Add SslContext::set_default_verify_paths

openssl-sys/src/lib.rs

@@ -673,6 +673,7 @@ extern "C" {
     pub fn SSL_CTX_set_verify_depth(ctx: *mut SSL_CTX, depth: c_int);
     pub fn SSL_CTX_load_verify_locations(ctx: *mut SSL_CTX, CAfile: *const c_char,
                                          CApath: *const c_char) -> c_int;
+    pub fn SSL_CTX_set_default_verify_paths(ctx: *mut SSL_CTX) -> c_int;
     pub fn SSL_CTX_get_ex_new_index(argl: c_long, argp: *const c_void,
                                     new_func: Option<CRYPTO_EX_new>,
                                     dup_func: Option<CRYPTO_EX_dup>,

openssl/src/ssl/mod.rs

@@ -612,6 +612,10 @@ impl SslContext {
         wrap_ssl_result(unsafe { ffi_extras::SSL_CTX_set_tmp_dh(self.ctx, dh.raw()) as i32 })
     }
 
+    pub fn set_default_verify_paths(&mut self) -> Result<(), SslError> {
+        wrap_ssl_result(unsafe { ffi::SSL_CTX_set_default_verify_paths(self.ctx) })
+    }
+
     #[allow(non_snake_case)]
     /// Specifies the file that contains trusted CA certificates.
     pub fn set_CA_file<P: AsRef<Path>>(&mut self, file: P) -> Result<(), SslError> {

openssl/src/ssl/tests/mod.rs

@@ -1059,3 +1059,20 @@ fn refcount_ssl_context() {
         let _new_ctx_b = ssl.set_ssl_context(&new_ctx_a);
     }
 }
+
+#[test]
+fn default_verify_paths() {
+    let mut ctx = SslContext::new(SslMethod::Sslv23).unwrap();
+    ctx.set_default_verify_paths().unwrap();
+    ctx.set_verify(SSL_VERIFY_PEER, None);
+    let s = TcpStream::connect("google.com:443").unwrap();
+    let mut socket = SslStream::connect(&ctx, s).unwrap();
+
+    socket.write_all(b"GET / HTTP/1.0\r\n\r\n").unwrap();
+    let mut result = vec![];
+    socket.read_to_end(&mut result).unwrap();
+
+    println!("{}", String::from_utf8_lossy(&result));
+    assert!(result.starts_with(b"HTTP/1.0"));
+    assert!(result.ends_with(b"</HTML>\r\n") || result.ends_with(b"</html>"));
+}