From 8ec53eb0e1b29d2b5c7e3afc433a26cede6dc84d Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Fri, 21 Oct 2016 20:59:07 -0700 Subject: [PATCH] Fix X509StoreContext --- openssl/src/ssl/mod.rs | 18 +++++++++--------- openssl/src/ssl/tests/mod.rs | 6 +++--- openssl/src/x509/mod.rs | 23 ++++++++++++----------- 3 files changed, 24 insertions(+), 23 deletions(-) diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 26cafa9a..7f990a66 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -21,7 +21,7 @@ use ffi; use {init, cvt, cvt_p}; use dh::DH; -use x509::{X509StoreContext, X509FileType, X509, X509Ref, X509VerifyError}; +use x509::{X509StoreContextRef, X509FileType, X509, X509Ref, X509VerifyError}; #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] use x509::verify::X509VerifyParamRef; use crypto::pkey::PKey; @@ -173,7 +173,7 @@ fn get_new_ssl_idx() -> c_int { } extern fn raw_verify(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX) -> c_int - where F: Fn(bool, &X509StoreContext) -> bool + Any + 'static + Sync + Send + where F: Fn(bool, &X509StoreContextRef) -> bool + Any + 'static + Sync + Send { unsafe { let idx = ffi::SSL_get_ex_data_X509_STORE_CTX_idx(); @@ -182,14 +182,14 @@ extern fn raw_verify(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX) let verify = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_verify_data_idx::()); let verify: &F = &*(verify as *mut F); - let ctx = X509StoreContext::new(x509_ctx); + let ctx = X509StoreContextRef::from_ptr(x509_ctx); - verify(preverify_ok != 0, &ctx) as c_int + verify(preverify_ok != 0, ctx) as c_int } } extern fn ssl_raw_verify(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX) -> c_int - where F: Fn(bool, &X509StoreContext) -> bool + Any + 'static + Sync + Send + where F: Fn(bool, &X509StoreContextRef) -> bool + Any + 'static + Sync + Send { unsafe { let idx = ffi::SSL_get_ex_data_X509_STORE_CTX_idx(); @@ -198,9 +198,9 @@ extern fn ssl_raw_verify(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_ get_ssl_verify_data_idx::()); let verify: &F = &*(verify as *mut F); - let ctx = X509StoreContext::new(x509_ctx); + let ctx = X509StoreContextRef::from_ptr(x509_ctx); - verify(preverify_ok != 0, &ctx) as c_int + verify(preverify_ok != 0, ctx) as c_int } } @@ -361,7 +361,7 @@ impl SslContextRef { /// Configures the certificate verification method for new connections and /// registers a verification callback. pub fn set_verify_callback(&mut self, mode: SslVerifyMode, verify: F) - where F: Fn(bool, &X509StoreContext) -> bool + Any + 'static + Sync + Send + where F: Fn(bool, &X509StoreContextRef) -> bool + Any + 'static + Sync + Send { unsafe { let verify = Box::new(verify); @@ -830,7 +830,7 @@ impl SslRef { /// to the certificate chain. It should return `true` if the certificate /// chain is valid and `false` otherwise. pub fn set_verify_callback(&mut self, mode: SslVerifyMode, verify: F) - where F: Fn(bool, &X509StoreContext) -> bool + Any + 'static + Sync + Send + where F: Fn(bool, &X509StoreContextRef) -> bool + Any + 'static + Sync + Send { unsafe { let verify = Box::new(verify); diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs index 684f77ac..fada2a8e 100644 --- a/openssl/src/ssl/tests/mod.rs +++ b/openssl/src/ssl/tests/mod.rs @@ -20,7 +20,7 @@ use ssl::SSL_VERIFY_PEER; use ssl::{SslMethod, HandshakeError}; use ssl::error::Error; use ssl::{SslContext, SslStream, Ssl}; -use x509::X509StoreContext; +use x509::X509StoreContextRef; use x509::X509FileType; use x509::X509; #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] @@ -168,7 +168,7 @@ macro_rules! run_test( use ssl::{SslContext, Ssl, SslStream}; use ssl::SSL_VERIFY_PEER; use crypto::hash::MessageDigest; - use x509::X509StoreContext; + use x509::X509StoreContextRef; use serialize::hex::FromHex; use super::Server; @@ -778,7 +778,7 @@ mod dtlsv1 { use ssl::SslMethod; use ssl::{SslContext, SslStream}; use ssl::SSL_VERIFY_PEER; - use x509::X509StoreContext; + use x509::X509StoreContextRef; #[test] fn test_new_ctx() { diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 9c91bfc1..db5ef1df 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -91,25 +91,26 @@ pub enum X509FileType { Default = ffi::X509_FILETYPE_DEFAULT, } -#[allow(missing_copy_implementations)] -pub struct X509StoreContext { - ctx: *mut ffi::X509_STORE_CTX, -} +pub struct X509StoreContextRef(Opaque); -impl X509StoreContext { - pub fn new(ctx: *mut ffi::X509_STORE_CTX) -> X509StoreContext { - X509StoreContext { ctx: ctx } +impl X509StoreContextRef { + pub unsafe fn from_ptr<'a>(ctx: *mut ffi::X509_STORE_CTX) -> &'a X509StoreContextRef { + &*(ctx as *mut _) + } + + pub fn as_ptr(&self) -> *mut ffi::X509_STORE_CTX { + self as *const _ as *mut _ } pub fn error(&self) -> Option { unsafe { - X509VerifyError::from_raw(ffi::X509_STORE_CTX_get_error(self.ctx) as c_long) + X509VerifyError::from_raw(ffi::X509_STORE_CTX_get_error(self.as_ptr()) as c_long) } } - pub fn current_cert<'a>(&'a self) -> Option<&'a X509Ref> { + pub fn current_cert(&self) -> Option<&X509Ref> { unsafe { - let ptr = ffi::X509_STORE_CTX_get_current_cert(self.ctx); + let ptr = ffi::X509_STORE_CTX_get_current_cert(self.as_ptr()); if ptr.is_null() { None } else { @@ -119,7 +120,7 @@ impl X509StoreContext { } pub fn error_depth(&self) -> u32 { - unsafe { ffi::X509_STORE_CTX_get_error_depth(self.ctx) as u32 } + unsafe { ffi::X509_STORE_CTX_get_error_depth(self.as_ptr()) as u32 } } }