From 628c3b338acc7621167b28c13195b1e95bbfa25c Mon Sep 17 00:00:00 2001 From: Andy Caldwell Date: Mon, 13 May 2019 15:07:46 +0100 Subject: [PATCH 1/3] Add SSL_CTX_add_client_CA on OpenSSL --- openssl-sys/src/ssl.rs | 3 +++ openssl/src/ssl/mod.rs | 17 +++++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/openssl-sys/src/ssl.rs b/openssl-sys/src/ssl.rs index 84db6e26..257d380b 100644 --- a/openssl-sys/src/ssl.rs +++ b/openssl-sys/src/ssl.rs @@ -1093,6 +1093,9 @@ extern "C" { pub fn SSL_CTX_set_client_CA_list(ctx: *mut SSL_CTX, list: *mut stack_st_X509_NAME); + #[cfg(not(libressl))] + pub fn SSL_CTX_add_client_CA(ctx: *mut SSL_CTX, cacert: *mut X509) -> c_int; + pub fn SSL_CTX_set_default_verify_paths(ctx: *mut SSL_CTX) -> c_int; pub fn SSL_CTX_load_verify_locations( ctx: *mut SSL_CTX, diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 8f173637..c130f15e 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -870,6 +870,23 @@ impl SslContextBuilder { } } + /// Add the provided CA certificate to the list sent by the server to the client when + /// requesting client-side TLS authentication. + /// + /// This corresponds to [`SSL_CTX_add_client_CA`]. + /// + /// [`SSL_CTX_add_client_CA`]: https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_client_CA_list.html + #[cfg(not(libressl))] + pub fn add_client_ca(&mut self, cacert: &mut X509) -> Result<(), ErrorStack> { + unsafe { + cvt(ffi::SSL_CTX_add_client_CA( + self.as_ptr(), + cacert.as_ptr() + )) + .map(|_| ()) + } + } + /// Set the context identifier for sessions. /// /// This value identifies the server's session cache to clients, telling them when they're From 41fea135ad886f3fda16003c243b778a4b1f8996 Mon Sep 17 00:00:00 2001 From: Andy Caldwell Date: Mon, 13 May 2019 18:49:09 +0100 Subject: [PATCH 2/3] Allow passing by non-owned reference --- openssl/src/ssl/mod.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index c130f15e..0fc9ad15 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -877,7 +877,7 @@ impl SslContextBuilder { /// /// [`SSL_CTX_add_client_CA`]: https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_client_CA_list.html #[cfg(not(libressl))] - pub fn add_client_ca(&mut self, cacert: &mut X509) -> Result<(), ErrorStack> { + pub fn add_client_ca(&mut self, cacert: &mut X509Ref) -> Result<(), ErrorStack> { unsafe { cvt(ffi::SSL_CTX_add_client_CA( self.as_ptr(), From 2e3775379011b770138db97659c4c88aa7fe88e0 Mon Sep 17 00:00:00 2001 From: Andy Caldwell Date: Mon, 13 May 2019 19:11:15 +0100 Subject: [PATCH 3/3] Const-correctness --- openssl/src/ssl/mod.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 0fc9ad15..29b6e360 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -877,7 +877,7 @@ impl SslContextBuilder { /// /// [`SSL_CTX_add_client_CA`]: https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_client_CA_list.html #[cfg(not(libressl))] - pub fn add_client_ca(&mut self, cacert: &mut X509Ref) -> Result<(), ErrorStack> { + pub fn add_client_ca(&mut self, cacert: &X509Ref) -> Result<(), ErrorStack> { unsafe { cvt(ffi::SSL_CTX_add_client_CA( self.as_ptr(),