Fix X509StoreContext
This commit is contained in:
Steven Fackler
parent
7267cbeae8
commit
8ec53eb0e1
|
|
@ -21,7 +21,7 @@ use ffi;
|
||||||
|
|
||||||
use {init, cvt, cvt_p};
|
use {init, cvt, cvt_p};
|
||||||
use dh::DH;
|
use dh::DH;
|
||||||
use x509::{X509StoreContext, X509FileType, X509, X509Ref, X509VerifyError};
|
use x509::{X509StoreContextRef, X509FileType, X509, X509Ref, X509VerifyError};
|
||||||
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
|
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
|
||||||
use x509::verify::X509VerifyParamRef;
|
use x509::verify::X509VerifyParamRef;
|
||||||
use crypto::pkey::PKey;
|
use crypto::pkey::PKey;
|
||||||
|
|
@ -173,7 +173,7 @@ fn get_new_ssl_idx<T>() -> c_int {
|
||||||
}
|
}
|
||||||
|
|
||||||
extern fn raw_verify<F>(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX) -> c_int
|
extern fn raw_verify<F>(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX) -> c_int
|
||||||
where F: Fn(bool, &X509StoreContext) -> bool + Any + 'static + Sync + Send
|
where F: Fn(bool, &X509StoreContextRef) -> bool + Any + 'static + Sync + Send
|
||||||
{
|
{
|
||||||
unsafe {
|
unsafe {
|
||||||
let idx = ffi::SSL_get_ex_data_X509_STORE_CTX_idx();
|
let idx = ffi::SSL_get_ex_data_X509_STORE_CTX_idx();
|
||||||
|
|
@ -182,14 +182,14 @@ extern fn raw_verify<F>(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX)
|
||||||
let verify = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_verify_data_idx::<F>());
|
let verify = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_verify_data_idx::<F>());
|
||||||
let verify: &F = &*(verify as *mut F);
|
let verify: &F = &*(verify as *mut F);
|
||||||
|
|
||||||
let ctx = X509StoreContext::new(x509_ctx);
|
let ctx = X509StoreContextRef::from_ptr(x509_ctx);
|
||||||
|
|
||||||
verify(preverify_ok != 0, &ctx) as c_int
|
verify(preverify_ok != 0, ctx) as c_int
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
extern fn ssl_raw_verify<F>(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX) -> c_int
|
extern fn ssl_raw_verify<F>(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX) -> c_int
|
||||||
where F: Fn(bool, &X509StoreContext) -> bool + Any + 'static + Sync + Send
|
where F: Fn(bool, &X509StoreContextRef) -> bool + Any + 'static + Sync + Send
|
||||||
{
|
{
|
||||||
unsafe {
|
unsafe {
|
||||||
let idx = ffi::SSL_get_ex_data_X509_STORE_CTX_idx();
|
let idx = ffi::SSL_get_ex_data_X509_STORE_CTX_idx();
|
||||||
|
|
@ -198,9 +198,9 @@ extern fn ssl_raw_verify<F>(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_
|
||||||
get_ssl_verify_data_idx::<F>());
|
get_ssl_verify_data_idx::<F>());
|
||||||
let verify: &F = &*(verify as *mut F);
|
let verify: &F = &*(verify as *mut F);
|
||||||
|
|
||||||
let ctx = X509StoreContext::new(x509_ctx);
|
let ctx = X509StoreContextRef::from_ptr(x509_ctx);
|
||||||
|
|
||||||
verify(preverify_ok != 0, &ctx) as c_int
|
verify(preverify_ok != 0, ctx) as c_int
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -361,7 +361,7 @@ impl SslContextRef {
|
||||||
/// Configures the certificate verification method for new connections and
|
/// Configures the certificate verification method for new connections and
|
||||||
/// registers a verification callback.
|
/// registers a verification callback.
|
||||||
pub fn set_verify_callback<F>(&mut self, mode: SslVerifyMode, verify: F)
|
pub fn set_verify_callback<F>(&mut self, mode: SslVerifyMode, verify: F)
|
||||||
where F: Fn(bool, &X509StoreContext) -> bool + Any + 'static + Sync + Send
|
where F: Fn(bool, &X509StoreContextRef) -> bool + Any + 'static + Sync + Send
|
||||||
{
|
{
|
||||||
unsafe {
|
unsafe {
|
||||||
let verify = Box::new(verify);
|
let verify = Box::new(verify);
|
||||||
|
|
@ -830,7 +830,7 @@ impl SslRef {
|
||||||
/// to the certificate chain. It should return `true` if the certificate
|
/// to the certificate chain. It should return `true` if the certificate
|
||||||
/// chain is valid and `false` otherwise.
|
/// chain is valid and `false` otherwise.
|
||||||
pub fn set_verify_callback<F>(&mut self, mode: SslVerifyMode, verify: F)
|
pub fn set_verify_callback<F>(&mut self, mode: SslVerifyMode, verify: F)
|
||||||
where F: Fn(bool, &X509StoreContext) -> bool + Any + 'static + Sync + Send
|
where F: Fn(bool, &X509StoreContextRef) -> bool + Any + 'static + Sync + Send
|
||||||
{
|
{
|
||||||
unsafe {
|
unsafe {
|
||||||
let verify = Box::new(verify);
|
let verify = Box::new(verify);
|
||||||
|
|
|
||||||
|
|
@ -20,7 +20,7 @@ use ssl::SSL_VERIFY_PEER;
|
||||||
use ssl::{SslMethod, HandshakeError};
|
use ssl::{SslMethod, HandshakeError};
|
||||||
use ssl::error::Error;
|
use ssl::error::Error;
|
||||||
use ssl::{SslContext, SslStream, Ssl};
|
use ssl::{SslContext, SslStream, Ssl};
|
||||||
use x509::X509StoreContext;
|
use x509::X509StoreContextRef;
|
||||||
use x509::X509FileType;
|
use x509::X509FileType;
|
||||||
use x509::X509;
|
use x509::X509;
|
||||||
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
|
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
|
||||||
|
|
@ -168,7 +168,7 @@ macro_rules! run_test(
|
||||||
use ssl::{SslContext, Ssl, SslStream};
|
use ssl::{SslContext, Ssl, SslStream};
|
||||||
use ssl::SSL_VERIFY_PEER;
|
use ssl::SSL_VERIFY_PEER;
|
||||||
use crypto::hash::MessageDigest;
|
use crypto::hash::MessageDigest;
|
||||||
use x509::X509StoreContext;
|
use x509::X509StoreContextRef;
|
||||||
use serialize::hex::FromHex;
|
use serialize::hex::FromHex;
|
||||||
use super::Server;
|
use super::Server;
|
||||||
|
|
||||||
|
|
@ -778,7 +778,7 @@ mod dtlsv1 {
|
||||||
use ssl::SslMethod;
|
use ssl::SslMethod;
|
||||||
use ssl::{SslContext, SslStream};
|
use ssl::{SslContext, SslStream};
|
||||||
use ssl::SSL_VERIFY_PEER;
|
use ssl::SSL_VERIFY_PEER;
|
||||||
use x509::X509StoreContext;
|
use x509::X509StoreContextRef;
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn test_new_ctx() {
|
fn test_new_ctx() {
|
||||||
|
|
|
||||||
|
|
@ -91,25 +91,26 @@ pub enum X509FileType {
|
||||||
Default = ffi::X509_FILETYPE_DEFAULT,
|
Default = ffi::X509_FILETYPE_DEFAULT,
|
||||||
}
|
}
|
||||||
|
|
||||||
#[allow(missing_copy_implementations)]
|
pub struct X509StoreContextRef(Opaque);
|
||||||
pub struct X509StoreContext {
|
|
||||||
ctx: *mut ffi::X509_STORE_CTX,
|
|
||||||
}
|
|
||||||
|
|
||||||
impl X509StoreContext {
|
impl X509StoreContextRef {
|
||||||
pub fn new(ctx: *mut ffi::X509_STORE_CTX) -> X509StoreContext {
|
pub unsafe fn from_ptr<'a>(ctx: *mut ffi::X509_STORE_CTX) -> &'a X509StoreContextRef {
|
||||||
X509StoreContext { ctx: ctx }
|
&*(ctx as *mut _)
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn as_ptr(&self) -> *mut ffi::X509_STORE_CTX {
|
||||||
|
self as *const _ as *mut _
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn error(&self) -> Option<X509VerifyError> {
|
pub fn error(&self) -> Option<X509VerifyError> {
|
||||||
unsafe {
|
unsafe {
|
||||||
X509VerifyError::from_raw(ffi::X509_STORE_CTX_get_error(self.ctx) as c_long)
|
X509VerifyError::from_raw(ffi::X509_STORE_CTX_get_error(self.as_ptr()) as c_long)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn current_cert<'a>(&'a self) -> Option<&'a X509Ref> {
|
pub fn current_cert(&self) -> Option<&X509Ref> {
|
||||||
unsafe {
|
unsafe {
|
||||||
let ptr = ffi::X509_STORE_CTX_get_current_cert(self.ctx);
|
let ptr = ffi::X509_STORE_CTX_get_current_cert(self.as_ptr());
|
||||||
if ptr.is_null() {
|
if ptr.is_null() {
|
||||||
None
|
None
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -119,7 +120,7 @@ impl X509StoreContext {
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn error_depth(&self) -> u32 {
|
pub fn error_depth(&self) -> u32 {
|
||||||
unsafe { ffi::X509_STORE_CTX_get_error_depth(self.ctx) as u32 }
|
unsafe { ffi::X509_STORE_CTX_get_error_depth(self.as_ptr()) as u32 }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue