Support for loading a trusted CA file

2013-10-13 22:46:47 -07:00 · 2013-10-13 22:46:47 -07:00 · cf8f820366
parent 0fac64705e
commit cf8f820366
3 changed files with 24 additions and 4 deletions
--- a/src/ssl/ffi.rs
+++ b/src/ssl/ffi.rs
@ -35,6 +35,8 @@ externfn!(fn SSL_CTX_new(method: *SSL_METHOD) -> *SSL_CTX)
 externfn!(fn SSL_CTX_free(ctx: *SSL_CTX))
 externfn!(fn SSL_CTX_set_verify(ctx: *SSL_CTX, mode: c_int,
                                verify_callback: Option<extern "C" fn(int, *X509_STORE_CTX) -> c_int>))
+externfn!(fn SSL_CTX_load_verify_locations(ctx: *SSL_CTX, CAfile: *c_char,
+                                           CApath: *c_char) -> c_int)

 externfn!(fn SSL_new(ctx: *SSL_CTX) -> *SSL)
 externfn!(fn SSL_free(ssl: *SSL))
--- a/src/ssl/lib.rs
+++ b/src/ssl/lib.rs
@ -63,6 +63,13 @@ impl SslCtx {
    pub fn set_verify(&mut self, mode: SslVerifyMode) {
        unsafe { ffi::SSL_CTX_set_verify(self.ctx, mode as c_int, None) }
    }
+
+    pub fn set_verify_locations(&mut self, CAfile: &str) {
+        do CAfile.with_c_str |CAfile| {
+            unsafe { ffi::SSL_CTX_load_verify_locations(self.ctx, CAfile,
+                                                        ptr::null()); }
+        }
+    }
 }

 pub enum SslVerifyMode {
--- a/src/ssl/test.rs
+++ b/src/ssl/test.rs
@ -1,9 +1,8 @@
 extern mod ssl;

-use std::rt::io::{Writer, Reader};
-use std::rt::io::extensions::{ReaderUtil};
+use std::rt::io::Writer;
+use std::rt::io::extensions::ReaderUtil;
 use std::rt::io::net::tcp::TcpStream;
-use std::vec;
 use std::str;

 use ssl::{Sslv23, SslCtx, SslStream, SslVerifyPeer};
@ -20,7 +19,7 @@ fn test_new_sslstream() {
 }

 #[test]
-fn test_verify() {
+fn test_verify_untrusted() {
    let stream = TcpStream::connect(FromStr::from_str("127.0.0.1:15418").unwrap()).unwrap();
    let mut ctx = SslCtx::new(Sslv23);
    ctx.set_verify(SslVerifyPeer);
@ -30,6 +29,18 @@ fn test_verify() {
    }
 }

+#[test]
+fn test_verify_trusted() {
+    let stream = TcpStream::connect(FromStr::from_str("127.0.0.1:15418").unwrap()).unwrap();
+    let mut ctx = SslCtx::new(Sslv23);
+    ctx.set_verify(SslVerifyPeer);
+    ctx.set_verify_locations("cert.pem");
+    match SslStream::new(ctx, stream) {
+        Ok(_) => (),
+        Err(err) => fail2!("Expected success, got {:?}", err)
+    }
+}
+
 #[test]
 fn test_write() {
    let stream = TcpStream::connect(FromStr::from_str("127.0.0.1:15418").unwrap()).unwrap();