43753698da
Impl Send + Sync for x509 stuff
2017-12-13 11:35:04 -05:00
e9ad9f1afd
Upgrade foreign-types
...
foreign-types 0.3 and 0.2 now share the same types and traits, so this
is backwards compatible.
2017-11-26 17:07:24 -07:00
de987f20c8
Revert "Update foreign-types to 0.3"
2017-11-21 08:51:37 -08:00
93be1c4f2f
Update foreign-types to 0.3
2017-11-21 09:17:39 +01:00
b5bb8de4f2
Convert try! usage to ?
2017-10-03 17:44:02 -04:00
7de1499c65
Fix X509::clone impl
...
Closes #667
2017-07-19 19:23:47 -07:00
bcd0dcafcb
Rustfmt
2017-07-15 21:46:11 -07:00
fd52bbe85c
Add an API to install extra data
2017-07-15 16:50:36 -07:00
b431896057
mention the common fields
2017-02-22 22:05:39 -08:00
9b24698aee
some helpful documentation and example.
2017-02-20 14:48:49 -08:00
129a3cff08
Update deprecation version
2017-02-11 10:27:09 -08:00
16d5632983
Remove X509Req setters
2017-02-11 10:14:16 -08:00
f2c69ae7e9
Merge remote-tracking branch 'origin/master' into x509-builder
2017-02-11 10:13:00 -08:00
5ad4af70ae
Re-add reexport
2017-02-11 09:17:39 -08:00
1c25336520
Merge branch 'master' into x509_req_version_subject
2017-02-11 09:11:25 -08:00
03fe3015dc
X509 signature algorithm access
2017-02-10 21:37:33 -08:00
8e5735d84c
X509 signature access
2017-02-10 19:59:11 -08:00
8ae424235e
Make it compile again.
...
Make self mut in set_subject_name.
Add assert to prevent a null pointer in subject_name.
2017-02-07 21:49:07 +01:00
30a634c877
Merge branch 'master' into x509_req_version_subject
2017-02-07 20:41:27 +01:00
12ae31ad47
Switch to foreign_types
2017-02-03 23:03:35 -08:00
f5149eac5a
Add setters to new getter-functions in X509ReqRef
2017-01-27 20:55:40 +01:00
6a8f6f425f
Style changes according to review
2017-01-27 19:13:36 +01:00
557b936e27
Added X509ReqRef.subject_name and X509ReqRef.version
2017-01-26 21:05:33 +01:00
920ab0d6fb
OCSP functionality
2017-01-14 21:09:38 -08:00
6291407b17
Add X509::stack_from_pem
...
Implementation is a clone of SSL_CTX_use_certificate_chain_file
2017-01-03 14:56:00 -08:00
ccef9e339d
Macroise from_pem
2016-11-13 17:56:48 +00:00
df9666c334
Macroise to_pem
2016-11-13 17:42:45 +00:00
48c0009418
Macroise from_der
2016-11-13 17:06:50 +00:00
b0415f466c
Macroise to_der
2016-11-13 16:52:19 +00:00
26a3358a2b
Add basic X509_STORE access
...
There's more to do here, but this enabled addition of trusted CAs from
X509 objects.
Closes #394
2016-11-12 00:24:12 +00:00
b3b7194e82
Docs
2016-11-08 19:10:56 +00:00
97872500a3
Deprecate X509Generator
2016-11-07 21:48:40 +00:00
c0e02e7e51
Use X509Builder in X509Generator
2016-11-07 21:15:36 +00:00
18c5d1f771
Add init calls to new constructors
2016-11-07 20:50:57 +00:00
d78acc729b
Add an X509ReqBuilder
2016-11-07 20:42:43 +00:00
5f18ffa4b3
Start of extension support
2016-11-06 21:58:43 -08:00
b83edbad0d
Start on an X509Builder
2016-11-06 14:07:34 -08:00
1edb6f682e
Support client CA advertisement
2016-11-06 12:17:14 -08:00
8037258913
Return a Stack in Pkcs12
2016-11-05 13:57:05 -07:00
f15c817c2d
Rustfmt
2016-11-05 10:54:17 -07:00
01ae978db0
Get rid of Ref
...
There's unfortunately a rustdoc bug that causes all methods implemented
for any Ref<T> to be inlined in the deref methods section :(
2016-11-04 17:16:59 -07:00
6fe7dd3024
Remove an enum
2016-11-03 22:45:54 -07:00
62a9f89fce
Avoid lhash weirdness
2016-11-03 20:38:51 -07:00
e67733cc4e
Cleanup X509StoreContext::chain
2016-11-01 19:45:38 -07:00
8d0090faec
Implement X509StoreContextRef::get_chain
2016-11-01 21:23:18 +01:00
36bf0bb387
Replace GeneralNames by the new Stack API
2016-11-01 21:23:18 +01:00
dc4098bdd8
Clean up x509 name entries
2016-10-31 22:43:05 -07:00
cd7fa9fca2
Update x509
2016-10-31 20:54:34 -07:00
f640613863
Update PKey
2016-10-31 20:12:55 -07:00
849fca4a7b
Convert Asn1Time
2016-10-31 20:02:24 -07:00
f75f82e466
Rustfmt
2016-10-30 16:37:45 -07:00
c89f2c0be0
Use PKeyRef in X509Generator
2016-10-29 16:37:56 -07:00
85169e5a61
Fix reexport
2016-10-29 15:02:07 -07:00
4c7a5a418e
Implement client and server connectors
2016-10-29 14:02:26 -07:00
1a288da86c
Make verification unconditionally exposed internally
2016-10-28 22:14:44 -07:00
4f59d57675
Move SslString to a shared location
2016-10-26 21:28:00 -07:00
d39a2cedad
Fix tests
2016-10-22 16:01:26 -07:00
2fd201d9c3
De-enumify Nid
2016-10-22 10:08:32 -07:00
98b7f2f935
Flatten crypto module
2016-10-22 09:16:38 -07:00
8ec53eb0e1
Fix X509StoreContext
2016-10-21 20:59:07 -07:00
b7017a7eec
Update Asn1TimeRef
2016-10-21 17:13:30 -07:00
23fc6c828b
Convert X509Ref
2016-10-21 17:01:13 -07:00
b3eb8d516c
Switch X509Name over to new borrow setup
...
The use of actual references enables us to be correct with respect to
mutability without needing two structs for the mutable and immutable
cases and more deref impls.
2016-10-20 22:51:10 -07:00
5ab037f056
Allow the X509 verify error to be read from an SslRef
2016-10-18 22:21:06 -07:00
cfd5192a7d
De-enumify X509ValidationError
...
Also make it an Error.
Closes #352 .
2016-10-18 22:10:37 -07:00
080050e10d
Drop lifetime on GeneralNames
2016-10-18 21:52:49 -07:00
194298a057
Implement new feature setup
...
The basic idea here is that there is a feature for each supported
OpenSSL version. Enabling multiple features represents support for
multiple OpenSSL versions, but it's then up to you to check which
version you link against (probably by depending on openssl-sys and
making a build script similar to what openssl does).
2016-10-17 21:57:54 -07:00
7ec015325b
Finish error overhaul
2016-10-16 21:07:17 -07:00
c171be551a
De-enumify message digests
2016-10-15 15:23:29 -07:00
d976b8f595
Enable hostname verification on 1.0.2
2016-10-14 18:56:15 -07:00
af51b263b1
Support hostname verification
...
Closes #206
2016-10-14 17:39:31 -07:00
43c951f743
Add support for OpenSSL 1.1.0
...
This commit is relatively major refactoring of the `openssl-sys` crate as well
as the `openssl` crate itself. The end goal here was to support OpenSSL 1.1.0,
and lots of other various tweaks happened along the way. The major new features
are:
* OpenSSL 1.1.0 is supported
* OpenSSL 0.9.8 is no longer supported (aka all OSX users by default)
* All FFI bindings are verified with the `ctest` crate (same way as the `libc`
crate)
* CI matrixes are vastly expanded to include 32/64 of all platforms, more
OpenSSL version coverage, as well as ARM coverage on Linux
* The `c_helpers` module is completely removed along with the `gcc` dependency.
* The `openssl-sys` build script was completely rewritten
* Now uses `OPENSSL_DIR` to find the installation, not include/lib env vars.
* Better error messages for mismatched versions.
* Better error messages for failing to find OpenSSL on a platform (more can be
done here)
* Probing of OpenSSL build-time configuration to inform the API of the `*-sys`
crate.
* Many Cargo features have been removed as they're now enabled by default.
As this is a breaking change to both the `openssl` and `openssl-sys` crates this
will necessitate a major version bump of both. There's still a few more API
questions remaining but let's hash that out on a PR!
Closes #452
2016-10-12 22:49:55 -07:00
cd69343d67
Fix SslContext::add_extra_chain_cert
...
SSL_CTX_add_extra_chain_cert assumes ownership of the certificate, so
the method really needs to take an X509 by value. Work around this by
manually cloning the cert.
This method has been around for over a year but I'm guessing nobody
actually used it since it produces a nice double free into segfault!
2016-08-17 19:30:57 -07:00
7a653282a9
Get rid of use Asn1TimeRef warning for some builds
2016-08-17 01:23:54 -04:00
06f19cf285
Be explicit regarding Asn1TimeRef lifetimes
2016-08-17 01:23:54 -04:00
90c42fc026
Fix docs
2016-08-17 01:23:54 -04:00
234ce581f9
Add x509_validity feature to travis tests
...
- also update docs for new x509 `not_before`, `not_after`
2016-08-17 01:23:54 -04:00
96b1ef829c
Add `"x509_expiry"` feature flag
...
- fix return of `ASN1_TIME_print`
- assert on null `date`
2016-08-17 01:23:54 -04:00
32a4e2ba50
Introduce `Asn1TimeRef`
2016-08-17 01:23:54 -04:00
f9cd4bff1f
Progress on asn1 expiry
...
- Use MemBio and implement `Display` for Asn1Time
- Tweak doc for asn1 `not_before`, `not_after`
2016-08-17 01:23:54 -04:00
88dcb1c81d
Add a little comment to sketchy transmute
2016-08-15 18:41:18 -07:00
e5299fd7c9
Fix memory leak in general name stack
2016-08-14 11:16:53 -07:00
6b12a0cdde
PKCS #12 support
2016-08-14 11:11:26 -07:00
5042d3d170
Mangle c helper functions
...
We want to make sure that multiple openssl versions can coexist in the
same dependency tree.
Closes #438
2016-08-13 12:05:29 -07:00
59fe901357
Method renames
2016-08-10 21:28:17 -07:00
c15642ccea
Tweaks
2016-08-10 21:25:18 -07:00
c4e7743c57
Asn1 and Bignum renames
2016-08-10 20:51:06 -07:00
1ac54b06e9
Move X509_get_extensions to openssl helpers
2016-08-09 22:15:16 -07:00
0854632ff5
Make c_helpers optional
2016-08-09 22:02:49 -07:00
6b1016c86e
Add PKey::from_rsa
2016-08-07 22:56:44 -07:00
6e5cd7ef47
Remove X509Generator::bitlenth
2016-08-07 22:46:14 -07:00
a8f827d28c
Fix example
2016-08-07 22:44:42 -07:00
77ba043acf
x509 cleanup
2016-08-07 21:53:05 -07:00
79602b6af4
get_error -> error
2016-08-07 21:34:58 -07:00
7855f428aa
PKey reform
...
This deletes the vast majority of PKey's API, since it was weirdly tied
to RSA and super broken.
2016-08-07 20:38:46 -07:00
7ca5ccf064
Hash reform
...
Closes #430
2016-08-07 16:29:36 -07:00
bc97d088b0
get_handle -> handle
2016-08-05 21:07:17 -07:00
fe47e93f2f
Fix pkey method safety
2016-08-05 21:04:40 -07:00
b4145c6fa5
Clean up x509
2016-08-05 20:55:05 -07:00
4e911e7972
Make x509 constructors unsafe
2016-08-05 19:51:59 -07:00
Steven Fackler