min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Moves store context init into its own function

This commit is contained in:
Bastian Köcher 2018-03-10 00:15:03 +01:00
parent 1a0b085377
commit a5d7f8a718
2 changed files with 24 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
openssl/src/x509/mod.rs
View File

@ -107,30 +107,38 @@ impl X509StoreContextRef {
unsafe { X509VerifyResult::from_raw(ffi::X509_STORE_CTX_get_error(self.as_ptr())) } unsafe { X509VerifyResult::from_raw(ffi::X509_STORE_CTX_get_error(self.as_ptr())) }
} }
/// Verifies a certificate with the given certificate store. /// Initializes this context with the given certificate, certificates chain and certificate
/// store.
/// For successive calls to this function, it is required to call `cleanup` in beforehand. /// For successive calls to this function, it is required to call `cleanup` in beforehand.
/// ///
/// * `trust` - The certificate store with the trusted certificates. /// * `trust` - The certificate store with the trusted certificates.
/// * `cert` - The certificate that should be verified. /// * `cert` - The certificate that should be verified.
/// * `cert_chain` - The certificates chain. /// * `cert_chain` - The certificates chain.
/// ///
/// This corresponds to [`X509_STORE_CTX_init`] followed by [`X509_verify_cert`]. /// This corresponds to [`X509_STORE_CTX_init`].
/// ///
/// [`X509_STORE_CTX_init`]: https://www.openssl.org/docs/man1.0.2/crypto/X509_STORE_CTX_init.html /// [`X509_STORE_CTX_init`]: https://www.openssl.org/docs/man1.0.2/crypto/X509_STORE_CTX_init.html
pub fn init(&mut self, trust: &store::X509StoreRef, cert: &X509Ref,
cert_chain: &StackRef<X509>) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::X509_STORE_CTX_init(self.as_ptr(), trust.as_ptr(),
cert.as_ptr(), cert_chain.as_ptr())).map(|_| ())
}
}
/// Verifies the stored certificate.
/// It is required to call `init` in beforehand, to initialize the required values.
///
/// This corresponds to [`X509_verify_cert`].
///
/// [`X509_verify_cert`]: https://www.openssl.org/docs/man1.0.2/crypto/X509_verify_cert.html /// [`X509_verify_cert`]: https://www.openssl.org/docs/man1.0.2/crypto/X509_verify_cert.html
/// ///
/// # Result /// # Result
/// ///
/// The Result must be `Ok(())` to be a valid certificate, otherwise the cert is not valid. /// The Result must be `Ok(())` to be a valid certificate, otherwise the cert is not valid.
pub fn verify_cert(&mut self, trust: &store::X509StoreRef, cert: &X509Ref, pub fn verify_cert(&mut self) -> Result<(), ErrorStack> {
cert_chain: &StackRef<X509>) -> Result<(), ErrorStack> {
unsafe { unsafe {
cvt(ffi::X509_STORE_CTX_init(self.as_ptr(), trust.as_ptr(), cvt(ffi::X509_verify_cert(self.as_ptr())).map(|_| ())
cert.as_ptr(), cert_chain.as_ptr()))?;
cvt(ffi::X509_verify_cert(self.as_ptr()))?;
Ok(())
} }
} }

9
openssl/src/x509/tests.rs
View File

@ -306,9 +306,11 @@ fn test_verify_cert() {
let store = store_bldr.build(); let store = store_bldr.build();
let mut context = X509StoreContext::new().unwrap(); let mut context = X509StoreContext::new().unwrap();
assert!(context.verify_cert(&store, &cert, &chain).is_ok()); assert!(context.init(&store, &cert, &chain).is_ok());
assert!(context.verify_cert().is_ok());
context.cleanup(); context.cleanup();
assert!(context.verify_cert(&store, &cert, &chain).is_ok()); assert!(context.init(&store, &cert, &chain).is_ok());
assert!(context.verify_cert().is_ok());
} }
#[test] #[test]
@ -324,5 +326,6 @@ fn test_verify_fails() {
let store = store_bldr.build(); let store = store_bldr.build();
let mut context = X509StoreContext::new().unwrap(); let mut context = X509StoreContext::new().unwrap();
assert!(context.verify_cert(&store, &cert, &chain).is_err()); assert!(context.init(&store, &cert, &chain).is_ok());
assert!(context.verify_cert().is_err());
} }