Enable hostname verification on 1.0.2

openssl-sys/src/lib.rs

@@ -252,6 +252,17 @@ pub const X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: c_int = 45;
 pub const X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: c_int = 53;
 pub const X509_V_OK: c_int = 0;
 
+#[cfg(not(ossl101))]
+pub const X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT: c_uint = 0x1;
+#[cfg(not(ossl101))]
+pub const X509_CHECK_FLAG_NO_WILDCARDS: c_uint = 0x2;
+#[cfg(not(ossl101))]
+pub const X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS: c_uint = 0x4;
+#[cfg(not(ossl101))]
+pub const X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS: c_uint = 0x8;
+#[cfg(not(ossl101))]
+pub const X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS: c_uint = 0x10;
+
 pub const GEN_OTHERNAME: c_int = 0;
 pub const GEN_EMAIL: c_int = 1;
 pub const GEN_DNS: c_int = 2;
@@ -587,13 +598,13 @@ extern {
                           verify_callback: Option<extern fn(c_int, *mut X509_STORE_CTX) -> c_int>);
     pub fn SSL_set_ex_data(ssl: *mut SSL, idx: c_int, data: *mut c_void) -> c_int;
     pub fn SSL_get_ex_data(ssl: *const SSL, idx: c_int) -> *mut c_void;
-
     pub fn SSL_get_servername(ssl: *const SSL, name_type: c_int) -> *const c_char;
+    pub fn SSL_get_current_cipher(ssl: *const SSL) -> *const SSL_CIPHER;
+    #[cfg(not(ossl101))]
+    pub fn SSL_get0_param(ssl: *mut ::SSL) -> *mut X509_VERIFY_PARAM;
 
     pub fn SSL_COMP_get_name(comp: *const COMP_METHOD) -> *const c_char;
 
-    pub fn SSL_get_current_cipher(ssl: *const SSL) -> *const SSL_CIPHER;
-
     pub fn SSL_CIPHER_get_name(cipher: *const SSL_CIPHER) -> *const c_char;
     pub fn SSL_CIPHER_get_bits(cipher: *const SSL_CIPHER, alg_bits: *mut c_int) -> c_int;
     pub fn SSL_CIPHER_description(cipher: *const SSL_CIPHER, buf: *mut c_char, size: c_int) -> *mut c_char;
@@ -693,6 +704,13 @@ extern {
     pub fn X509_REQ_add_extensions(req: *mut X509_REQ, exts: *mut stack_st_X509_EXTENSION) -> c_int;
     pub fn X509_REQ_sign(x: *mut X509_REQ, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> c_int;
 
+    #[cfg(not(ossl101))]
+    pub fn X509_VERIFY_PARAM_set_hostflags(param: *mut X509_VERIFY_PARAM, flags: c_uint);
+    #[cfg(not(ossl101))]
+    pub fn X509_VERIFY_PARAM_set1_host(param: *mut X509_VERIFY_PARAM,
+                                       name: *const c_char,
+                                       namelen: size_t) -> c_int;
+
     pub fn d2i_X509(a: *mut *mut X509, pp: *mut *const c_uchar, length: c_long) -> *mut X509;
     pub fn i2d_X509_bio(b: *mut BIO, x: *mut X509) -> c_int;
     pub fn i2d_X509_REQ_bio(b: *mut BIO, x: *mut X509_REQ) -> c_int;

openssl-sys/src/ossl10x.rs

@@ -2,7 +2,12 @@ use std::sync::{Mutex, MutexGuard};
 use std::sync::{Once, ONCE_INIT};
 use std::mem;
 
-use libc::{c_int, c_char, c_void, c_long, c_uchar, size_t, c_uint, c_ulong};
+use libc::{c_int, c_char, c_void, c_long, c_uchar, size_t, c_uint, c_ulong, time_t};
+
+#[repr(C)]
+pub struct stack_st_ASN1_OBJECT {
+    pub stack: _STACK,
+}
 
 #[repr(C)]
 pub struct stack_st_X509 {
@@ -425,6 +430,23 @@ pub struct SRP_CTX {
     srp_Mask: c_ulong,
 }
 
+#[repr(C)]
+#[cfg(not(ossl101))]
+pub struct X509_VERIFY_PARAM {
+    pub name: *mut c_char,
+    pub check_time: time_t,
+    pub inh_flags: c_ulong,
+    pub flags: c_ulong,
+    pub purpose: c_int,
+    pub trust: c_int,
+    pub depth: c_int,
+    pub policies: *mut stack_st_ASN1_OBJECT,
+    pub id: *mut X509_VERIFY_PARAM_ID,
+}
+
+#[cfg(not(ossl101))]
+pub enum X509_VERIFY_PARAM_ID {}
+
 pub const SSL_CTRL_OPTIONS: c_int = 32;
 pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77;
 #[cfg(ossl102)]

openssl-sys/src/ossl110.rs

@@ -1,4 +1,4 @@
-use libc::{c_int, c_void, c_char, c_uchar, c_ulong, c_long, c_uint, size_t};
+use libc::{c_int, c_void, c_char, c_uchar, c_ulong, c_long, c_uint};
 
 pub enum BIGNUM {}
 pub enum BIO {}
@@ -44,11 +44,6 @@ pub const OPENSSL_DIR: c_int = 4;
 pub const CRYPTO_EX_INDEX_SSL: c_int = 0;
 pub const CRYPTO_EX_INDEX_SSL_CTX: c_int = 1;
 
-pub const X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT: c_uint = 0x1;
-pub const X509_CHECK_FLAG_NO_WILDCARDS: c_uint = 0x2;
-pub const X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS: c_uint = 0x4;
-pub const X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS: c_uint = 0x8;
-pub const X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS: c_uint = 0x10;
 pub const X509_CHECK_FLAG_NEVER_CHECK_SUBJECT: c_uint = 0x20;
 
 pub fn init() {}
@@ -106,13 +101,8 @@ extern {
     pub fn SSL_CTX_get_options(ctx: *const ::SSL_CTX) -> c_ulong;
     pub fn SSL_CTX_set_options(ctx: *mut ::SSL_CTX, op: c_ulong) -> c_ulong;
     pub fn SSL_CTX_clear_options(ctx: *mut ::SSL_CTX, op: c_ulong) -> c_ulong;
-    pub fn SSL_get0_param(ssl: *mut ::SSL) -> *mut X509_VERIFY_PARAM;
     pub fn X509_getm_notAfter(x: *const ::X509) -> *mut ::ASN1_TIME;
     pub fn X509_getm_notBefore(x: *const ::X509) -> *mut ::ASN1_TIME;
-    pub fn X509_VERIFY_PARAM_set_hostflags(param: *mut X509_VERIFY_PARAM, flags: c_uint);
-    pub fn X509_VERIFY_PARAM_set1_host(param: *mut X509_VERIFY_PARAM,
-                                       name: *const c_char,
-                                       namelen: size_t) -> c_int;
     pub fn DH_set0_pqg(dh: *mut ::DH,
                        p: *mut ::BIGNUM,
                        q: *mut ::BIGNUM,

openssl/src/ssl/mod.rs

@@ -22,7 +22,7 @@ use ffi;
 use init;
 use dh::DH;
 use x509::{X509StoreContext, X509FileType, X509, X509Ref};
-#[cfg(feature = "openssl-110")]
+#[cfg(feature = "openssl-102")]
 use x509::verify::X509VerifyParamRef;
 use crypto::pkey::PKey;
 use error::ErrorStack;
@@ -993,8 +993,8 @@ impl<'a> SslRef<'a> {
 
     /// Returns the X509 verification configuration.
     ///
-    /// Requires the `openssl-110` feature.
+    /// Requires the `openssl-102` feature.
-    #[cfg(feature = "openssl-110")]
+    #[cfg(feature = "openssl-102")]
     pub fn param(&mut self) -> X509VerifyParamRef<'a> {
         unsafe {
             X509VerifyParamRef::from_ptr(ffi::SSL_get0_param(self.as_ptr()))

openssl/src/ssl/tests/mod.rs

@@ -21,12 +21,12 @@ use ssl::SslMethod::Tls;
 use ssl::{SslMethod, HandshakeError};
 use ssl::error::Error;
 use ssl::{SslContext, SslStream};
-#[cfg(feature = "openssl-110")]
+#[cfg(feature = "openssl-102")]
 use ssl::IntoSsl;
 use x509::X509StoreContext;
 use x509::X509FileType;
 use x509::X509;
-#[cfg(feature = "openssl-110")]
+#[cfg(feature = "openssl-102")]
 use x509::verify::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS;
 use crypto::pkey::PKey;
 
@@ -1049,7 +1049,7 @@ fn add_extra_chain_cert() {
 
 #[test]
 #[cfg_attr(windows, ignore)] // don't have a trusted CA list easily available :(
-#[cfg(feature = "openssl-110")]
+#[cfg(feature = "openssl-102")]
 fn valid_hostname() {
     let mut ctx = SslContext::new(SslMethod::Tls).unwrap();
     ctx.set_default_verify_paths().unwrap();
@@ -1073,7 +1073,7 @@ fn valid_hostname() {
 
 #[test]
 #[cfg_attr(windows, ignore)] // don't have a trusted CA list easily available :(
-#[cfg(feature = "openssl-110")]
+#[cfg(feature = "openssl-102")]
 fn invalid_hostname() {
     let mut ctx = SslContext::new(SslMethod::Tls).unwrap();
     ctx.set_default_verify_paths().unwrap();

openssl/src/x509/mod.rs

@@ -38,7 +38,7 @@ use ffi::{
 
 pub mod extension;
 
-#[cfg(feature = "openssl-110")]
+#[cfg(feature = "openssl-102")]
 pub mod verify;
 
 use self::extension::{ExtensionType, Extension};

openssl/src/x509/verify.rs

@@ -12,6 +12,7 @@ bitflags! {
         const X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS = ffi::X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS,
         const X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS
             = ffi::X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS,
+        #[cfg(feature = "openssl-110")]
         const X509_CHECK_FLAG_NEVER_CHECK_SUBJECT = ffi::X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
     }
 }