950c39c2e6
Merge pull request #840 from olehermanse/master
...
Add des_ede3_cbc cipher and more tests/examples
2018-02-21 23:03:33 -08:00
402d81bb72
Release openssl-sys 0.9.26
2018-02-18 10:48:08 -08:00
2daaf3fdea
Add some debugging-related bindings
2018-02-17 17:49:49 -08:00
90d5f85511
Add SSL_version binding
2018-02-17 13:44:21 -08:00
18b87e65e3
Fix libressl
2018-02-16 22:28:38 -08:00
4dffa0c33f
SSL session callbacks have always been around
2018-02-16 21:31:09 -08:00
a9d8bea33c
Add more session cache support
2018-02-15 21:30:20 -08:00
cc34a7149e
Add des_ede3_cbc cipher
...
Signed-off-by: Ole Herman Schumacher Elgesem <oleherman93@gmail.com>
2018-02-15 17:44:44 +01:00
2765775535
OpenSSL 1.1.1 support
2018-02-13 22:31:37 -08:00
041d473c0a
Added binding for PEM_read_bio_RSAPublicKey
...
Signed-off-by: Ole Herman Schumacher Elgesem <oleherman93@gmail.com>
2018-02-14 02:08:01 +01:00
9f35b74c1d
Release openssl 0.10.3 and openssl-sys 0.9.25
2018-02-12 10:56:06 -08:00
7a6260321d
Detect FreeBSD OpenSSL automatically
...
Closes #686
2018-02-10 20:06:05 -08:00
fda5e50638
Merge pull request #833 from CmdrMoozy/des_ede3
...
Support EVP_des_ede3.
2018-02-04 17:36:31 -08:00
404bbeddfd
Support EVP_des_ede3.
...
This cipher is used, for example, for DES challenges for authenticating
against a Yubikey, so supporting it in rust-openssl is generally useful.
2018-02-04 13:17:09 -08:00
9a27bb2c03
Release openssl-sys v0.9.24
2018-01-10 22:06:55 -08:00
af7aa52364
Adjust the SNI callback
...
Brings it more in line with how the raw callback is structured.
2018-01-06 22:20:20 -08:00
05c5c422fd
Merge pull request #820 from sfackler/key-constructor-docs
...
Rename key serialization/deserialization methods
2018-01-06 17:14:51 -08:00
3c19702299
Rename key serialization/deserialization methods
...
Also document their specific formats.
Closes #502
2018-01-06 13:27:44 -08:00
45c15a65ad
FIPS mode support
...
Closes #818
2018-01-06 08:51:20 -08:00
1553447385
Misc cleanup
2018-01-01 12:23:41 -08:00
9043cf9aa7
Move X509Filetype to SslFiletype
...
These constants have the same values, but X509_FILETYPE_DEFAULT doesn't
work in the Ssl methods and using the SSL_* names is a bit less
confusing.
2018-01-01 11:50:07 -08:00
d207897458
Parameterize keys over what they contain
...
Closes #790
2017-12-30 21:53:39 -08:00
89dd50b3ce
Add issuer name access.
...
Closes #808
2017-12-29 10:50:49 -08:00
7fbda61609
Overhaul ALPN
...
There was previously a lot of behind the scenes magic. We now bind much
more directly to the relevant functions.
Also remove APN support. That protocol is supersceded by ALPN - let's
see if anyone actually needs to use it.
2017-12-27 16:24:01 -07:00
1166a6c3bf
Flag off constant
2017-12-26 14:54:45 -07:00
129b6b9d84
Overhaul verify error type
...
Also set the error in the hostname verification callback for 1.0.1
2017-12-26 14:43:10 -07:00
48db60aca0
Release v0.9.23
2017-12-05 21:58:24 -08:00
9f1066704c
Fixing the CI tests
2017-12-02 17:13:23 +01:00
fccb2eab4e
Adding dp(), dq() and qi() methods to RSA, to get the CRT parameters back
2017-12-02 12:30:50 +01:00
0577d06912
Release openssl-sys 0.9.22
2017-11-29 09:37:42 -08:00
e221b76e28
Release v0.9.21
2017-11-17 09:11:06 -08:00
55bf390dbe
Adjust libressl version detection
...
The 2.5.3+ and 2.6.3+ series are ABI-stable, so we don't need to
whitelist individual releases in those ranges.
2017-11-13 21:51:55 -08:00
6257835757
Add support for LibreSSL 2.6.3
2017-11-13 09:51:17 -05:00
09f2a3e9db
Release v0.9.20
2017-10-14 14:36:55 -07:00
1308cb2b52
Fix cfgs for libressl262
2017-10-04 00:53:09 -04:00
e0efd1d438
Add support for LibreSSL 2.6.2
2017-10-03 23:59:33 -04:00
2c58c39e84
Fix rerun logic
...
Closes #732
2017-09-20 13:48:38 -07:00
cd558d99e7
Release v0.9.18
2017-09-20 10:21:37 -04:00
dc92a514ef
Properly handle IPs in hostname verification
2017-09-20 10:04:09 -04:00
7c5cd10d1e
Update to cc 1.0
2017-09-20 09:23:30 -04:00
18db932c60
openssl-sys: Fix typo in libressl_version definition
...
Signed-off-by: Luis Ressel <aranea@aixah.de>
2017-09-18 23:49:44 +02:00
f0db1dbc95
Merge pull request #695 from Keruspe/master
...
openssl-sys: support libressl 2.6.1
2017-09-17 13:57:18 -07:00
bf85e41d74
opensslè-sys: adjust some constants to libressl 2.6.1
...
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2017-09-17 19:31:10 +02:00
579d4a86d2
openssl-sys: define libressl version
...
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2017-09-17 11:43:25 +02:00
af370cf9b7
openssl-sys: support libressl 2.6.1
...
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2017-09-14 11:56:36 +02:00
0f5e082157
Extract prefixed environment variables into helper function.
2017-09-13 23:58:28 -05:00
82d42eca8e
Use target name in variables when cross-compiling.
2017-09-13 15:39:06 -05:00
6bc0e4019b
Allow overriding lib/include dirs when cross-compiling.
2017-09-06 15:29:09 -05:00
c800ab922e
Fix build note for MinGW
...
Closes #689
2017-09-04 09:28:20 -06:00
ca40c2e6a3
Symlink README in place
...
Allows crates.io to render it properly
2017-08-21 04:00:25 -07:00
f599df124b
Add ability to get affine coordinates from EcPoint
...
The initial usecase here is creating JWK representations as defined
within RFC 7517 from an EcKey created via a PEM source.
2017-08-21 15:08:48 +10:00
9143516037
Add SHA384 and SHA512
2017-08-16 21:03:46 -07:00
673bcfaf5a
Add SHA1 an SHA224 hashers
2017-08-16 20:26:16 -07:00
c175ac639d
Release v0.9.17
2017-08-14 17:13:36 -07:00
1d92ff290e
Add a stateful SHA256 hasher
2017-08-14 17:07:44 -07:00
75d927b2bd
Merge pull request #622 from mcgoo/vcpkg
...
try to find openssl libraries in a vcpkg ports tree
2017-08-11 22:44:46 -07:00
ea6edb133e
Release v0.9.16
2017-08-10 22:17:50 -07:00
78e37bb2e1
Fully wrap feature checks
...
Otherwise OPENSSL_NO_EC2M would also trigger OPENSSL_NO_EC
2017-08-10 20:52:31 -07:00
4c3b3476f4
Merge pull request #675 from sdemos/master
...
added cms decryption
2017-08-09 14:20:51 -07:00
caf7b8ecbc
added cms decryption
2017-08-09 12:26:45 -07:00
16e8fbc31e
Fix EC_KEY_set_public_key_affine_coordinates
...
Previous definition incorrectly used `const` pointers but the
underpinning library definition (unfortunately) does not.
2017-08-09 13:34:08 +10:00
cfb4ea31d5
Support for EcKey creation from affine coordinates
...
Sets the public key for an EcKey based on its affine co-ordinates,
i.e. it constructs an EC_POINT object based on the supplied x and y
values and sets the public key to be this EC_POINT.
The initial usecase here is creating EcKey instances from JWK
representations as defined within RFC 7517.
2017-08-09 12:21:54 +10:00
c2164a4864
Add peer_cert_chain
2017-07-29 10:34:10 -07:00
01927c19ac
Initialize OpenSSL in DSA constructor
...
This fixes the double unlock errors that were popping up on circle
2017-07-25 21:59:52 -07:00
a02f039c0c
Fix build
2017-07-25 20:41:11 -07:00
82b1a12f35
Abort on bad unlock and safe core dumps
2017-07-25 20:35:29 -07:00
bf6dc28f0c
Release v0.9.15
2017-07-19 19:35:28 -07:00
43cacf00f5
Forbid LibreSSL 2.5.6+
2017-07-19 19:30:13 -07:00
453e641aa6
Support for LibreSSL 2.5.5
2017-07-17 20:29:35 +02:00
5e0146b10a
Test against libressl 2.6.0
2017-07-16 14:51:43 -07:00
bcd0dcafcb
Rustfmt
2017-07-15 21:46:11 -07:00
9290ed97c2
Merge pull request #657 from sfackler/rsa-pkcs1
...
Support PKCS#1 RSA public keys
2017-07-06 14:11:27 -10:00
88e277d49e
Inform cargo about which env vars we care about
2017-07-04 21:24:59 -07:00
279bffccf5
Merge pull request #641 from luser/psk
...
Expose PSK via a SslContextBuilder::set_psk_callback method
2017-07-04 18:19:17 -10:00
51a226eb4b
Support PKCS#1 RSA public keys
...
Closes #656
2017-07-04 20:57:00 -07:00
aa5547cdab
Enable build on LibreSSL 5.6.0 development branch.
...
Without this, openssl-sys can't compile on OpenBSD-current. As far as I can
tell, the only differences with respect to LibreSSL 5.5.4 are additional exposed
functions: there do not appear to be any breaking changes. Certainly all the
test suites in the repository succeed with this commit.
2017-06-25 14:42:39 +01:00
575e682da3
Add PKey::private_key_from_der
2017-06-23 21:04:13 -07:00
223e8e3689
Release v0.9.14
2017-06-14 19:59:45 -07:00
6b50d8940d
for msvc abi builds, allow use of openssl libs from vcpkg
2017-06-07 09:56:06 -05:00
9ba96b80b1
remove unused dependencies on windows
2017-06-06 20:56:16 -05:00
98d343dd32
Fix for changes in OpenSSL 1.1.0f
2017-06-06 18:45:54 -04:00
4de58596d9
Make some changes for review comments
2017-06-02 08:20:03 -04:00
cba475b9ae
Release v0.9.13
2017-05-29 17:46:07 -07:00
16183f41f6
Expose PSK via a SslContextBuilder::set_psk_callback method
2017-05-26 14:51:04 -04:00
61c9ffddb6
Explicitly initialize OpenSSL 1.1.0
2017-05-20 16:01:53 -07:00
7d587e2c93
Rustfmt
2017-05-20 15:53:45 -07:00
4336d1d38c
Release v0.9.12
2017-05-12 11:47:46 -07:00
f2ecdbe709
Fix support for LibreSSL versions other than 2.5.0
2017-05-12 11:16:25 -07:00
67b5fd1c97
Support public key decode from DER
...
Closes #629
2017-05-06 16:40:33 -07:00
7e8a0a0dad
Expose the lower level SHA functions
...
These don't allocate so they're both infallible and significantly
faster.
2017-04-14 23:03:17 -07:00
429f7c869e
Release v0.9.11
2017-04-14 16:56:21 -07:00
b21046375a
(issues-600) Avoid compiling ec2m code against no-ec2m openssl
...
This commit avoids defining code that leads to undefined references when
compiling against an openssl built with no-ec2m.
2017-04-11 15:42:05 -07:00
e6a6ebb87d
Add new EC/PKEY methods to permit deriving shared secrets.
2017-04-10 15:40:36 -04:00
7c24224394
show help message when pkg-config is missing
2017-03-29 19:25:00 +08:00
42ad50ae67
Release v0.9.10
2017-03-26 10:49:04 -07:00
c8d1698f27
Logic to support client-side session reuse
2017-03-25 19:30:01 -07:00
f82f650953
Panic if lock managed by `locking_function` is doubly unlocked
...
Trying to unlock an unlocked lock is always an error and should
be treated as such.
This is related to #597 .
2017-03-16 22:14:58 +00:00
bf63f35dfb
Release v0.9.9
2017-03-14 12:55:36 -07:00
663547a758
(maint) Recreate ability to pass in OPENSSL_LIBS variable
...
Prior to this commit in 43c951f743
2017-03-13 19:18:54 -06:00
06b10a5753
Release v0.9.8
2017-03-09 20:33:17 +11:00
81362a4e79
scrypt support
...
Closes #586
2017-02-21 21:15:52 -08:00
268288337b
Expose more error information
2017-02-19 16:05:58 -08:00
ce2cfc56a6
fix versions for sys as well
2017-02-16 19:49:14 -08:00
f8298882a4
add set_verify_cert_store() to ssl ctx
2017-02-16 19:49:14 -08:00
19f3b8a11a
Support PKCS#8 private key deserialization
...
Closes #581
2017-02-14 19:37:25 -08:00
06065ddcee
Release v0.9.7
2017-02-11 14:34:37 -08:00
980a71a008
Fix for libressl
2017-02-11 10:42:25 -08:00
f2c69ae7e9
Merge remote-tracking branch 'origin/master' into x509-builder
2017-02-11 10:13:00 -08:00
1c25336520
Merge branch 'master' into x509_req_version_subject
2017-02-11 09:11:25 -08:00
03fe3015dc
X509 signature algorithm access
2017-02-10 21:37:33 -08:00
8e5735d84c
X509 signature access
2017-02-10 19:59:11 -08:00
a1d7956f82
Add Asn1BitString
2017-02-10 19:38:51 -08:00
30a634c877
Merge branch 'master' into x509_req_version_subject
2017-02-07 20:41:27 +01:00
5e3dd07ee4
Clean up pkg-config logic
...
Now that we're letting the C compiler track down headers this is no
longer necessary.
2017-02-03 20:17:22 -08:00
4900d3fe5d
Fixed constant names from openssl/rsa.h
...
Fixed PKeyCtxRef method that didn't need to be mutable.
Added non-mutable accessors for PKeyCtxRef for Signer and Verifier.
2017-01-31 11:59:59 -08:00
302ee77d32
Adding suggestions from review.
2017-01-30 16:51:10 -08:00
20eed1e762
Simplify code, so that openssl-sys really doesn't contain anything aside
...
from bindings
2017-01-30 15:04:44 -08:00
588fd33552
Testing first version that works with signer.
2017-01-30 15:04:44 -08:00
ddc0066211
Add the necessary constants to access the pkey ctx stuff.
2017-01-30 15:04:44 -08:00
0598561f0e
Macro-expand OpenSSL headers for feature checks
...
Closes #564
2017-01-28 20:22:18 -08:00
f5149eac5a
Add setters to new getter-functions in X509ReqRef
2017-01-27 20:55:40 +01:00
6a8f6f425f
Style changes according to review
2017-01-27 19:13:36 +01:00
557b936e27
Added X509ReqRef.subject_name and X509ReqRef.version
2017-01-26 21:05:33 +01:00
01e4667175
Make sure to not add system dirs to linkage
...
cc #447
2017-01-24 21:31:41 +01:00
591022a7fa
fix multi-version compat
2017-01-23 22:12:11 -08:00
540387d5ee
fix ptr types
2017-01-22 22:43:27 -08:00
225552b823
Merge branch 'master' of github.com:sfackler/rust-openssl
2017-01-22 22:24:45 -08:00
fbfecd63ae
add some documentation
2017-01-22 22:23:21 -08:00
52c7868bb6
add pkcs12_create and to_der funcs
2017-01-22 21:27:31 -08:00
722bdb6a4c
Merge pull request #550 from Keruspe/master
...
LibreSSL support improvements
2017-01-22 18:39:34 +00:00
54900976bb
Support EC_GROUP_set_asn1_flag
...
Closes #561
2017-01-22 10:44:59 +00:00
26e159a5f0
Support chacha20 and chacha20_poly1305
2017-01-21 11:12:02 +00:00
d353b36681
Support AES IGE
...
This is a special snowflake used only by Telegram apparently.
Closes #523
2017-01-21 09:41:13 +00:00
a1122197f8
Add categories
...
Closes #557
2017-01-20 16:35:43 +00:00
920ab0d6fb
OCSP functionality
2017-01-14 21:09:38 -08:00
9942643ab6
Release v0.9.6
2017-01-09 20:52:20 -08:00
192c08cdee
Adjust minimum pkg-config version
...
Closes #551
2017-01-07 13:13:53 -08:00
524e8e3c5a
libressl: mark unavailable flags as such
...
These flags are not available in libressl (at least for version 2.4.4 which is the last stable version)
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2017-01-05 16:15:25 +01:00
c6ea4f3e2a
Fix time type
2017-01-04 23:04:26 -08:00
404e0341d8
Provide master key access
2017-01-04 22:01:30 -08:00
5d53405597
Provide access to the session ID
2017-01-04 21:11:06 -08:00
1ffe574298
Add SSL_SESSION functions
2017-01-04 20:57:50 -08:00
336175990c
Add SSL_SESSION
2017-01-04 20:54:53 -08:00
cdf388e3f4
Release v0.9.5
2017-01-03 16:09:24 -08:00
6291407b17
Add X509::stack_from_pem
...
Implementation is a clone of SSL_CTX_use_certificate_chain_file
2017-01-03 14:56:00 -08:00
d9e3d6ea21
Improving missing OpenSSL message on Linux
2017-01-03 11:56:32 +01:00
9ff3ce4687
Use metadeps to specify pkg-config dependencies declaratively
...
This makes it easier for distribution packaging tools to generate
appropriate package dependencies.
2016-12-24 02:38:51 -08:00
762510a5fa
Release v0.9.4
2016-12-23 13:38:52 -05:00
7e035a7fd1
Merge pull request #538 from semarie/libressl
...
Add LibreSSL support
2016-12-22 11:59:19 -05:00
b3526cbd2b
Add LibreSSL 2.5.0 support
2016-12-21 09:27:12 +01:00
53c470c71a
duplicate ossl10x.rs to libressl.rs
2016-12-21 08:39:25 +01:00
3cfcf13880
Merge branch 'master' of github.com:sfackler/rust-openssl
2016-12-20 14:30:56 -08:00
b090804227
Allow OPENSSL_{LIB,INCLUDE}_DIR to override OPENSSL_DIR
2016-12-12 17:51:35 +00:00
791f2c8f4d
Release v0.9.3
2016-12-09 21:54:06 -08:00
26cefe7d97
Switch to docs.rs for docs
2016-12-09 21:52:43 -08:00
0850f605b1
Use EVP_bf_cfb64 instead of EVP_bf_cfb
2016-12-09 18:42:10 +00:00
0081665339
Add Blowfish support
2016-12-09 17:06:15 +00:00
0602712bf4
Release v0.9.2
2016-11-27 22:23:32 -08:00
e929e09216
Add EcPoint::invert
2016-11-14 22:02:47 +01:00
e9e58b27dc
Remove EC_METHOD functions
...
Some appear not to be defined anywhere and they're not used anyway
2016-11-13 22:14:10 +00:00
82eb3c4f51
Add EcKey::check_key
2016-11-13 22:10:52 +00:00
35f11d555e
More functionality
2016-11-13 22:06:18 +00:00
1a52649516
More functionality
2016-11-13 20:46:01 +00:00
b2de36049a
Add Some more elliptic curve functionality
2016-11-13 20:19:38 +00:00
48c0009418
Macroise from_der
2016-11-13 17:06:50 +00:00
b0415f466c
Macroise to_der
2016-11-13 16:52:19 +00:00
387e78257b
Support serialization of encrypted private keys
...
Switch to PEM_write_bio_PKCS8PrivateKey since the other function outputs
nonstandard PEM when encrypting.
2016-11-13 16:09:52 +00:00
08e0c4ca90
Some serialization support for EcKey
2016-11-13 15:02:38 +00:00
796d7b4deb
Add constructors for various standard primes
2016-11-12 14:20:43 +00:00
96d24c8957
Add SslRef::set_{tmp_dh,tmp_ecdh,ecdh_auto}
2016-11-12 13:45:54 +00:00
563754fb08
Add SslContextBuilder::set_tmp_{ec,}dh_callback
2016-11-12 12:43:44 +00:00
9b5c62b053
Add PKey::bits
2016-11-12 11:00:15 +00:00
7c9afd8c99
Fix function signature
2016-11-12 10:29:31 +00:00
26a3358a2b
Add basic X509_STORE access
...
There's more to do here, but this enabled addition of trusted CAs from
X509 objects.
Closes #394
2016-11-12 00:24:12 +00:00
6b7279eb52
Consistently support both PEM and DER encodings
...
Closes #500
2016-11-11 20:10:10 +00:00
15490a43e3
Add EcKey <-> PKey conversions
...
Closes #499
2016-11-11 19:17:38 +00:00
32cbed0782
PKey <-> DH conversions
...
Closes #498
2016-11-11 19:04:54 +00:00
609a09ebb9
Add PKey::dsa
...
Closes #501
2016-11-11 18:52:37 +00:00
0d2d4865e5
Release v0.9.1
2016-11-11 16:45:22 +00:00
203a02c3e6
Actually support AES GCM
...
This is an AEAD cipher, so we need some extra functionality. As another
bonus, we no longer panic if provided an IV with a different length than
the cipher's default.
2016-11-08 20:35:21 +00:00
d78acc729b
Add an X509ReqBuilder
2016-11-07 20:42:43 +00:00
597d05b8f8
Add stack creation and push
2016-11-06 23:46:42 -08:00
5f18ffa4b3
Start of extension support
2016-11-06 21:58:43 -08:00
1939e6fd78
Add conf module
2016-11-06 14:49:26 -08:00
b83edbad0d
Start on an X509Builder
2016-11-06 14:07:34 -08:00
1edb6f682e
Support client CA advertisement
2016-11-06 12:17:14 -08:00
a4e0581e4f
Fix build on 1.0.1
2016-11-06 11:57:50 -08:00
bcb7b3f5dc
Add accessors for cert and private key
...
Closes #340
2016-11-06 10:46:38 -08:00
c2bf8acad8
Provide a tailored error message on Linux
...
I just ran into a case where I installed OpenSSL in a docker container but I
forgot to install pkg-config. Right now openssl-sys relies on pkg-config, so
print out a nice error about this.
2016-11-05 22:55:25 -07:00
72ac2a0105
Release v0.9.0
2016-11-05 20:05:50 -07:00
fb9420fc91
Always dump openssl confs
2016-11-04 21:15:07 -07:00
91fd58b4c2
More buildscript tweaks
2016-11-04 21:10:49 -07:00
9198bcda3a
Improve buildscript logic
2016-11-04 21:08:34 -07:00
62a9f89fce
Avoid lhash weirdness
2016-11-03 20:38:51 -07:00
7f308aa5e1
Fix signature
2016-11-02 08:26:18 -07:00
aa0040125b
Use built in DH parameters when available
...
Fall back to a hardcoded PEM blob on 1.0.1, but serialized from
DH_get_2048_256.
2016-11-01 22:50:22 -07:00
176348630a
Don't clear BigNums in destructor
...
Instead add a clear method.
2016-11-01 21:59:07 -07:00
343ce159ec
Fix stack signatures
2016-11-01 19:51:55 -07:00
c776534ad4
Clean up stack
2016-11-01 19:25:40 -07:00
77b76ed8a8
Merge pull request #506 from simias/stack
...
Implemented a generic Stack API and use it to deal with StackOf(X509) and StackOf(GENERAL_NAME)
2016-11-01 18:59:35 -07:00
8d0090faec
Implement X509StoreContextRef::get_chain
2016-11-01 21:23:18 +01:00
3bdefa987a
Implement a generic Stack API to deal with OpenSSL stacks
2016-11-01 21:23:13 +01:00
9ea27c12b9
Add method to encode a public key as a DER blob
2016-11-01 17:34:21 +01:00
dc4098bdd8
Clean up x509 name entries
2016-10-31 22:43:05 -07:00
cd7fa9fca2
Update x509
2016-10-31 20:54:34 -07:00
16e398e005
Update verify
2016-10-31 20:19:59 -07:00
558124b755
Expose SSL_MODEs
2016-10-30 22:02:26 -07:00
677718f8da
Configure ECDH parameters in connector
2016-10-30 13:38:09 -07:00
8c58ecc2fa
Implement EcKey
...
cc #499
2016-10-30 13:17:20 -07:00
781417d50f
Add a macro definition
2016-10-27 19:12:55 -07:00
bea53bb39b
Support AES GCM
...
Closes #326
2016-10-25 20:59:33 -07:00
39279455c8
Add a shutdown method
2016-10-25 20:40:18 -07:00
04fc853ee3
Remove NIDs only defined in 1.0.2+
2016-10-23 09:16:20 -07:00
2fd201d9c3
De-enumify Nid
2016-10-22 10:08:32 -07:00
5ab037f056
Allow the X509 verify error to be read from an SslRef
2016-10-18 22:21:06 -07:00
cfd5192a7d
De-enumify X509ValidationError
...
Also make it an Error.
Closes #352 .
2016-10-18 22:10:37 -07:00
c4459c37d9
Callback cleanup
2016-10-18 21:13:13 -07:00
6609a81685
Migrate DSA sign/verify to EVP APIs
2016-10-15 15:02:02 -07:00
228b8fbc5b
Correctly bind BIO_new_mem_buf
2016-10-15 13:39:47 -07:00
bb23b33829
Fix signature of EVP_DigestVerifyFinal on 1.0.1
2016-10-15 12:24:20 -07:00
6ae472487f
Support HMAC PKeys and remove hmac module
2016-10-15 11:06:11 -07:00
b564cb5db7
Add digest signature methods
2016-10-15 09:48:34 -07:00
64b8e5e553
Merge pull request #471 from sfackler/no-comp
...
Handle OPENSSL_NO_COMP
2016-10-14 23:09:11 -07:00
ba997c590e
Prefer 1.1 when looking for Homebrew installs
2016-10-14 22:55:44 -07:00
7ac0599638
Fix test_alpn_server_select_none
...
In OpenSSL 1.1, a failure to negotiate a protocol is a fatal error, so
fork that test. This also popped up an issue where we assumed all errors
had library, function, and reason strings which is not necessarily the
case.
While we're in here, adjust the Display impl to match what OpenSSL
prints out.
Closes #465
2016-10-14 22:01:21 -07:00
f520aa2860
Handle OPENSSL_NO_COMP
...
Closes #459
2016-10-14 20:50:45 -07:00
d7a433bdef
Respect osslconf in systest
...
Also cfg off SSLv3_method, since it's disabled in the OpenSSL that ships
with Arch Linux. More such flags can be added on demand - it doesn't
seem worth auditing everything for them.
2016-10-14 19:16:08 -07:00
d976b8f595
Enable hostname verification on 1.0.2
2016-10-14 18:56:15 -07:00
af51b263b1
Support hostname verification
...
Closes #206
2016-10-14 17:39:31 -07:00
ae282a78e2
Remove link_name usage
2016-10-14 16:15:50 -07:00
b610e01793
Flag off dtls and mask ssl_ops
...
Also un-feature gate npn as it ships with 1.0.1
2016-10-13 19:06:53 -07:00
af3e06d3e8
Add remaining SSL_OP constants
2016-10-12 22:50:08 -07:00
43c951f743
Add support for OpenSSL 1.1.0
...
This commit is relatively major refactoring of the `openssl-sys` crate as well
as the `openssl` crate itself. The end goal here was to support OpenSSL 1.1.0,
and lots of other various tweaks happened along the way. The major new features
are:
* OpenSSL 1.1.0 is supported
* OpenSSL 0.9.8 is no longer supported (aka all OSX users by default)
* All FFI bindings are verified with the `ctest` crate (same way as the `libc`
crate)
* CI matrixes are vastly expanded to include 32/64 of all platforms, more
OpenSSL version coverage, as well as ARM coverage on Linux
* The `c_helpers` module is completely removed along with the `gcc` dependency.
* The `openssl-sys` build script was completely rewritten
* Now uses `OPENSSL_DIR` to find the installation, not include/lib env vars.
* Better error messages for mismatched versions.
* Better error messages for failing to find OpenSSL on a platform (more can be
done here)
* Probing of OpenSSL build-time configuration to inform the API of the `*-sys`
crate.
* Many Cargo features have been removed as they're now enabled by default.
As this is a breaking change to both the `openssl` and `openssl-sys` crates this
will necessitate a major version bump of both. There's still a few more API
questions remaining but let's hash that out on a PR!
Closes #452
2016-10-12 22:49:55 -07:00
44ed665f02
Add RAND_status()
...
RAND_status() returns 1 if the PRNG has been seeded with enough data, 0 otherwise.
2016-10-01 13:42:13 +02:00
4cc55b65e0
Add RSA_*_PADDING constants
2016-10-01 13:39:33 +02:00
4718a88e04
Release openssl-sys v0.7.17, openssl v0.8.2
2016-08-18 12:59:22 -07:00
cd69343d67
Fix SslContext::add_extra_chain_cert
...
SSL_CTX_add_extra_chain_cert assumes ownership of the certificate, so
the method really needs to take an X509 by value. Work around this by
manually cloning the cert.
This method has been around for over a year but I'm guessing nobody
actually used it since it produces a nice double free into segfault!
2016-08-17 19:30:57 -07:00
96b1ef829c
Add `"x509_expiry"` feature flag
...
- fix return of `ASN1_TIME_print`
- assert on null `date`
2016-08-17 01:23:54 -04:00
f9cd4bff1f
Progress on asn1 expiry
...
- Use MemBio and implement `Display` for Asn1Time
- Tweak doc for asn1 `not_before`, `not_after`
2016-08-17 01:23:54 -04:00
629f638f08
Release openssl-sys v0.7.16, openssl v0.8.1
2016-08-15 18:44:57 -07:00
912f7499cd
Initialize algorithms in init
...
Required to deserialize PKCS12 on 0.9.8, looks like
2016-08-14 12:51:33 -07:00
e5299fd7c9
Fix memory leak in general name stack
2016-08-14 11:16:53 -07:00
6b12a0cdde
PKCS #12 support
2016-08-14 11:11:26 -07:00
773a6f0735
Start on PKCS #12 support
2016-08-14 10:11:38 -07:00
2e8f19ca2f
Release openssl-sys v0.7.15, openssl v0.8.0
2016-08-11 21:00:43 -07:00
207d8e6b30
Undelete bogus extern declaration
...
Old rust-openssl versions rely on it being there
2016-08-10 22:16:58 -07:00
0cc863e857
Use new target syntax for windows stuff
2016-08-10 22:13:17 -07:00
35c79d1768
Fix build
2016-08-09 23:13:56 -07:00
67b5b4d814
Make hmac support optional and remove openssl-sys-extras
...
rust-openssl no longer requires headers for the default feature set.
2016-08-09 22:52:12 -07:00
a8224d199b
symm reform
2016-08-08 23:10:03 -07:00
522447378e
Copy over getter macros
2016-08-08 20:37:48 -07:00
bf07dd9a4e
Remove symm_internal
2016-08-08 20:26:04 -07:00
6b1016c86e
Add PKey::from_rsa
2016-08-07 22:56:44 -07:00
2a3e9a2856
Add RSA::generate
2016-08-07 22:35:37 -07:00
7855f428aa
PKey reform
...
This deletes the vast majority of PKey's API, since it was weirdly tied
to RSA and super broken.
2016-08-07 20:38:46 -07:00
7ca5ccf064
Hash reform
...
Closes #430
2016-08-07 16:29:36 -07:00
c47be8b14b
Move SSL_CTX_set_ecdh_auto to -sys
2016-08-04 22:52:40 -07:00
ee67ea8ea0
Mvoe SSL_CTX_add_extra_chain_cert to -sys
2016-08-04 22:46:47 -07:00
378b86326c
Move SSL_CTX_set_tmp_dh to -sys
2016-08-04 22:43:24 -07:00
7fb7f4671d
Move SSL_CTX_set_read_ahead to -sys
2016-08-04 22:40:01 -07:00
77dbab2cad
Move SSL_CTX_set_tlsext_servername_callback to -sys
2016-08-04 22:37:39 -07:00
c2a7c5b7f0
Move SSL_set_tlsext_host_name to -sys
2016-08-04 22:28:33 -07:00
b29ea62491
Move BIO macros into -sys
2016-08-04 22:22:55 -07:00
17474520bc
Support basic SSL options without C shims
2016-08-04 22:14:18 -07:00
abacc8bb18
Define SSL_CTX_set_mode in openssl-sys
2016-08-02 22:14:44 -07:00
08e27f31ed
Restructure PEM input/output methods
...
Dealing with byte buffers directly avoids error handling weirdness and
we were loading it all into memory before anyway.
2016-08-02 20:49:28 -07:00
3539be3366
Add MidHandshakeSslStream
...
Allows recognizing when a stream is still in handshake mode and can gracefully
transition when ready. The blocking usage of the API should still be the same,
just helps nonblocking implementations!
2016-07-31 16:01:06 -07:00
df30e9e700
Merge pull request #402 from bbatha/feat/dsa-ffi
...
DSA bindings
2016-07-29 22:35:50 -07:00
a3a602be51
add low level dsa primitives
2016-07-29 19:04:37 -04:00
5ed77df197
Implement save_der for X509 and X509Req
2016-07-29 12:14:49 +03:00
722a2bd673
Set SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER flag
2016-07-24 20:55:15 +02:00
5135fca87f
Release v0.7.14
2016-07-01 18:43:39 -04:00
121169c1f5
Set auto retry
...
SSL_read returns a WANT_READ after a renegotiation by default which ends
up bubbling up as a weird BUG error. Tell OpenSSL to just do the read
again.
2016-07-01 18:31:47 -04:00
f6b612df5f
Release v0.7.13
2016-05-20 15:57:57 -07:00
ed969d5d8a
Update user32-sys and gdi32-sys to 0.2
2016-05-19 22:00:14 +02:00
95051b060d
Release v0.7.12
2016-05-16 23:04:03 -07:00
dce59a63c5
Merge pull request #389 from cmsd2/master
...
expose rsa from raw private key and rsa sign and verify
2016-05-06 15:12:19 -07:00
f82a1c4f75
add rsa signature tests
2016-05-05 23:41:55 +01:00
78122a9d68
Release v0.7.11
2016-05-05 13:32:27 -07:00
7b73003b67
Add X509StoreContext::error_depth
2016-04-30 09:27:50 -07:00
62a7dd10e5
Add Ssl::set_verify
...
It also uses a better, closure based API than the existing callback
methods.
2016-04-30 08:09:12 -07:00
a7bade104c
Merge pull request #381 from chaaz/master
...
Add 1DES symm ciphers (des-cbc, des-ecb, des-cfb, des-ofb)
2016-04-29 21:17:17 -07:00
32722e1850
Add accessors for x509 subject alt names
2016-04-29 21:15:32 -07:00
caf9272c85
Start on GeneralName
2016-04-28 22:16:29 -07:00
5682c04469
Remove des_cfb and des_ofb, since they appear on limit platforms
2016-04-19 17:28:19 -06:00
54fc1df712
Release v0.7.10
2016-04-16 20:57:12 -07:00
c2e72f6641
Add SslContext::set_default_verify_paths
2016-04-16 20:47:32 -07:00
2062d48dd2
Add 1DES symm ciphers (des-cbc, des-ecb, des-cfb, des-ofb)
...
1DES is well and truly dead for actual sensitive information, (its
keysize is too small for modern purposes), but it can still find use in
backwards compatiblity or educational applications.
2016-04-14 03:44:43 -06:00
9511a9bc19
Merge pull request #380 from Yoric/master
...
Resolves #378 - Module version with the version information
2016-04-13 14:45:49 -07:00
0c48f9a0e0
Resolves #378 - Module version with the version information
2016-04-13 23:29:25 +02:00
00282de2a5
Add ability to set session ID context on an SSL context
...
This is necessary to make authentication with client certificates work
without session restarts.
2016-04-13 21:38:23 +02:00
d143203f88
Release v0.7.9
2016-04-06 21:34:20 -07:00
4016edd4de
add EVP_PKEY_copy_parameters to FFI
...
copy EVP_PKEY params in PKey::clone
test that PKey::clone creates a copy
2016-04-06 19:39:50 -04:00
e0412850ec
Release v0.7.8
2016-03-18 08:54:12 -07:00
a569df29f4
Release v0.7.7
2016-03-17 09:04:23 -07:00
23fd427900
Merge pull request #353 from bluejekyll/master
...
adding functionality to directly get and set RSA public key material
2016-03-05 13:57:53 -08:00
04cbf049c0
Add SSL_get_version
2016-02-29 20:14:48 +00:00
ef95223d26
adding functionality to directly get and set RSA key material
2016-02-17 23:18:42 -08:00
1e9667ea89
Add support for SSL_CIPHER
2016-02-17 22:38:32 +00:00
3df4c479c9
Release v0.7.6
2016-02-10 09:36:00 -08:00
Steven Fackler