From f8be6415366927350c8874a4c3dc542622979408 Mon Sep 17 00:00:00 2001
From: Steven Fackler <sfackler@gmail.com>
Date: Sat, 16 Nov 2013 20:21:48 -0800
Subject: [PATCH] Start of x509 interface

---
 ffi.rs  |  2 ++
 lib.rs  | 28 ++++++++++++++++++++++++++--
 test.rs | 22 +++++++++++++++++-----
 3 files changed, 45 insertions(+), 7 deletions(-)

diff --git a/ffi.rs b/ffi.rs
index ee6a3e1a..cbb6e492 100644
--- a/ffi.rs
+++ b/ffi.rs
@@ -9,6 +9,7 @@ pub type SSL = c_void;
 pub type BIO = c_void;
 pub type BIO_METHOD = c_void;
 pub type X509_STORE_CTX = c_void;
+pub type X509 = c_void;
 pub type CRYPTO_EX_DATA = c_void;
 
 pub type CRYPTO_EX_new = extern "C" fn(parent: *c_void, ptr: *c_void,
@@ -62,6 +63,7 @@ extern "C" {
 
     pub fn X509_STORE_CTX_get_ex_data(ctx: *X509_STORE_CTX, idx: c_int)
                                       -> *c_void;
+    pub fn X509_STORE_CTX_get_current_cert(ct: *X509_STORE_CTX) -> *X509;
 
     pub fn SSL_new(ctx: *SSL_CTX) -> *SSL;
     pub fn SSL_free(ssl: *SSL);
diff --git a/lib.rs b/lib.rs
index f834c14e..fb223c4d 100644
--- a/lib.rs
+++ b/lib.rs
@@ -82,15 +82,18 @@ extern "C" fn raw_verify(preverify_ok: c_int, x509_ctx: *ffi::X509_STORE_CTX)
         let verify = ffi::SSL_CTX_get_ex_data(ssl_ctx, idx);
         let verify: Option<VerifyCallback> = cast::transmute(verify);
 
+        let ctx = X509StoreContext { ctx: x509_ctx };
+
         match verify {
             None => preverify_ok,
-            Some(verify) => verify(preverify_ok != 0) as c_int
+            Some(verify) => verify(preverify_ok != 0, ctx) as c_int
         }
     }
 }
 
 /// The signature of functions that can be used to manually verify certificates
-pub type VerifyCallback = extern "Rust" fn(preverify_ok: bool) -> bool;
+pub type VerifyCallback = extern "Rust" fn(preverify_ok: bool,
+                                           x509_ctx: X509StoreContext) -> bool;
 
 /// An SSL context object
 pub struct SslContext {
@@ -151,6 +154,27 @@ impl SslContext {
     }
 }
 
+pub struct X509StoreContext {
+    priv ctx: *ffi::X509_STORE_CTX
+}
+
+impl X509StoreContext {
+    pub fn get_current_cert(&self) -> Option<X509> {
+        let ptr = unsafe { ffi::X509_STORE_CTX_get_current_cert(self.ctx) };
+
+        if ptr.is_null() {
+            None
+        } else {
+            Some(X509 { x509: ptr })
+        }
+    }
+}
+
+/// A public key certificate
+pub struct X509 {
+    priv x509: *ffi::X509
+}
+
 struct Ssl {
     ssl: *ffi::SSL
 }
diff --git a/test.rs b/test.rs
index 4167f9eb..cc9e8bab 100644
--- a/test.rs
+++ b/test.rs
@@ -4,7 +4,7 @@ use std::io::Writer;
 use std::io::net::tcp::TcpStream;
 use std::str;
 
-use lib::{Sslv23, SslContext, SslStream, SslVerifyPeer};
+use lib::{Sslv23, SslContext, SslStream, SslVerifyPeer, X509StoreContext};
 
 mod lib;
 
@@ -47,7 +47,7 @@ fn test_verify_trusted() {
 
 #[test]
 fn test_verify_untrusted_callback_override_ok() {
-    fn callback(_preverify_ok: bool) -> bool {
+    fn callback(_preverify_ok: bool, _x509_ctx: X509StoreContext) -> bool {
         true
     }
     let stream = TcpStream::connect(FromStr::from_str("127.0.0.1:15418").unwrap()).unwrap();
@@ -61,7 +61,7 @@ fn test_verify_untrusted_callback_override_ok() {
 
 #[test]
 fn test_verify_untrusted_callback_override_bad() {
-    fn callback(_preverify_ok: bool) -> bool {
+    fn callback(_preverify_ok: bool, _x509_ctx: X509StoreContext) -> bool {
         false
     }
     let stream = TcpStream::connect(FromStr::from_str("127.0.0.1:15418").unwrap()).unwrap();
@@ -72,7 +72,7 @@ fn test_verify_untrusted_callback_override_bad() {
 
 #[test]
 fn test_verify_trusted_callback_override_ok() {
-    fn callback(_preverify_ok: bool) -> bool {
+    fn callback(_preverify_ok: bool, _x509_ctx: X509StoreContext) -> bool {
         true
     }
     let stream = TcpStream::connect(FromStr::from_str("127.0.0.1:15418").unwrap()).unwrap();
@@ -90,7 +90,7 @@ fn test_verify_trusted_callback_override_ok() {
 
 #[test]
 fn test_verify_trusted_callback_override_bad() {
-    fn callback(_preverify_ok: bool) -> bool {
+    fn callback(_preverify_ok: bool, _x509_ctx: X509StoreContext) -> bool {
         false
     }
     let stream = TcpStream::connect(FromStr::from_str("127.0.0.1:15418").unwrap()).unwrap();
@@ -103,6 +103,18 @@ fn test_verify_trusted_callback_override_bad() {
     assert!(SslStream::try_new(&ctx, stream).is_err());
 }
 
+#[test]
+fn test_verify_callback_load_certs() {
+    fn callback(_preverify_ok: bool, x509_ctx: X509StoreContext) -> bool {
+        assert!(x509_ctx.get_current_cert().is_some());
+        true
+    }
+    let stream = TcpStream::connect(FromStr::from_str("127.0.0.1:15418").unwrap()).unwrap();
+    let mut ctx = SslContext::new(Sslv23);
+    ctx.set_verify(SslVerifyPeer, Some(callback));
+    assert!(SslStream::try_new(&ctx, stream).is_ok());
+}
+
 #[test]
 fn test_write() {
     let stream = TcpStream::connect(FromStr::from_str("127.0.0.1:15418").unwrap()).unwrap();