Fix for changes in OpenSSL 1.1.0f

2017-06-06 15:20:27 -04:00 · 2017-06-06 15:20:27 -04:00 · 98d343dd32
parent 66d9a8ea52
commit 98d343dd32
6 changed files with 33 additions and 42 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -29,7 +29,7 @@ matrix:
            - binfmt-support
    - env: >
        TARGET=arm-unknown-linux-gnueabihf
-        BUILD_OPENSSL_VERSION=1.1.0e
+        BUILD_OPENSSL_VERSION=1.1.0f
        CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER=arm-linux-gnueabihf-gcc
        QEMU_LD_PREFIX=/usr/arm-linux-gnueabihf
        RUST_TEST_THREADS=1
@ -50,7 +50,7 @@ matrix:

    # 64-bit version compat
    - env: BUILD_OPENSSL_VERSION=1.0.2k
-    - env: BUILD_OPENSSL_VERSION=1.1.0e
+    - env: BUILD_OPENSSL_VERSION=1.1.0f

    # 32-bit version compat
    - env: TARGET=i686-unknown-linux-gnu BUILD_OPENSSL_VERSION=1.0.1u
@ -63,7 +63,7 @@ matrix:
        apt:
          packages:
            - gcc-multilib
-    - env: TARGET=i686-unknown-linux-gnu BUILD_OPENSSL_VERSION=1.1.0e
+    - env: TARGET=i686-unknown-linux-gnu BUILD_OPENSSL_VERSION=1.1.0f
      addons:
        apt:
          packages:
--- a/appveyor.yml
+++ b/appveyor.yml
@ -5,20 +5,20 @@ environment:
    - TARGET: i686-pc-windows-gnu
      BITS: 32
      MSYS2: 1
-      OPENSSL_VERSION: 1_1_0e
+      OPENSSL_VERSION: 1_1_0f
    - TARGET: x86_64-pc-windows-msvc
      BITS: 64
-      OPENSSL_VERSION: 1_1_0e
+      OPENSSL_VERSION: 1_1_0f
      OPENSSL_DIR: C:\OpenSSL

    # 1.0.2, 64/32 bit
    - TARGET: x86_64-pc-windows-gnu
      BITS: 64
      MSYS2: 1
-      OPENSSL_VERSION: 1_0_2k
+      OPENSSL_VERSION: 1_0_2L
    - TARGET: i686-pc-windows-msvc
      BITS: 32
-      OPENSSL_VERSION: 1_0_2k
+      OPENSSL_VERSION: 1_0_2L
      OPENSSL_DIR: C:\OpenSSL
 install:
  # install OpenSSL
--- a/openssl-sys/build.rs
+++ b/openssl-sys/build.rs
@ -253,6 +253,8 @@ RUST_LIBRESSL_250
 RUST_LIBRESSL_OLD
 #elif OPENSSL_VERSION_NUMBER >= 0x10101000
 RUST_OPENSSL_NEW
+#elif OPENSSL_VERSION_NUMBER >= 0x10100060
+RUST_OPENSSL_110F
 #elif OPENSSL_VERSION_NUMBER >= 0x10100000
 RUST_OPENSSL_110
 #elif OPENSSL_VERSION_NUMBER >= 0x10002000
@ -348,6 +350,12 @@ See rust-openssl README for more information:
        println!("cargo:libressl=true");
        println!("cargo:version=101");
        Version::Libressl
+    } else if expanded.contains("RUST_OPENSSL_110F") {
+        println!("cargo:rustc-cfg=ossl110");
+        println!("cargo:rustc-cfg=ossl110f");
+        println!("cargo:version=110");
+        println!("cargo:patch=f");
+        Version::Openssl110
    } else if expanded.contains("RUST_OPENSSL_110") {
        println!("cargo:rustc-cfg=ossl110");
        println!("cargo:version=110");
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@ -1205,8 +1205,18 @@ pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2;
 #[cfg(not(ossl101))]
 pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x00000010;
 pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: c_ulong = 0x00000800;
+pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x80000000;
+pub const SSL_OP_LEGACY_SERVER_CONNECT: c_ulong = 0x00000004;
 #[cfg(not(libressl))]
+pub const SSL_OP_SAFARI_ECDHE_ECDSA_BUG: c_ulong = 0x00000040;
+#[cfg(not(any(libressl, ossl110f)))]
 pub const SSL_OP_ALL: c_ulong = 0x80000BFF;
+#[cfg(ossl110f)]
+pub const SSL_OP_ALL: c_ulong = SSL_OP_CRYPTOPRO_TLSEXT_BUG |
+                            SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS |
+                            SSL_OP_LEGACY_SERVER_CONNECT |
+                            SSL_OP_TLSEXT_PADDING |
+                            SSL_OP_SAFARI_ECDHE_ECDSA_BUG;
 pub const SSL_OP_NO_QUERY_MTU: c_ulong = 0x00001000;
 pub const SSL_OP_COOKIE_EXCHANGE: c_ulong = 0x00002000;
 pub const SSL_OP_NO_TICKET: c_ulong = 0x00004000;
@ -2264,8 +2274,10 @@ extern "C" {
                                          len: *mut c_uint);
    pub fn SSL_get_session(s: *const SSL) -> *mut SSL_SESSION;
    pub fn SSL_set_session(ssl: *mut SSL, session: *mut SSL_SESSION) -> c_int;
-    #[cfg(not(any(ossl101, libressl)))]
+    #[cfg(not(any(ossl101, libressl, ossl110f)))]
    pub fn SSL_is_server(s: *mut SSL) -> c_int;
+    #[cfg(ossl110f)]
+    pub fn SSL_is_server(s: *const SSL) -> c_int;

    pub fn SSL_SESSION_free(s: *mut SSL_SESSION);
    pub fn SSL_SESSION_get_id(s: *const SSL_SESSION, len: *mut c_uint) -> *const c_uchar;
--- a/openssl/src/ssl/tests/mod.rs
+++ b/openssl/src/ssl/tests/mod.rs
@ -743,7 +743,7 @@ fn test_alpn_server_advertise_multiple() {
 /// Test that Servers supporting ALPN don't report a protocol when none of their protocols match
 /// the client's reported protocol.
 #[test]
-#[cfg(all(feature = "v102", ossl102))]
+#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
 fn test_alpn_server_select_none() {
    let listener = TcpListener::bind("127.0.0.1:0").unwrap();
    let localhost = listener.local_addr().unwrap();
@ -776,38 +776,6 @@ fn test_alpn_server_select_none() {
    assert_eq!(None, stream.ssl().selected_alpn_protocol());
 }

-// In 1.1.0, ALPN negotiation failure is a fatal error
-#[test]
-#[cfg(all(feature = "v110", ossl110))]
-fn test_alpn_server_select_none() {
-    let listener = TcpListener::bind("127.0.0.1:0").unwrap();
-    let localhost = listener.local_addr().unwrap();
-    // We create a different context instance for the server...
-    let listener_ctx = {
-        let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
-        ctx.set_verify(SSL_VERIFY_PEER);
-        ctx.set_alpn_protocols(&[b"http/1.1", b"spdy/3.1"]).unwrap();
-        assert!(ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM)
-                   .is_ok());
-        ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM)
-            .unwrap();
-        ctx.build()
-    };
-    // Have the listener wait on the connection in a different thread.
-    thread::spawn(move || {
-        let (stream, _) = listener.accept().unwrap();
-        assert!(Ssl::new(&listener_ctx).unwrap().accept(stream).is_err());
-    });
-
-    let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
-    ctx.set_verify(SSL_VERIFY_PEER);
-    ctx.set_alpn_protocols(&[b"http/2"]).unwrap();
-    ctx.set_ca_file(&Path::new("test/root-ca.pem")).unwrap();
-    // Now connect to the socket and make sure the protocol negotiation works...
-    let stream = TcpStream::connect(localhost).unwrap();
-    assert!(Ssl::new(&ctx.build()).unwrap().connect(stream).is_err());
-}
-
 #[test]
 #[cfg_attr(any(libressl, windows, target_arch = "arm"), ignore)] // FIXME(#467)
 fn test_read_dtlsv1() {
--- a/systest/build.rs
+++ b/systest/build.rs
@ -27,6 +27,9 @@ fn main() {
    } else if let Ok(version) = env::var("DEP_OPENSSL_VERSION") {
        cfg.cfg(&format!("ossl{}", version), None);
    }
+    if let (Ok(version), Ok(patch)) = (env::var("DEP_OPENSSL_VERSION"), env::var("DEP_OPENSSL_PATCH")) {
+        cfg.cfg(&format!("ossl{}{}", version, patch), None);
+    }
    if let Ok(vars) = env::var("DEP_OPENSSL_CONF") {
        for var in vars.split(",") {
            cfg.cfg("osslconf", Some(var));