() as uint })
}
} }
fn in_retry_wrapper(&mut self, blk: &fn(&mut SslStream<S>) -> int) fn in_retry_wrapper(&mut self, blk: &fn(&mut SslStream<S>) -> int)

19
src/ssl/test.rs
View File

@ -6,7 +6,7 @@ use std::rt::io::net::tcp::TcpStream;
use std::vec; use std::vec;
use std::str; use std::str;
use ssl::{Sslv23, SslCtx, SslStream}; use ssl::{Sslv23, SslCtx, SslStream, SslVerifyPeer};
#[test] #[test]
fn test_new_ctx() { fn test_new_ctx() {
@ -16,13 +16,24 @@ fn test_new_ctx() {
#[test] #[test]
fn test_new_sslstream() { fn test_new_sslstream() {
let stream = TcpStream::connect(FromStr::from_str("127.0.0.1:15418").unwrap()).unwrap(); let stream = TcpStream::connect(FromStr::from_str("127.0.0.1:15418").unwrap()).unwrap();
SslStream::new(SslCtx::new(Sslv23), stream); SslStream::new(SslCtx::new(Sslv23), stream).unwrap();
}
#[test]
fn test_verify() {
let stream = TcpStream::connect(FromStr::from_str("127.0.0.1:15418").unwrap()).unwrap();
let mut ctx = SslCtx::new(Sslv23);
ctx.set_verify(SslVerifyPeer);
match SslStream::new(ctx, stream) {
Ok(_) => fail2!("expected failure"),
Err(err) => println!("error {}", err)
}
} }
#[test] #[test]
fn test_write() { fn test_write() {
let stream = TcpStream::connect(FromStr::from_str("127.0.0.1:15418").unwrap()).unwrap(); let stream = TcpStream::connect(FromStr::from_str("127.0.0.1:15418").unwrap()).unwrap();
let mut stream = SslStream::new(SslCtx::new(Sslv23), stream); let mut stream = SslStream::new(SslCtx::new(Sslv23), stream).unwrap();
stream.write("hello".as_bytes()); stream.write("hello".as_bytes());
stream.flush(); stream.flush();
stream.write(" there".as_bytes()); stream.write(" there".as_bytes());
@ -33,7 +44,7 @@ fn test_write() {
#[test] #[test]
fn test_read() { fn test_read() {
let stream = TcpStream::connect(FromStr::from_str("127.0.0.1:15418").unwrap()).unwrap(); let stream = TcpStream::connect(FromStr::from_str("127.0.0.1:15418").unwrap()).unwrap();
let mut stream = SslStream::new(SslCtx::new(Sslv23), stream); let mut stream = SslStream::new(SslCtx::new(Sslv23), stream).unwrap();
stream.write("GET /\r\n\r\n".as_bytes()); stream.write("GET /\r\n\r\n".as_bytes());
stream.flush(); stream.flush();
let buf = stream.read_to_end(); let buf = stream.read_to_end();