Fix for changes in OpenSSL 1.1.0f

.travis.yml

@@ -29,7 +29,7 @@ matrix:
             - binfmt-support
     - env: >
         TARGET=arm-unknown-linux-gnueabihf
-        BUILD_OPENSSL_VERSION=1.1.0e
+        BUILD_OPENSSL_VERSION=1.1.0f
         CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER=arm-linux-gnueabihf-gcc
         QEMU_LD_PREFIX=/usr/arm-linux-gnueabihf
         RUST_TEST_THREADS=1
@@ -50,7 +50,7 @@ matrix:
 
     # 64-bit version compat
     - env: BUILD_OPENSSL_VERSION=1.0.2k
-    - env: BUILD_OPENSSL_VERSION=1.1.0e
+    - env: BUILD_OPENSSL_VERSION=1.1.0f
 
     # 32-bit version compat
     - env: TARGET=i686-unknown-linux-gnu BUILD_OPENSSL_VERSION=1.0.1u
@@ -63,7 +63,7 @@ matrix:
         apt:
           packages:
             - gcc-multilib
-    - env: TARGET=i686-unknown-linux-gnu BUILD_OPENSSL_VERSION=1.1.0e
+    - env: TARGET=i686-unknown-linux-gnu BUILD_OPENSSL_VERSION=1.1.0f
       addons:
         apt:
           packages:

appveyor.yml

@@ -5,20 +5,20 @@ environment:
     - TARGET: i686-pc-windows-gnu
       BITS: 32
       MSYS2: 1
-      OPENSSL_VERSION: 1_1_0e
+      OPENSSL_VERSION: 1_1_0f
     - TARGET: x86_64-pc-windows-msvc
       BITS: 64
-      OPENSSL_VERSION: 1_1_0e
+      OPENSSL_VERSION: 1_1_0f
       OPENSSL_DIR: C:\OpenSSL
 
     # 1.0.2, 64/32 bit
     - TARGET: x86_64-pc-windows-gnu
       BITS: 64
       MSYS2: 1
-      OPENSSL_VERSION: 1_0_2k
+      OPENSSL_VERSION: 1_0_2L
     - TARGET: i686-pc-windows-msvc
       BITS: 32
-      OPENSSL_VERSION: 1_0_2k
+      OPENSSL_VERSION: 1_0_2L
       OPENSSL_DIR: C:\OpenSSL
 install:
   # install OpenSSL

openssl-sys/build.rs

@@ -253,6 +253,8 @@ RUST_LIBRESSL_250
 RUST_LIBRESSL_OLD
 #elif OPENSSL_VERSION_NUMBER >= 0x10101000
 RUST_OPENSSL_NEW
+#elif OPENSSL_VERSION_NUMBER >= 0x10100060
+RUST_OPENSSL_110F
 #elif OPENSSL_VERSION_NUMBER >= 0x10100000
 RUST_OPENSSL_110
 #elif OPENSSL_VERSION_NUMBER >= 0x10002000
@@ -348,6 +350,12 @@ See rust-openssl README for more information:
         println!("cargo:libressl=true");
         println!("cargo:version=101");
         Version::Libressl
+    } else if expanded.contains("RUST_OPENSSL_110F") {
+        println!("cargo:rustc-cfg=ossl110");
+        println!("cargo:rustc-cfg=ossl110f");
+        println!("cargo:version=110");
+        println!("cargo:patch=f");
+        Version::Openssl110
     } else if expanded.contains("RUST_OPENSSL_110") {
         println!("cargo:rustc-cfg=ossl110");
         println!("cargo:version=110");

openssl-sys/src/lib.rs

@@ -1205,8 +1205,18 @@ pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2;
 #[cfg(not(ossl101))]
 pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x00000010;
 pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: c_ulong = 0x00000800;
+pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x80000000;
+pub const SSL_OP_LEGACY_SERVER_CONNECT: c_ulong = 0x00000004;
 #[cfg(not(libressl))]
+pub const SSL_OP_SAFARI_ECDHE_ECDSA_BUG: c_ulong = 0x00000040;
+#[cfg(not(any(libressl, ossl110f)))]
 pub const SSL_OP_ALL: c_ulong = 0x80000BFF;
+#[cfg(ossl110f)]
+pub const SSL_OP_ALL: c_ulong = SSL_OP_CRYPTOPRO_TLSEXT_BUG |
+                            SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS |
+                            SSL_OP_LEGACY_SERVER_CONNECT |
+                            SSL_OP_TLSEXT_PADDING |
+                            SSL_OP_SAFARI_ECDHE_ECDSA_BUG;
 pub const SSL_OP_NO_QUERY_MTU: c_ulong = 0x00001000;
 pub const SSL_OP_COOKIE_EXCHANGE: c_ulong = 0x00002000;
 pub const SSL_OP_NO_TICKET: c_ulong = 0x00004000;
@@ -2264,8 +2274,10 @@ extern "C" {
                                           len: *mut c_uint);
     pub fn SSL_get_session(s: *const SSL) -> *mut SSL_SESSION;
     pub fn SSL_set_session(ssl: *mut SSL, session: *mut SSL_SESSION) -> c_int;
-    #[cfg(not(any(ossl101, libressl)))]
+    #[cfg(not(any(ossl101, libressl, ossl110f)))]
     pub fn SSL_is_server(s: *mut SSL) -> c_int;
+    #[cfg(ossl110f)]
+    pub fn SSL_is_server(s: *const SSL) -> c_int;
 
     pub fn SSL_SESSION_free(s: *mut SSL_SESSION);
     pub fn SSL_SESSION_get_id(s: *const SSL_SESSION, len: *mut c_uint) -> *const c_uchar;

openssl/src/ssl/tests/mod.rs

@@ -180,7 +180,7 @@ macro_rules! run_test(
             use hex::FromHex;
             use foreign_types::ForeignTypeRef;
             use super::Server;
-            #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]            
+            #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
             use super::ROOT_CERT;
 
             #[test]
@@ -743,7 +743,7 @@ fn test_alpn_server_advertise_multiple() {
 /// Test that Servers supporting ALPN don't report a protocol when none of their protocols match
 /// the client's reported protocol.
 #[test]
-#[cfg(all(feature = "v102", ossl102))]
+#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
 fn test_alpn_server_select_none() {
     let listener = TcpListener::bind("127.0.0.1:0").unwrap();
     let localhost = listener.local_addr().unwrap();
@@ -776,38 +776,6 @@ fn test_alpn_server_select_none() {
     assert_eq!(None, stream.ssl().selected_alpn_protocol());
 }
 
-// In 1.1.0, ALPN negotiation failure is a fatal error
-#[test]
-#[cfg(all(feature = "v110", ossl110))]
-fn test_alpn_server_select_none() {
-    let listener = TcpListener::bind("127.0.0.1:0").unwrap();
-    let localhost = listener.local_addr().unwrap();
-    // We create a different context instance for the server...
-    let listener_ctx = {
-        let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
-        ctx.set_verify(SSL_VERIFY_PEER);
-        ctx.set_alpn_protocols(&[b"http/1.1", b"spdy/3.1"]).unwrap();
-        assert!(ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM)
-                   .is_ok());
-        ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM)
-            .unwrap();
-        ctx.build()
-    };
-    // Have the listener wait on the connection in a different thread.
-    thread::spawn(move || {
-        let (stream, _) = listener.accept().unwrap();
-        assert!(Ssl::new(&listener_ctx).unwrap().accept(stream).is_err());
-    });
-
-    let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
-    ctx.set_verify(SSL_VERIFY_PEER);
-    ctx.set_alpn_protocols(&[b"http/2"]).unwrap();
-    ctx.set_ca_file(&Path::new("test/root-ca.pem")).unwrap();
-    // Now connect to the socket and make sure the protocol negotiation works...
-    let stream = TcpStream::connect(localhost).unwrap();
-    assert!(Ssl::new(&ctx.build()).unwrap().connect(stream).is_err());
-}
-
 #[test]
 #[cfg_attr(any(libressl, windows, target_arch = "arm"), ignore)] // FIXME(#467)
 fn test_read_dtlsv1() {

systest/build.rs

@@ -27,6 +27,9 @@ fn main() {
     } else if let Ok(version) = env::var("DEP_OPENSSL_VERSION") {
         cfg.cfg(&format!("ossl{}", version), None);
     }
+    if let (Ok(version), Ok(patch)) = (env::var("DEP_OPENSSL_VERSION"), env::var("DEP_OPENSSL_PATCH")) {
+        cfg.cfg(&format!("ossl{}{}", version, patch), None);
+    }
     if let Ok(vars) = env::var("DEP_OPENSSL_CONF") {
         for var in vars.split(",") {
             cfg.cfg("osslconf", Some(var));