min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Flag off dtls and mask ssl_ops 

Also un-feature gate npn as it ships with 1.0.1
This commit is contained in:
Steven Fackler 2016-10-13 19:06:53 -07:00
parent ce4d233d38
commit b610e01793
4 changed files with 10 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
openssl-sys/src/lib.rs
View File

@ -171,8 +171,12 @@ pub const SSL_OP_NO_SSLv3: c_ulong = 0x02000000;
pub const SSL_OP_NO_TLSv1: c_ulong = 0x04000000; pub const SSL_OP_NO_TLSv1: c_ulong = 0x04000000;
pub const SSL_OP_NO_TLSv1_2: c_ulong = 0x08000000; pub const SSL_OP_NO_TLSv1_2: c_ulong = 0x08000000;
pub const SSL_OP_NO_TLSv1_1: c_ulong = 0x10000000; pub const SSL_OP_NO_TLSv1_1: c_ulong = 0x10000000;
#[cfg(not(ossl101))]
pub const SSL_OP_NO_DTLSv1: c_ulong = 0x04000000; pub const SSL_OP_NO_DTLSv1: c_ulong = 0x04000000;
#[cfg(not(ossl101))]
pub const SSL_OP_NO_DTLSv1_2: c_ulong = 0x08000000; pub const SSL_OP_NO_DTLSv1_2: c_ulong = 0x08000000;
#[cfg(not(ossl101))]
pub const SSL_OP_NO_SSL_MASK: c_ulong = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | pub const SSL_OP_NO_SSL_MASK: c_ulong = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2; SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2;

4
openssl/Cargo.toml
View File

@ -16,9 +16,9 @@ exclude = ["test/*"]
rfc5114 = [] rfc5114 = []
aes_xts = [] aes_xts = []
aes_ctr = [] aes_ctr = []
npn = []
alpn = [] alpn = []
openssl-102 = []
ecdh_auto = [] ecdh_auto = []
[dependencies] [dependencies]

16
openssl/src/ssl/mod.rs
View File

@ -14,9 +14,7 @@ use std::path::Path;
use std::ptr; use std::ptr;
use std::str; use std::str;
use std::sync::{Mutex, Arc}; use std::sync::{Mutex, Arc};
#[cfg(any(feature = "npn", feature = "alpn"))]
use libc::{c_uchar, c_uint}; use libc::{c_uchar, c_uint};
#[cfg(any(feature = "npn", feature = "alpn"))]
use std::slice; use std::slice;
use std::marker::PhantomData; use std::marker::PhantomData;
use ffi; use ffi;
@ -67,8 +65,11 @@ bitflags! {
const SSL_OP_NO_TLSV1 = ffi::SSL_OP_NO_TLSv1, const SSL_OP_NO_TLSV1 = ffi::SSL_OP_NO_TLSv1,
const SSL_OP_NO_TLSV1_2 = ffi::SSL_OP_NO_TLSv1_2, const SSL_OP_NO_TLSV1_2 = ffi::SSL_OP_NO_TLSv1_2,
const SSL_OP_NO_TLSV1_1 = ffi::SSL_OP_NO_TLSv1_1, const SSL_OP_NO_TLSV1_1 = ffi::SSL_OP_NO_TLSv1_1,
#[cfg(feature = "openssl-102")]
const SSL_OP_NO_DTLSV1 = ffi::SSL_OP_NO_DTLSv1, const SSL_OP_NO_DTLSV1 = ffi::SSL_OP_NO_DTLSv1,
#[cfg(feature = "openssl-102")]
const SSL_OP_NO_DTLSV1_2 = ffi::SSL_OP_NO_DTLSv1_2, const SSL_OP_NO_DTLSV1_2 = ffi::SSL_OP_NO_DTLSv1_2,
#[cfg(feature = "openssl-102")]
const SSL_OP_NO_SSL_MASK = ffi::SSL_OP_NO_SSL_MASK, const SSL_OP_NO_SSL_MASK = ffi::SSL_OP_NO_SSL_MASK,
} }
} }
@ -113,7 +114,6 @@ fn get_ssl_verify_data_idx<T: Any + 'static>() -> c_int {
*SSL_INDEXES.lock().unwrap().entry(TypeId::of::<T>()).or_insert_with(|| get_new_ssl_idx::<T>()) *SSL_INDEXES.lock().unwrap().entry(TypeId::of::<T>()).or_insert_with(|| get_new_ssl_idx::<T>())
} }
#[cfg(all(feature = "npn", not(ossl101)))]
lazy_static! { lazy_static! {
static ref NPN_PROTOS_IDX: c_int = get_new_idx::<Vec<u8>>(); static ref NPN_PROTOS_IDX: c_int = get_new_idx::<Vec<u8>>();
} }
@ -218,7 +218,6 @@ extern fn raw_sni<F>(ssl: *mut ffi::SSL, al: *mut c_int, _arg: *mut c_void) -> c
} }
} }
#[cfg(all(any(feature = "npn", feature = "alpn"), not(ossl101)))]
unsafe fn select_proto_using(ssl: *mut ffi::SSL, unsafe fn select_proto_using(ssl: *mut ffi::SSL,
out: *mut *mut c_uchar, out: *mut *mut c_uchar,
outlen: *mut c_uchar, outlen: *mut c_uchar,
@ -251,7 +250,6 @@ unsafe fn select_proto_using(ssl: *mut ffi::SSL,
/// supported by the server. It achieves this by delegating to the `SSL_select_next_proto` /// supported by the server. It achieves this by delegating to the `SSL_select_next_proto`
/// function. The list of protocols supported by the client is found in the extra data of the /// function. The list of protocols supported by the client is found in the extra data of the
/// OpenSSL context. /// OpenSSL context.
#[cfg(all(feature = "npn", not(ossl101)))]
extern fn raw_next_proto_select_cb(ssl: *mut ffi::SSL, extern fn raw_next_proto_select_cb(ssl: *mut ffi::SSL,
out: *mut *mut c_uchar, out: *mut *mut c_uchar,
outlen: *mut c_uchar, outlen: *mut c_uchar,
@ -280,7 +278,6 @@ extern fn raw_alpn_select_cb(ssl: *mut ffi::SSL,
/// that it supports. /// that it supports.
/// The list of supported protocols is found in the extra data of the OpenSSL /// The list of supported protocols is found in the extra data of the OpenSSL
/// context. /// context.
#[cfg(all(feature = "npn", not(ossl101)))]
extern fn raw_next_protos_advertise_cb(ssl: *mut ffi::SSL, extern fn raw_next_protos_advertise_cb(ssl: *mut ffi::SSL,
out: *mut *const c_uchar, out: *mut *const c_uchar,
outlen: *mut c_uint, outlen: *mut c_uint,
@ -307,7 +304,6 @@ extern fn raw_next_protos_advertise_cb(ssl: *mut ffi::SSL,
/// Convert a set of byte slices into a series of byte strings encoded for SSL. Encoding is a byte /// Convert a set of byte slices into a series of byte strings encoded for SSL. Encoding is a byte
/// containing the length followed by the string. /// containing the length followed by the string.
#[cfg(all(any(feature = "alpn", feature = "npn"), not(ossl101)))]
fn ssl_encode_byte_strings(strings: &[&[u8]]) -> Vec<u8> { fn ssl_encode_byte_strings(strings: &[&[u8]]) -> Vec<u8> {
let mut enc = Vec::new(); let mut enc = Vec::new();
for string in strings { for string in strings {
@ -555,9 +551,6 @@ impl<'a> SslContextRef<'a> {
/// Set the protocols to be used during Next Protocol Negotiation (the protocols /// Set the protocols to be used during Next Protocol Negotiation (the protocols
/// supported by the application). /// supported by the application).
///
/// This method needs the `npn` feature.
#[cfg(all(feature = "npn", not(ossl101)))]
pub fn set_npn_protocols(&mut self, protocols: &[&[u8]]) { pub fn set_npn_protocols(&mut self, protocols: &[&[u8]]) {
// Firstly, convert the list of protocols to a byte-array that can be passed to OpenSSL // Firstly, convert the list of protocols to a byte-array that can be passed to OpenSSL
// APIs -- a list of length-prefixed strings. // APIs -- a list of length-prefixed strings.
@ -907,9 +900,6 @@ impl<'a> SslRef<'a> {
/// ///
/// The protocol's name is returned is an opaque sequence of bytes. It is up to the client /// The protocol's name is returned is an opaque sequence of bytes. It is up to the client
/// to interpret it. /// to interpret it.
///
/// This method needs the `npn` feature.
#[cfg(feature = "npn")]
pub fn selected_npn_protocol(&self) -> Option<&[u8]> { pub fn selected_npn_protocol(&self) -> Option<&[u8]> {
unsafe { unsafe {
let mut data: *const c_uchar = ptr::null(); let mut data: *const c_uchar = ptr::null();

2
openssl/test/run.sh
View File

@ -2,7 +2,7 @@
set -e set -e
if [ "$BUILD_OPENSSL_VERSION" != "" ]; then if [ "$BUILD_OPENSSL_VERSION" != "" ]; then
FEATURES="aes_xts aes_ctr npn alpn rfc5114 ecdh_auto" FEATURES="aes_xts aes_ctr alpn rfc5114 ecdh_auto openssl-102"
fi fi
if [ -d "$HOME/openssl/lib" ]; then if [ -d "$HOME/openssl/lib" ]; then