min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #484 from sfackler/ssl-overhaul 

Redo SslStream construction
This commit is contained in:
Steven Fackler 2016-10-20 20:30:08 -07:00 committed by GitHub
parent 494bc9b754 8f3511c0cd
commit efa7f55940
2 changed files with 98 additions and 150 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

122
openssl/src/ssl/mod.rs
View File

@ -780,18 +780,6 @@ impl<'a> SslRef<'a> {
unsafe { ffi::SSL_get_rbio(self.as_ptr()) }
}
fn connect(&mut self) -> c_int {
unsafe { ffi::SSL_connect(self.as_ptr()) }
}
fn accept(&mut self) -> c_int {
unsafe { ffi::SSL_accept(self.as_ptr()) }
}
fn handshake(&mut self) -> c_int {
unsafe { ffi::SSL_do_handshake(self.as_ptr()) }
}
fn read(&mut self, buf: &mut [u8]) -> c_int {
let len = cmp::min(c_int::max_value() as usize, buf.len()) as c_int;
unsafe { ffi::SSL_read(self.as_ptr(), buf.as_ptr() as *mut c_void, len) }
@ -1057,6 +1045,50 @@ impl Ssl {
pub unsafe fn from_ptr(ssl: *mut ffi::SSL) -> Ssl {
Ssl(SslRef::from_ptr(ssl))
}
/// Creates an SSL/TLS client operating over the provided stream.
pub fn connect<S>(self, stream: S) -> Result<SslStream<S>, HandshakeError<S>>
where S: Read + Write
{
let mut stream = SslStream::new_base(self, stream);
let ret = unsafe { ffi::SSL_connect(stream.ssl.as_ptr()) };
if ret > 0 {
Ok(stream)
} else {
match stream.make_error(ret) {
e @ Error::WantWrite(_) |
e @ Error::WantRead(_) => {
Err(HandshakeError::Interrupted(MidHandshakeSslStream {
stream: stream,
error: e,
}))
}
err => Err(HandshakeError::Failure(err)),
}
}
}
/// Creates an SSL/TLS server operating over the provided stream.
pub fn accept<S>(self, stream: S) -> Result<SslStream<S>, HandshakeError<S>>
where S: Read + Write
{
let mut stream = SslStream::new_base(self, stream);
let ret = unsafe { ffi::SSL_accept(stream.ssl.as_ptr()) };
if ret > 0 {
Ok(stream)
} else {
match stream.make_error(ret) {
e @ Error::WantWrite(_) |
e @ Error::WantRead(_) => {
Err(HandshakeError::Interrupted(MidHandshakeSslStream {
stream: stream,
error: e,
}))
}
err => Err(HandshakeError::Failure(err)),
}
}
}
}
/// A stream wrapper which handles SSL encryption for an underlying stream.
@ -1093,54 +1125,6 @@ impl<S: Read + Write> SslStream<S> {
}
}
/// Creates an SSL/TLS client operating over the provided stream.
pub fn connect<T: IntoSsl>(ssl: T, stream: S)
-> Result<Self, HandshakeError<S>>{
let ssl = try!(ssl.into_ssl().map_err(|e| {
HandshakeError::Failure(Error::Ssl(e))
}));
let mut stream = Self::new_base(ssl, stream);
let ret = stream.ssl.connect();
if ret > 0 {
Ok(stream)
} else {
match stream.make_error(ret) {
e @ Error::WantWrite(_) |
e @ Error::WantRead(_) => {
Err(HandshakeError::Interrupted(MidHandshakeSslStream {
stream: stream,
error: e,
}))
}
err => Err(HandshakeError::Failure(err)),
}
}
}
/// Creates an SSL/TLS server operating over the provided stream.
pub fn accept<T: IntoSsl>(ssl: T, stream: S)
-> Result<Self, HandshakeError<S>> {
let ssl = try!(ssl.into_ssl().map_err(|e| {
HandshakeError::Failure(Error::Ssl(e))
}));
let mut stream = Self::new_base(ssl, stream);
let ret = stream.ssl.accept();
if ret > 0 {
Ok(stream)
} else {
match stream.make_error(ret) {
e @ Error::WantWrite(_) |
e @ Error::WantRead(_) => {
Err(HandshakeError::Interrupted(MidHandshakeSslStream {
stream: stream,
error: e,
}))
}
err => Err(HandshakeError::Failure(err)),
}
}
}
/// Like `read`, but returns an `ssl::Error` rather than an `io::Error`.
///
/// This is particularly useful with a nonblocking socket, where the error
@ -1233,7 +1217,7 @@ impl<S> MidHandshakeSslStream<S> {
/// Restarts the handshake process.
pub fn handshake(mut self) -> Result<SslStream<S>, HandshakeError<S>> {
let ret = self.stream.ssl.handshake();
let ret = unsafe { ffi::SSL_do_handshake(self.stream.ssl.as_ptr()) };
if ret > 0 {
Ok(self.stream)
} else {
@ -1352,22 +1336,6 @@ impl<S: Read + Write> Write for SslStream<S> {
}
}
pub trait IntoSsl {
fn into_ssl(self) -> Result<Ssl, ErrorStack>;
}
impl IntoSsl for Ssl {
fn into_ssl(self) -> Result<Ssl, ErrorStack> {
Ok(self)
}
}
impl<'a> IntoSsl for &'a SslContext {
fn into_ssl(self) -> Result<Ssl, ErrorStack> {
Ssl::new(self)
}
}
#[cfg(ossl110)]
mod compat {
use std::ptr;

126
openssl/src/ssl/tests/mod.rs
View File

@ -19,9 +19,7 @@ use ssl;
use ssl::SSL_VERIFY_PEER;
use ssl::{SslMethod, HandshakeError};
use ssl::error::Error;
use ssl::{SslContext, SslStream};
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
use ssl::IntoSsl;
use ssl::{SslContext, SslStream, Ssl};
use x509::X509StoreContext;
use x509::X509FileType;
use x509::X509;
@ -194,15 +192,11 @@ run_test!(new_ctx, |method, _| {
SslContext::new(method).unwrap();
});
run_test!(new_sslstream, |method, stream| {
SslStream::connect(&SslContext::new(method).unwrap(), stream).unwrap();
});
run_test!(verify_untrusted, |method, stream| {
let mut ctx = SslContext::new(method).unwrap();
ctx.set_verify(SSL_VERIFY_PEER);
match SslStream::connect(&ctx, stream) {
match Ssl::new(&ctx).unwrap().connect(stream) {
Ok(_) => panic!("expected failure"),
Err(err) => println!("error {:?}", err),
}
@ -216,7 +210,7 @@ run_test!(verify_trusted, |method, stream| {
Ok(_) => {}
Err(err) => panic!("Unexpected error {:?}", err),
}
match SslStream::connect(&ctx, stream) {
match Ssl::new(&ctx).unwrap().connect(stream) {
Ok(_) => (),
Err(err) => panic!("Expected success, got {:?}", err),
}
@ -226,7 +220,7 @@ run_test!(verify_untrusted_callback_override_ok, |method, stream| {
let mut ctx = SslContext::new(method).unwrap();
ctx.set_verify_callback(SSL_VERIFY_PEER, |_, _| true);
match SslStream::connect(&ctx, stream) {
match Ssl::new(&ctx).unwrap().connect(stream) {
Ok(_) => (),
Err(err) => panic!("Expected success, got {:?}", err),
}
@ -236,7 +230,7 @@ run_test!(verify_untrusted_callback_override_bad, |method, stream| {
let mut ctx = SslContext::new(method).unwrap();
ctx.set_verify_callback(SSL_VERIFY_PEER, |_, _| false);
assert!(SslStream::connect(&ctx, stream).is_err());
assert!(Ssl::new(&ctx).unwrap().connect(stream).is_err());
});
run_test!(verify_trusted_callback_override_ok, |method, stream| {
@ -247,7 +241,7 @@ run_test!(verify_trusted_callback_override_ok, |method, stream| {
Ok(_) => {}
Err(err) => panic!("Unexpected error {:?}", err),
}
match SslStream::connect(&ctx, stream) {
match Ssl::new(&ctx).unwrap().connect(stream) {
Ok(_) => (),
Err(err) => panic!("Expected success, got {:?}", err),
}
@ -261,7 +255,7 @@ run_test!(verify_trusted_callback_override_bad, |method, stream| {
Ok(_) => {}
Err(err) => panic!("Unexpected error {:?}", err),
}
assert!(SslStream::connect(&ctx, stream).is_err());
assert!(Ssl::new(&ctx).unwrap().connect(stream).is_err());
});
run_test!(verify_callback_load_certs, |method, stream| {
@ -271,7 +265,7 @@ run_test!(verify_callback_load_certs, |method, stream| {
true
});
assert!(SslStream::connect(&ctx, stream).is_ok());
assert!(Ssl::new(&ctx).unwrap().connect(stream).is_ok());
});
run_test!(verify_trusted_get_error_ok, |method, stream| {
@ -285,7 +279,7 @@ run_test!(verify_trusted_get_error_ok, |method, stream| {
Ok(_) => {}
Err(err) => panic!("Unexpected error {:?}", err),
}
assert!(SslStream::connect(&ctx, stream).is_ok());
assert!(Ssl::new(&ctx).unwrap().connect(stream).is_ok());
});
run_test!(verify_trusted_get_error_err, |method, stream| {
@ -295,7 +289,7 @@ run_test!(verify_trusted_get_error_err, |method, stream| {
false
});
assert!(SslStream::connect(&ctx, stream).is_err());
assert!(Ssl::new(&ctx).unwrap().connect(stream).is_err());
});
run_test!(verify_callback_data, |method, stream| {
@ -319,7 +313,7 @@ run_test!(verify_callback_data, |method, stream| {
});
ctx.set_verify_depth(1);
match SslStream::connect(&ctx, stream) {
match Ssl::new(&ctx).unwrap().connect(stream) {
Ok(_) => (),
Err(err) => panic!("Expected success, got {:?}", err),
}
@ -327,12 +321,11 @@ run_test!(verify_callback_data, |method, stream| {
run_test!(ssl_verify_callback, |method, stream| {
use std::sync::atomic::{AtomicUsize, ATOMIC_USIZE_INIT, Ordering};
use ssl::IntoSsl;
static CHECKED: AtomicUsize = ATOMIC_USIZE_INIT;
let ctx = SslContext::new(method).unwrap();
let mut ssl = ctx.into_ssl().unwrap();
let mut ssl = Ssl::new(&ctx).unwrap();
let node_hash_str = "59172d9313e84459bcff27f967e79e6e9217e584";
let node_id = node_hash_str.from_hex().unwrap();
@ -347,7 +340,7 @@ run_test!(ssl_verify_callback, |method, stream| {
}
});
match SslStream::connect(ssl, stream) {
match ssl.connect(stream) {
Ok(_) => (),
Err(err) => panic!("Expected success, got {:?}", err),
}
@ -364,7 +357,7 @@ fn test_write_hits_stream() {
let guard = thread::spawn(move || {
let ctx = SslContext::new(SslMethod::tls()).unwrap();
let stream = TcpStream::connect(addr).unwrap();
let mut stream = SslStream::connect(&ctx, stream).unwrap();
let mut stream = Ssl::new(&ctx).unwrap().connect(stream).unwrap();
stream.write_all(b"hello").unwrap();
stream
@ -375,7 +368,7 @@ fn test_write_hits_stream() {
ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM).unwrap();
ctx.set_private_key_file(&Path::new("test/key.pem"), X509FileType::PEM).unwrap();
let stream = listener.accept().unwrap().0;
let mut stream = SslStream::accept(&ctx, stream).unwrap();
let mut stream = Ssl::new(&ctx).unwrap().accept(stream).unwrap();
let mut buf = [0; 5];
assert_eq!(5, stream.read(&mut buf).unwrap());
@ -418,17 +411,8 @@ run_test!(clear_ctx_options, |method, _| {
#[test]
fn test_write() {
let (_s, stream) = Server::new();
let mut stream = SslStream::connect(&SslContext::new(SslMethod::tls()).unwrap(), stream).unwrap();
stream.write_all("hello".as_bytes()).unwrap();
stream.flush().unwrap();
stream.write_all(" there".as_bytes()).unwrap();
stream.flush().unwrap();
}
#[test]
fn test_write_direct() {
let (_s, stream) = Server::new();
let mut stream = SslStream::connect(&SslContext::new(SslMethod::tls()).unwrap(), stream).unwrap();
let ctx = SslContext::new(SslMethod::tls()).unwrap();
let mut stream = Ssl::new(&ctx).unwrap().connect(stream).unwrap();
stream.write_all("hello".as_bytes()).unwrap();
stream.flush().unwrap();
stream.write_all(" there".as_bytes()).unwrap();
@ -436,7 +420,8 @@ fn test_write_direct() {
}
run_test!(get_peer_certificate, |method, stream| {
let stream = SslStream::connect(&SslContext::new(method).unwrap(), stream).unwrap();
let ctx = SslContext::new(method).unwrap();
let stream = Ssl::new(&ctx).unwrap().connect(stream).unwrap();
let cert = stream.ssl().peer_certificate().unwrap();
let fingerprint = cert.fingerprint(MessageDigest::sha1()).unwrap();
let node_hash_str = "59172d9313e84459bcff27f967e79e6e9217e584";
@ -448,8 +433,8 @@ run_test!(get_peer_certificate, |method, stream| {
#[cfg_attr(any(windows, target_arch = "arm"), ignore)] // FIXME(#467)
fn test_write_dtlsv1() {
let (_s, stream) = Server::new_dtlsv1(iter::repeat("y\n"));
let mut stream = SslStream::connect(&SslContext::new(SslMethod::dtls()).unwrap(), stream).unwrap();
let ctx = SslContext::new(SslMethod::dtls()).unwrap();
let mut stream = Ssl::new(&ctx).unwrap().connect(stream).unwrap();
stream.write_all(b"hello").unwrap();
stream.flush().unwrap();
stream.write_all(b" there").unwrap();
@ -459,16 +444,8 @@ fn test_write_dtlsv1() {
#[test]
fn test_read() {
let (_s, tcp) = Server::new();
let mut stream = SslStream::connect(&SslContext::new(SslMethod::tls()).unwrap(), tcp).unwrap();
stream.write_all("GET /\r\n\r\n".as_bytes()).unwrap();
stream.flush().unwrap();
io::copy(&mut stream, &mut io::sink()).ok().expect("read error");
}
#[test]
fn test_read_direct() {
let (_s, tcp) = Server::new();
let mut stream = SslStream::connect(&SslContext::new(SslMethod::tls()).unwrap(), tcp).unwrap();
let ctx = SslContext::new(SslMethod::tls()).unwrap();
let mut stream = Ssl::new(&ctx).unwrap().connect(tcp).unwrap();
stream.write_all("GET /\r\n\r\n".as_bytes()).unwrap();
stream.flush().unwrap();
io::copy(&mut stream, &mut io::sink()).ok().expect("read error");
@ -477,7 +454,8 @@ fn test_read_direct() {
#[test]
fn test_pending() {
let (_s, tcp) = Server::new();
let mut stream = SslStream::connect(&SslContext::new(SslMethod::tls()).unwrap(), tcp).unwrap();
let ctx = SslContext::new(SslMethod::tls()).unwrap();
let mut stream = Ssl::new(&ctx).unwrap().connect(tcp).unwrap();
stream.write_all("GET /\r\n\r\n".as_bytes()).unwrap();
stream.flush().unwrap();
@ -500,7 +478,8 @@ fn test_pending() {
#[test]
fn test_state() {
let (_s, tcp) = Server::new();
let stream = SslStream::connect(&SslContext::new(SslMethod::tls()).unwrap(), tcp).unwrap();
let ctx = SslContext::new(SslMethod::tls()).unwrap();
let mut stream = Ssl::new(&ctx).unwrap().connect(tcp).unwrap();
assert_eq!(stream.ssl().state_string(), "SSLOK ");
assert_eq!(stream.ssl().state_string_long(),
"SSL negotiation finished successfully");
@ -519,7 +498,7 @@ fn test_connect_with_unilateral_alpn() {
Ok(_) => {}
Err(err) => panic!("Unexpected error {:?}", err),
}
let stream = match SslStream::connect(&ctx, stream) {
let stream = match Ssl::new(&ctx).unwrap().connect(stream) {
Ok(stream) => stream,
Err(err) => panic!("Expected success, got {:?}", err),
};
@ -540,7 +519,7 @@ fn test_connect_with_unilateral_npn() {
Ok(_) => {}
Err(err) => panic!("Unexpected error {:?}", err),
}
let stream = match SslStream::connect(&ctx, stream) {
let stream = match Ssl::new(&ctx).unwrap().connect(stream) {
Ok(stream) => stream,
Err(err) => panic!("Expected success, got {:?}", err),
};
@ -562,7 +541,7 @@ fn test_connect_with_alpn_successful_multiple_matching() {
Ok(_) => {}
Err(err) => panic!("Unexpected error {:?}", err),
}
let stream = match SslStream::connect(&ctx, stream) {
let stream = match Ssl::new(&ctx).unwrap().connect(stream) {
Ok(stream) => stream,
Err(err) => panic!("Expected success, got {:?}", err),
};
@ -584,7 +563,7 @@ fn test_connect_with_npn_successful_multiple_matching() {
Ok(_) => {}
Err(err) => panic!("Unexpected error {:?}", err),
}
let stream = match SslStream::connect(&ctx, stream) {
let stream = match Ssl::new(&ctx).unwrap().connect(stream) {
Ok(stream) => stream,
Err(err) => panic!("Expected success, got {:?}", err),
};
@ -607,7 +586,7 @@ fn test_connect_with_alpn_successful_single_match() {
Ok(_) => {}
Err(err) => panic!("Unexpected error {:?}", err),
}
let stream = match SslStream::connect(&ctx, stream) {
let stream = match Ssl::new(&ctx).unwrap().connect(stream) {
Ok(stream) => stream,
Err(err) => panic!("Expected success, got {:?}", err),
};
@ -631,7 +610,7 @@ fn test_connect_with_npn_successful_single_match() {
Ok(_) => {}
Err(err) => panic!("Unexpected error {:?}", err),
}
let stream = match SslStream::connect(&ctx, stream) {
let stream = match Ssl::new(&ctx).unwrap().connect(stream) {
Ok(stream) => stream,
Err(err) => panic!("Expected success, got {:?}", err),
};
@ -660,7 +639,7 @@ fn test_npn_server_advertise_multiple() {
// Have the listener wait on the connection in a different thread.
thread::spawn(move || {
let (stream, _) = listener.accept().unwrap();
let _ = SslStream::accept(&listener_ctx, stream).unwrap();
Ssl::new(&listener_ctx).unwrap().accept(stream).unwrap();
});
let mut ctx = SslContext::new(SslMethod::tls()).unwrap();
@ -672,7 +651,7 @@ fn test_npn_server_advertise_multiple() {
}
// Now connect to the socket and make sure the protocol negotiation works...
let stream = TcpStream::connect(localhost).unwrap();
let stream = match SslStream::connect(&ctx, stream) {
let stream = match Ssl::new(&ctx).unwrap().connect(stream) {
Ok(stream) => stream,
Err(err) => panic!("Expected success, got {:?}", err),
};
@ -701,7 +680,7 @@ fn test_alpn_server_advertise_multiple() {
// Have the listener wait on the connection in a different thread.
thread::spawn(move || {
let (stream, _) = listener.accept().unwrap();
let _ = SslStream::accept(&listener_ctx, stream).unwrap();
Ssl::new(&listener_ctx).unwrap().accept(stream).unwrap();
});
let mut ctx = SslContext::new(SslMethod::tls()).unwrap();
@ -713,7 +692,7 @@ fn test_alpn_server_advertise_multiple() {
}
// Now connect to the socket and make sure the protocol negotiation works...
let stream = TcpStream::connect(localhost).unwrap();
let stream = match SslStream::connect(&ctx, stream) {
let stream = match Ssl::new(&ctx).unwrap().connect(stream) {
Ok(stream) => stream,
Err(err) => panic!("Expected success, got {:?}", err),
};
@ -742,7 +721,7 @@ fn test_alpn_server_select_none() {
// Have the listener wait on the connection in a different thread.
thread::spawn(move || {
let (stream, _) = listener.accept().unwrap();
let _ = SslStream::accept(&listener_ctx, stream).unwrap();
Ssl::new(&listener_ctx).unwrap().accept(stream).unwrap();
});
let mut ctx = SslContext::new(SslMethod::tls()).unwrap();
@ -751,7 +730,7 @@ fn test_alpn_server_select_none() {
ctx.set_CA_file(&Path::new("test/root-ca.pem")).unwrap();
// Now connect to the socket and make sure the protocol negotiation works...
let stream = TcpStream::connect(localhost).unwrap();
let stream = SslStream::connect(&ctx, stream).unwrap();
let stream = Ssl::new(&ctx).unwrap().connect(stream).unwrap();
// Since the protocols from the server and client don't overlap at all, no protocol is selected
assert_eq!(None, stream.ssl().selected_alpn_protocol());
@ -777,7 +756,7 @@ fn test_alpn_server_select_none() {
// Have the listener wait on the connection in a different thread.
thread::spawn(move || {
let (stream, _) = listener.accept().unwrap();
assert!(SslStream::accept(&listener_ctx, stream).is_err());
assert!(Ssl::new(&listener_ctx).unwrap().accept(stream).is_err());
});
let mut ctx = SslContext::new(SslMethod::tls()).unwrap();
@ -786,7 +765,7 @@ fn test_alpn_server_select_none() {
ctx.set_CA_file(&Path::new("test/root-ca.pem")).unwrap();
// Now connect to the socket and make sure the protocol negotiation works...
let stream = TcpStream::connect(localhost).unwrap();
assert!(SslStream::connect(&ctx, stream).is_err());
assert!(Ssl::new(&ctx).unwrap().connect(stream).is_err());
}
#[cfg(test)]
@ -812,7 +791,8 @@ mod dtlsv1 {
fn test_read_dtlsv1() {
let (_s, stream) = Server::new_dtlsv1(Some("hello"));
let mut stream = SslStream::connect(&SslContext::new(SslMethod::dtls()).unwrap(), stream).unwrap();
let ctx = SslContext::new(SslMethod::dtls()).unwrap();
let mut stream = Ssl::new(&ctx).unwrap().connect(stream).unwrap();
let mut buf = [0u8; 100];
assert!(stream.read(&mut buf).is_ok());
}
@ -853,7 +833,7 @@ fn test_write_nonblocking() {
let (_s, stream) = Server::new();
stream.set_nonblocking(true).unwrap();
let cx = SslContext::new(SslMethod::tls()).unwrap();
let mut stream = handshake(SslStream::connect(&cx, stream));
let mut stream = handshake(Ssl::new(&cx).unwrap().connect(stream));
let mut iterations = 0;
loop {
@ -891,7 +871,7 @@ fn test_read_nonblocking() {
let (_s, stream) = Server::new();
stream.set_nonblocking(true).unwrap();
let cx = SslContext::new(SslMethod::tls()).unwrap();
let mut stream = handshake(SslStream::connect(&cx, stream));
let mut stream = handshake(Ssl::new(&cx).unwrap().connect(stream));
let mut iterations = 0;
loop {
@ -965,7 +945,7 @@ fn write_panic() {
let stream = ExplodingStream(stream);
let ctx = SslContext::new(SslMethod::tls()).unwrap();
let _ = SslStream::connect(&ctx, stream);
let _ = Ssl::new(&ctx).unwrap().connect(stream);
}
#[test]
@ -993,7 +973,7 @@ fn read_panic() {
let stream = ExplodingStream(stream);
let ctx = SslContext::new(SslMethod::tls()).unwrap();
let _ = SslStream::connect(&ctx, stream);
let _ = Ssl::new(&ctx).unwrap().connect(stream);
}
#[test]
@ -1021,7 +1001,7 @@ fn flush_panic() {
let stream = ExplodingStream(stream);
let ctx = SslContext::new(SslMethod::tls()).unwrap();
let mut stream = SslStream::connect(&ctx, stream).ok().unwrap();
let mut stream = Ssl::new(&ctx).unwrap().connect(stream).ok().unwrap();
let _ = stream.flush();
}
@ -1045,7 +1025,7 @@ fn default_verify_paths() {
ctx.set_default_verify_paths().unwrap();
ctx.set_verify(SSL_VERIFY_PEER);
let s = TcpStream::connect("google.com:443").unwrap();
let mut socket = SslStream::connect(&ctx, s).unwrap();
let mut socket = Ssl::new(&ctx).unwrap().connect(s).unwrap();
socket.write_all(b"GET / HTTP/1.0\r\n\r\n").unwrap();
let mut result = vec![];
@ -1072,12 +1052,12 @@ fn valid_hostname() {
ctx.set_default_verify_paths().unwrap();
ctx.set_verify(SSL_VERIFY_PEER);
let mut ssl = ctx.into_ssl().unwrap();
let mut ssl = Ssl::new(&ctx).unwrap();
ssl.param().set_hostflags(X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
ssl.param().set_host("google.com").unwrap();
let s = TcpStream::connect("google.com:443").unwrap();
let mut socket = SslStream::connect(ssl, s).unwrap();
let mut socket = ssl.connect(s).unwrap();
socket.write_all(b"GET / HTTP/1.0\r\n\r\n").unwrap();
let mut result = vec![];
@ -1096,10 +1076,10 @@ fn invalid_hostname() {
ctx.set_default_verify_paths().unwrap();
ctx.set_verify(SSL_VERIFY_PEER);
let mut ssl = ctx.into_ssl().unwrap();
let mut ssl = Ssl::new(&ctx).unwrap();
ssl.param().set_hostflags(X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
ssl.param().set_host("foobar.com").unwrap();
let s = TcpStream::connect("google.com:443").unwrap();
assert!(SslStream::connect(ssl, s).is_err());
assert!(ssl.connect(s).is_err());
}