min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,854 Commits 2 Branches 0 Tags 16 MiB
Commit Graph

562 Commits

Author SHA1 Message Date
Steven Fackler c2164a4864 Add peer_cert_chain 2017-07-29 10:34:10 -07:00
Steven Fackler a132834132 Ignore dtls tests 
They're way too flaky.

Closes #525
 2017-07-29 09:54:04 -07:00
Steven Fackler 8fa9b58743 Tweak formatting on cipher list 2017-07-26 20:49:24 -07:00
Steven Fackler 374ad206d5 Use foreign-type's Opaque 2017-07-15 21:53:49 -07:00
Steven Fackler bcd0dcafcb Rustfmt 2017-07-15 21:46:11 -07:00
Steven Fackler 5c2410c38a Init before creating ex indexes 2017-07-15 18:58:24 -07:00
Steven Fackler dbbf446a9e Fix build 2017-07-15 17:25:02 -07:00
Steven Fackler c68db708ee Don't overwrite the configured verify mode 
We can leverage the new extra data API to configure the verification
mode up front so users can reconfigure it as they like.
 2017-07-15 16:50:36 -07:00
Steven Fackler fd52bbe85c Add an API to install extra data 2017-07-15 16:50:36 -07:00
Steven Fackler e3c7a2785c Move callbacks to a submodule 2017-07-15 16:50:36 -07:00
Steven Fackler 279bffccf5 Merge pull request #641 from luser/psk 
Expose PSK via a SslContextBuilder::set_psk_callback method
 2017-07-04 18:19:17 -10:00
Steven Fackler 240eb9731f Properly reexport ConnectConfiguration 2017-06-14 19:54:09 -07:00
Steven Fackler 98d343dd32 Fix for changes in OpenSSL 1.1.0f 2017-06-06 18:45:54 -04:00
Ted Mielczarek 4de58596d9 Make some changes for review comments 2017-06-02 08:20:03 -04:00
Steven Fackler 3028958bf6 Little docs fix 2017-05-29 21:11:49 -07:00
Steven Fackler c89af1d5f8 Add a fixme 2017-05-29 18:04:32 -07:00
Ted Mielczarek 16183f41f6 Expose PSK via a SslContextBuilder::set_psk_callback method 2017-05-26 14:51:04 -04:00
golem131 27728f6fd9 Update bitflags 0.8 -> 0.9 2017-05-22 12:44:22 +03:00
Steven Fackler 0efef98848 Add a note to rename variant 2017-05-06 16:35:55 -07:00
jethrogb dd3896fdc5 Clarify use of ssl::HandshakeError::Interrupted 2017-05-03 12:03:18 -07:00
Steven Fackler c8d1698f27 Logic to support client-side session reuse 2017-03-25 19:30:01 -07:00
Steven Fackler 618cc70d19 Add a fixme to drop const prefixes 2017-02-19 14:24:05 -08:00
Steven Fackler 710a30bb40 Tweaks 2017-02-18 21:58:38 -08:00
Benjamin Fry 88740c1374 add Ok to result 2017-02-16 19:59:02 -08:00
Benjamin Fry 323a646383 only forget in non-error condition 2017-02-16 19:50:58 -08:00
Benjamin Fry eef5b5d2ac review fixes: reorder forget() 2017-02-16 19:49:14 -08:00
Benjamin Fry d080c10910 fix cfg options for v102 and v110 2017-02-16 19:49:14 -08:00
Benjamin Fry f8298882a4 add set_verify_cert_store() to ssl ctx 2017-02-16 19:49:14 -08:00
Steven Fackler f2c69ae7e9 Merge remote-tracking branch 'origin/master' into x509-builder 2017-02-11 10:13:00 -08:00
Steven Fackler 12ae31ad47 Switch to foreign_types 2017-02-03 23:03:35 -08:00
Steven Fackler 722bdb6a4c Merge pull request #550 from Keruspe/master 
LibreSSL support improvements
 2017-01-22 18:39:34 +00:00
Steven Fackler 1ffdf8a1ab Fix test warnings 2017-01-21 14:43:43 +00:00
Steven Fackler 920ab0d6fb OCSP functionality 2017-01-14 21:09:38 -08:00
Steven Fackler 1fbe8f8d71 Fix typo 2017-01-08 11:04:47 -08:00
Steven Fackler 1942977408 Add methods to construct SslAcceptorBuilder without key and cert 
This will allow, in particular, initialization directly from files
rather than having to load and parse them manually.
 2017-01-08 10:57:04 -08:00
Marc-Antoine Perennou 0978f87095 libressl: make set_ecdh_auto available 
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
 2017-01-05 20:47:01 +01:00
Steven Fackler 404e0341d8 Provide master key access 2017-01-04 22:01:30 -08:00
Steven Fackler a2c118bf82 Add basic session tests 2017-01-04 21:18:13 -08:00
Steven Fackler 0b1bfee46d session is nullable 2017-01-04 21:15:09 -08:00
Steven Fackler 5d53405597 Provide access to the session ID 2017-01-04 21:11:06 -08:00
Steven Fackler 88a7032f4b Types and accessor for SslSession 2017-01-04 20:59:46 -08:00
Steven Fackler cfb2539ed4 Typo 2017-01-02 09:37:31 -08:00
Steven Fackler 0e0bee50a5 Clean up bio 2017-01-01 10:18:43 -08:00
Steven Fackler 7e035a7fd1 Merge pull request #538 from semarie/libressl 
Add LibreSSL support
 2016-12-22 11:59:19 -05:00
Sébastien Marie b3526cbd2b Add LibreSSL 2.5.0 support 2016-12-21 09:27:12 +01:00
Alex Crichton 8e01f8d250 Handle zero-length reads/writes 
This commit adds some short-circuits for zero-length reads/writes to
`SslStream`. Because OpenSSL returns 0 on error, then we could mistakenly
confuse a 0-length success as an actual error, so we avoid writing or reading 0
bytes by returning quickly with a success.
 2016-12-20 15:52:18 -08:00
Steven Fackler 146512099b Implement Clone for SslConnector and SslAcceptor 2016-11-27 21:35:35 -08:00
Steven Fackler 234f126d7d Cleanup 2016-11-27 21:00:59 -08:00
Steven Fackler 6794a45d60 Rename ec_key to ec 2016-11-14 22:37:01 +01:00
Steven Fackler 0d0b5080e2 Rename new_by_curve_name to from_curve_name 2016-11-13 20:21:44 +00:00
Steven Fackler 85c1474ce6 No need to use a raw string anymore 2016-11-13 12:19:31 +00:00
Steven Fackler 64e9932ac9 Use ffdhe2048 in mozilla_intermediate 2016-11-12 17:52:58 +00:00
Steven Fackler 2f8301fc63 Be a bit more emphatic about the danger 2016-11-12 16:51:26 +00:00
Steven Fackler 6b3599d319 Add a connect method that does not perform hostname verification 
The method name is intentionally painful to type to discourage its use
 2016-11-12 16:45:18 +00:00
Steven Fackler 7cdb58bc47 Simplify test logic a bit 2016-11-12 14:42:48 +00:00
Steven Fackler 96d24c8957 Add SslRef::set_{tmp_dh,tmp_ecdh,ecdh_auto} 2016-11-12 13:45:54 +00:00
Steven Fackler 2a1d7b2bcb Pick different cipher lists on 1.0.1 and 1.0.2 2016-11-12 13:36:03 +00:00
Steven Fackler 93253ba599 Adjust cipher lists to work on older versions 2016-11-12 13:09:12 +00:00
Steven Fackler 780c46e0e7 Add SslRef::set_tmp_{ec,}dh_calback 2016-11-12 12:56:58 +00:00
Steven Fackler 563754fb08 Add SslContextBuilder::set_tmp_{ec,}dh_callback 2016-11-12 12:43:44 +00:00
Steven Fackler 26a3358a2b Add basic X509_STORE access 
There's more to do here, but this enabled addition of trusted CAs from
X509 objects.

Closes #394
 2016-11-12 00:24:12 +00:00
Steven Fackler 898e7f02df Fix EOF detection 
See https://github.com/openssl/openssl/issues/1903 for details
 2016-11-11 15:10:30 +00:00
Steven Fackler a42c6e8713 Drop rustc-serialize dependency 2016-11-09 20:35:23 +00:00
Steven Fackler aa7c27536a Make sure to override SslContext verify callback always 
The 1.0.1 code has to override this to setup hostname validation, and
don't want behavior to silently change depending on the OpenSSL version
you're building against.
 2016-11-08 22:38:48 +00:00
Steven Fackler 597d05b8f8 Add stack creation and push 2016-11-06 23:46:42 -08:00
Steven Fackler 1edb6f682e Support client CA advertisement 2016-11-06 12:17:14 -08:00
Steven Fackler a4e0581e4f Fix build on 1.0.1 2016-11-06 11:57:50 -08:00
Steven Fackler bcb7b3f5dc Add accessors for cert and private key 
Closes #340
 2016-11-06 10:46:38 -08:00
Steven Fackler 79e2004eef Fixes 2016-11-05 19:28:17 -07:00
Steven Fackler f15c817c2d Rustfmt 2016-11-05 10:54:17 -07:00
Steven Fackler 99b41a0050 Rename accessors 2016-11-05 10:15:40 -07:00
Steven Fackler 01ae978db0 Get rid of Ref 
There's unfortunately a rustdoc bug that causes all methods implemented
for any Ref<T> to be inlined in the deref methods section :(
 2016-11-04 17:16:59 -07:00
Steven Fackler 6fe7dd3024 Remove an enum 2016-11-03 22:45:54 -07:00
Steven Fackler aa0040125b Use built in DH parameters when available 
Fall back to a hardcoded PEM blob on 1.0.1, but serialized from
DH_get_2048_256.
 2016-11-01 22:50:22 -07:00
Lionel Flandrin 36bf0bb387 Replace GeneralNames by the new Stack API 2016-11-01 21:23:18 +01:00
Steven Fackler f71395c600 Little cfg cleanup 2016-10-31 22:45:51 -07:00
Steven Fackler dc4098bdd8 Clean up x509 name entries 2016-10-31 22:43:05 -07:00
Steven Fackler cd7fa9fca2 Update x509 2016-10-31 20:54:34 -07:00
Steven Fackler ff12d37aef Update ssl 2016-10-31 20:32:55 -07:00
Steven Fackler 16e398e005 Update verify 2016-10-31 20:19:59 -07:00
Steven Fackler f640613863 Update PKey 2016-10-31 20:12:55 -07:00
Steven Fackler d6579ab058 Update EcKey 2016-10-31 20:06:06 -07:00
Steven Fackler 28f375974a Convert Dh 2016-10-31 20:02:24 -07:00
Steven Fackler 006da59285 Return an SslRef 2016-10-30 22:42:32 -07:00
Steven Fackler 558124b755 Expose SSL_MODEs 2016-10-30 22:02:26 -07:00
Steven Fackler e0211dac30 Rename set_CA_file 2016-10-30 21:39:26 -07:00
Steven Fackler 5b0fc9a185 Impl Sync and Send for SslContextBuilder 2016-10-30 20:34:35 -07:00
Steven Fackler add8e4023e Rename connectors 2016-10-30 19:39:18 -07:00
Steven Fackler 997e92e052 Merge ssl option setup 
The client will ignore server-side options so we may as well stick them
all in the same spot.
 2016-10-30 18:49:29 -07:00
Steven Fackler bd457dba18 Move HandshakeError to submodule 2016-10-30 17:23:03 -07:00
Steven Fackler f75f82e466 Rustfmt 2016-10-30 16:37:45 -07:00
Steven Fackler 7869651407 Remove out of date comment 2016-10-30 16:34:50 -07:00
Steven Fackler 9abbf6f80e Use Python's cipher list on the client side. 2016-10-30 16:29:33 -07:00
Steven Fackler d1179f1ad2 Update docs 2016-10-30 15:14:29 -07:00
Steven Fackler 52f288e090 Add a mozilla modern profile 2016-10-30 14:57:22 -07:00
Steven Fackler 7d13176cd1 Rename nwe to mozilla_intermediate 2016-10-30 14:34:05 -07:00
Steven Fackler 43b430e5b0 Pass SslMethod into constructors 2016-10-30 14:26:28 -07:00
Steven Fackler ee79db61c2 Enable single ECDH use 2016-10-30 13:41:24 -07:00
Steven Fackler 677718f8da Configure ECDH parameters in connector 2016-10-30 13:38:09 -07:00
Steven Fackler eb735f519a Clean up generics a bit 2016-10-30 11:05:29 -07:00
Steven Fackler 23fe1e85e9 Pull Curl's CA list for Windows tests 2016-10-29 18:17:46 -07:00
Steven Fackler 761dd780c1 Add module level docs 2016-10-29 18:04:38 -07:00
Steven Fackler e72533c058 Docs for connectors 2016-10-29 15:00:46 -07:00
Steven Fackler 57d10ebbc3 Add PKeyRef 2016-10-29 14:19:09 -07:00
Steven Fackler 4c7a5a418e Implement client and server connectors 2016-10-29 14:02:26 -07:00
Steven Fackler dafb46fc51 Camel case DH 2016-10-27 20:26:18 -07:00
Steven Fackler 781417d50f Add a macro definition 2016-10-27 19:12:55 -07:00
Steven Fackler 8e129af256 Fix description 2016-10-26 22:15:41 -07:00
Steven Fackler 63b1ec1a12 Stop returning an Option from cipher description 2016-10-26 22:13:10 -07:00
Steven Fackler ebc4c56c34 Add SslMethod::from_ptr 2016-10-26 20:43:43 -07:00
Steven Fackler f4b7006771 Don't allow mutation of SslContexts 
SslContext is reference counted and the various setter methods don't
take out locks where necessary. Fix this by adding a builder for the
context.
 2016-10-25 23:12:56 -07:00
Steven Fackler 39279455c8 Add a shutdown method 2016-10-25 20:40:18 -07:00
Steven Fackler eb655bddbc Fix ordering 2016-10-25 20:01:28 -07:00
Steven Fackler 938fdd7137 Add into_error 2016-10-23 21:54:49 -07:00
Steven Fackler ca71e00878 Fix Send + Sync-ness of SslStream 2016-10-23 20:55:31 -07:00
Steven Fackler 98b7f2f935 Flatten crypto module 2016-10-22 09:16:38 -07:00
Steven Fackler 9be0aab9ac Borrow compression string 2016-10-21 21:46:32 -07:00
Steven Fackler f1c68e3544 Rename SslContextOptions 2016-10-21 21:22:05 -07:00
Steven Fackler 8ec53eb0e1 Fix X509StoreContext 2016-10-21 20:59:07 -07:00
Steven Fackler 02b4385c5d Convert X509VerifyParamRef 2016-10-21 19:58:06 -07:00
Steven Fackler f0cde38929 Borrowed servername 2016-10-21 19:54:30 -07:00
Steven Fackler fcb86b8394 Convert SslCipherRef 2016-10-21 19:45:46 -07:00
Steven Fackler 2bbeddd14a Convert SslRef 2016-10-21 19:33:56 -07:00
Steven Fackler fe98a90719 Convert SslContextRef 2016-10-21 19:15:09 -07:00
Steven Fackler bd0c0c60bd Store a MidHandshakeSslStream in fatal errors 
This in particular allows the X509 verification error to be retrieved,
as well as the stream itself.
 2016-10-20 20:57:53 -07:00
Steven Fackler 8f3511c0cd Redo SslStream construction 
SslStream is now constructed via methods on Ssl. You realistically want
to create an Ssl for SNI and hostname verification so making it harder
to construct a stream directly from an SslContext is a good thing.
 2016-10-20 19:59:09 -07:00
Steven Fackler 5ab037f056 Allow the X509 verify error to be read from an SslRef 2016-10-18 22:21:06 -07:00
Steven Fackler c4459c37d9 Callback cleanup 2016-10-18 21:13:13 -07:00
Steven Fackler f7e6d7fce6 Don't ignore errors in NPN/ALPN logic 
Closes #479
 2016-10-18 21:12:55 -07:00
Steven Fackler 194298a057 Implement new feature setup 
The basic idea here is that there is a feature for each supported
OpenSSL version. Enabling multiple features represents support for
multiple OpenSSL versions, but it's then up to you to check which
version you link against (probably by depending on openssl-sys and
making a build script similar to what openssl does).
 2016-10-17 21:57:54 -07:00
Steven Fackler b7400d56e8 Fix algorithm field 2016-10-16 23:22:00 -07:00
Steven Fackler 78daed2d58 ssl error handling cleanup 2016-10-16 20:14:04 -07:00
Steven Fackler 6ea551dc82 Fix set_read_ahead signature 2016-10-15 16:53:10 -07:00
Steven Fackler ee18988584 De-enumify SslMethod 2016-10-15 16:10:03 -07:00
Steven Fackler c171be551a De-enumify message digests 2016-10-15 15:23:29 -07:00
Steven Fackler 64b8e5e553 Merge pull request #471 from sfackler/no-comp 
Handle OPENSSL_NO_COMP
 2016-10-14 23:09:11 -07:00
Steven Fackler 7ac0599638 Fix test_alpn_server_select_none 
In OpenSSL 1.1, a failure to negotiate a protocol is a fatal error, so
fork that test. This also popped up an issue where we assumed all errors
had library, function, and reason strings which is not necessarily the
case.

While we're in here, adjust the Display impl to match what OpenSSL
prints out.

Closes #465
 2016-10-14 22:01:21 -07:00
Steven Fackler f520aa2860 Handle OPENSSL_NO_COMP 
Closes #459
 2016-10-14 20:50:45 -07:00
Steven Fackler d976b8f595 Enable hostname verification on 1.0.2 2016-10-14 18:56:15 -07:00
Steven Fackler af51b263b1 Support hostname verification 
Closes #206
 2016-10-14 17:39:31 -07:00
Alex Crichton 0908fddc74 Ignore DTLS tests on Windows/ARM for now 
cc #467
 2016-10-14 11:15:22 -07:00
Steven Fackler f44cff29e6 Cleanup 2016-10-13 22:34:39 -07:00
Steven Fackler 3d535f661f Use stdlib logic for udp 2016-10-13 20:15:26 -07:00
Steven Fackler a09f46266d Fix windows for real 2016-10-13 20:09:43 -07:00
Steven Fackler 5b29fc9d69 Disable npn tests on < 1.0.2 
s_client doesn't seem to support the required flag before then.
 2016-10-13 20:03:02 -07:00
Steven Fackler 140ef1b988 Fix tests on windows 2016-10-13 20:01:31 -07:00
Steven Fackler 143556078b Reenable dtls tests 2016-10-13 19:48:30 -07:00
Steven Fackler edfc50f37d Clean up features 2016-10-13 19:46:13 -07:00
Steven Fackler b610e01793 Flag off dtls and mask ssl_ops 
Also un-feature gate npn as it ships with 1.0.1
 2016-10-13 19:06:53 -07:00
Alex Crichton 715b700aff Ignore a test on OpenSSL 1.1.0 2016-10-12 22:51:47 -07:00
Steven Fackler af3e06d3e8 Add remaining SSL_OP constants 2016-10-12 22:50:08 -07:00
Alex Crichton 43c951f743 Add support for OpenSSL 1.1.0 
This commit is relatively major refactoring of the `openssl-sys` crate as well
as the `openssl` crate itself. The end goal here was to support OpenSSL 1.1.0,
and lots of other various tweaks happened along the way. The major new features
are:

* OpenSSL 1.1.0 is supported
* OpenSSL 0.9.8 is no longer supported (aka all OSX users by default)
* All FFI bindings are verified with the `ctest` crate (same way as the `libc`
  crate)
* CI matrixes are vastly expanded to include 32/64 of all platforms, more
  OpenSSL version coverage, as well as ARM coverage on Linux
* The `c_helpers` module is completely removed along with the `gcc` dependency.
* The `openssl-sys` build script was completely rewritten
  * Now uses `OPENSSL_DIR` to find the installation, not include/lib env vars.
  * Better error messages for mismatched versions.
  * Better error messages for failing to find OpenSSL on a platform (more can be
    done here)
  * Probing of OpenSSL build-time configuration to inform the API of the `*-sys`
    crate.
* Many Cargo features have been removed as they're now enabled by default.

As this is a breaking change to both the `openssl` and `openssl-sys` crates this
will necessitate a major version bump of both. There's still a few more API
questions remaining but let's hash that out on a PR!

Closes #452
 2016-10-12 22:49:55 -07:00
Steven Fackler cd69343d67 Fix SslContext::add_extra_chain_cert 
SSL_CTX_add_extra_chain_cert assumes ownership of the certificate, so
the method really needs to take an X509 by value. Work around this by
manually cloning the cert.

This method has been around for over a year but I'm guessing nobody
actually used it since it produces a nice double free into segfault!
 2016-08-17 19:30:57 -07:00
Steven Fackler 80ed1ef8ab Ignore flickering test on windows 2016-08-16 22:41:36 -07:00
Steven Fackler 6b12a0cdde PKCS #12 support 2016-08-14 11:11:26 -07:00
Steven Fackler ad4a8cc140 More test fixes 2016-08-14 11:05:53 -07:00
Steven Fackler 3876332734 Fix tests 2016-08-14 10:29:55 -07:00
Steven Fackler 773a6f0735 Start on PKCS #12 support 2016-08-14 10:11:38 -07:00
Steven Fackler 5042d3d170 Mangle c helper functions 
We want to make sure that multiple openssl versions can coexist in the
same dependency tree.

Closes #438
 2016-08-13 12:05:29 -07:00
Steven Fackler b21805f541 Fix tests 2016-08-10 22:10:32 -07:00
Steven Fackler 0359afb99e Little tweaks 2016-08-10 22:02:36 -07:00
Steven Fackler 59fe901357 Method renames 2016-08-10 21:28:17 -07:00
Steven Fackler 5e6b8e68fd More API cleanup 2016-08-10 21:07:41 -07:00
Steven Fackler 0854632ff5 Make c_helpers optional 2016-08-09 22:02:49 -07:00
Steven Fackler 2f46c793e5 Remove rust_SSL_clone 2016-08-09 21:23:54 -07:00
Steven Fackler 25752280ae Move init to crate root 2016-08-07 22:09:19 -07:00
Steven Fackler 79602b6af4 get_error -> error 2016-08-07 21:34:58 -07:00
Steven Fackler 5af01a5dbd Clean up asn1time 2016-08-06 22:23:03 -07:00
Steven Fackler fe47e93f2f Fix pkey method safety 2016-08-05 21:04:40 -07:00
Steven Fackler b4145c6fa5 Clean up x509 2016-08-05 20:55:05 -07:00
Steven Fackler c47be8b14b Move SSL_CTX_set_ecdh_auto to -sys 2016-08-04 22:52:40 -07:00
Steven Fackler ee67ea8ea0 Mvoe SSL_CTX_add_extra_chain_cert to -sys 2016-08-04 22:46:47 -07:00
Steven Fackler 378b86326c Move SSL_CTX_set_tmp_dh to -sys 2016-08-04 22:43:24 -07:00
Steven Fackler 7fb7f4671d Move SSL_CTX_set_read_ahead to -sys 2016-08-04 22:40:01 -07:00
Steven Fackler 77dbab2cad Move SSL_CTX_set_tlsext_servername_callback to -sys 2016-08-04 22:37:39 -07:00
Steven Fackler c2a7c5b7f0 Move SSL_set_tlsext_host_name to -sys 2016-08-04 22:28:33 -07:00
Steven Fackler b29ea62491 Move BIO macros into -sys 2016-08-04 22:22:55 -07:00
Steven Fackler dd16f64f89 Stop once-ing init wrapper 
The underlying function already once-s itself
 2016-08-04 22:15:50 -07:00
Steven Fackler 17474520bc Support basic SSL options without C shims 2016-08-04 22:14:18 -07:00
Steven Fackler abacc8bb18 Define SSL_CTX_set_mode in openssl-sys 2016-08-02 22:14:44 -07:00
Steven Fackler 08e27f31ed Restructure PEM input/output methods 
Dealing with byte buffers directly avoids error handling weirdness and
we were loading it all into memory before anyway.
 2016-08-02 20:49:28 -07:00
Steven Fackler 2574bff52d Merge pull request #432 from alexcrichton/mid-handshake 
Add MidHandshakeSslStream
 2016-07-31 16:20:10 -07:00
Alex Crichton 3539be3366 Add MidHandshakeSslStream 
Allows recognizing when a stream is still in handshake mode and can gracefully
transition when ready. The blocking usage of the API should still be the same,
just helps nonblocking implementations!
 2016-07-31 16:01:06 -07:00
Steven Fackler 5cb04db787 Fix build with dtls 2016-07-31 15:35:45 -07:00
Steven Fackler f0ffa246b8 Merge remote-tracking branch 'origin/master' into breaks 2016-07-31 15:15:47 -07:00
Shaun Taheri 722a2bd673 Set SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER flag 2016-07-24 20:55:15 +02:00
Steven Fackler 121169c1f5 Set auto retry 
SSL_read returns a WANT_READ after a renegotiation by default which ends
up bubbling up as a weird BUG error. Tell OpenSSL to just do the read
again.
 2016-07-01 18:31:47 -04:00
Corey Farwell f4f6412fcb Fix a few mutable types for `self` parameters. 2016-06-02 10:25:33 -04:00
Steven Fackler 1b0757409d Rustfmt 2016-05-16 23:03:13 -07:00
Steven Fackler 62c29b54c1 Update cert 
Now with a 10 year expriation
 2016-05-15 22:11:10 -07:00
Steven Fackler 356d4a0420 Remove AsRaw{Fd, Socket} impls 
An SslStream can't really act as a raw socket since you'd skip the whole
TLS layer
 2016-05-03 20:24:07 -07:00
Steven Fackler f1846bce78 Remove silly internal error enum 2016-05-03 20:24:07 -07:00
Steven Fackler 00f517d2cd Drop MaybeSslStream 
It should be inlined into crates that depend on it.
 2016-05-03 20:24:07 -07:00
Steven Fackler 085b2e6f03 Drop is_dtls methods on SslMethod 2016-05-03 20:24:07 -07:00
Steven Fackler f09ca6fee2 Clean up SNI APIs 2016-05-03 20:24:07 -07:00
Steven Fackler 61f65cd8d6 Move SslContext::set_verify to a closure based API 2016-05-03 20:24:07 -07:00
Steven Fackler 696b1961ce Rename getters in line with conventions 2016-05-03 20:24:07 -07:00
Steven Fackler a0549c1606 Adjust set_ssl_context API 2016-05-03 20:24:07 -07:00
Steven Fackler fa62232649 Error reform 2016-05-03 20:24:07 -07:00
Steven Fackler 58654bc491 Remove deprecated methods 2016-05-03 20:24:07 -07:00
Steven Fackler de47d158c2 Remove NonblockingSslStream 2016-05-03 20:24:07 -07:00
Steven Fackler 9b1eb6d94d Add a version of Ssl::set_verify that doesn't set a callback 2016-05-01 20:45:49 -07:00
Steven Fackler 62a7dd10e5 Add Ssl::set_verify 
It also uses a better, closure based API than the existing callback
    methods.
 2016-04-30 08:09:12 -07:00
Steven Fackler 50024ce33b Ignore default verify paths test on windows 2016-04-29 21:40:16 -07:00
Matt Brubeck ee12087743 Upgrade to work with bitflags 0.5 and 0.6 2016-04-29 13:19:39 -07:00
Steven Fackler c60e831cc4 Add docs for set_default_verify_paths 2016-04-16 20:49:46 -07:00
Steven Fackler c2e72f6641 Add SslContext::set_default_verify_paths 2016-04-16 20:47:32 -07:00
Steven Fackler b94ea8598c Update for nightly changes 2016-04-13 19:30:08 -07:00
Rico Huijbers 00282de2a5 Add ability to set session ID context on an SSL context 
This is necessary to make authentication with client certificates work
without session restarts.
 2016-04-13 21:38:23 +02:00
Joe Wilm c4b7b85d99 Add safe wrapper BioMethod for ffi::BIO_METHOD 
Adds a wrapper for ffi::BIO_METHOD located at ssl::bio::BioMethod. This
enables SslStream to be Send without doing an unsafe impl on the ffi
struct.
 2016-04-04 16:08:38 -07:00
Steven Fackler 02f114faae Cleanup 2016-03-27 13:37:00 -07:00
Steven Fackler c4187638a8 Update for nightly changes 2016-03-27 13:29:24 -07:00
Leon Anavi 6d4bfaa490 Cast correctly c_char raw pointers (fixes build on ARM #363) 
Fix error caused by mismatched types while building crate
openssl for Raspberry Pi 2 and other ARM devices.

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
 2016-03-22 00:16:56 +02:00
Ms2ger 6d043b3700 Allow Rust to infer the type of the argument to SSL_CIPHER_description. 
This allows the code to compile on Android, where an unsigned char is
expected.
 2016-03-18 15:44:47 +01:00
Steven Fackler ade90bf004 Clean up BIO name 2016-03-17 22:27:16 -07:00
Steven Fackler a9a18cf337 Simplify panic safety logic for new nightly 2016-03-17 22:23:51 -07:00
Alex Crichton 3467cf343f Fix nightly warnings about zero-sized fn pointers 2016-03-11 12:57:56 -08:00
Erik Johnston 80ac6e54ac Make SSLCipher.bits() return a struct. 2016-02-29 21:23:34 +00:00
Erik Johnston 04cbf049c0 Add SSL_get_version 2016-02-29 20:14:48 +00:00
Erik Johnston 1e9667ea89 Add support for SSL_CIPHER 2016-02-17 22:38:32 +00:00
Steven Fackler 643a4a58c9 More deprecated function cleanup 2016-02-08 23:20:19 -08:00
Steven Fackler e3e4aa4472 Stop using deprecated method 2016-02-08 23:12:54 -08:00
Steven Fackler b7d3357f37 Fix connect and accept error reporting 
We were previously trying to create an error twice so the second
wouldn't be correct.
 2016-01-22 15:34:31 -08:00
Cody P Schafer d1825c7a86 openssl/ssl/context: test that we are refcounting correctly 
Not a perfect test, on failure it _might_ exit with this output:

Process didn't exit successfully:
`/home/cody/g/rust-openssl/openssl/target/debug/openssl-8e712036e3aac4fe`
(signal: 11)

But unclear if we can do any better.
 2016-01-18 16:40:14 -05:00
Cody P Schafer dacde211c3 ssl: fix refcounting of SslContext when set_ssl_context is used 
Additionally impl Clone for SslContext to both allow us to use it &
allow external users to take advantage of SslContext's internal
refcount.

Maintain the existing signature for set_ssl_context(), but
add inline comments recommending changing it.

Fixes #333
 2016-01-18 15:37:13 -05:00
Steven Fackler 86e2f81f43 Fix should_panic check 2016-01-11 23:45:12 -08:00
Steven Fackler fd6454f625 Add stream panic propagation behind a nightly feature gate 2016-01-11 22:36:58 -08:00
Steven Fackler 11129aa521 Rustfmt 2015-12-18 22:34:30 -08:00
Steven Fackler a31acdbb93 Fix deprecation location 2015-12-18 22:21:23 -08:00
Steven Fackler e85b49d375 Work around the worst of clone bogusness 
SslStream::{clone,try_clone} are inherently broken since the Ssl object
shared by both streams is only going to be talking to one stream. Stuff
like hyper depends on try_clone, so we'll leave it here for now but
minimize the brokenness to "no worse than what it used to be like".
They'll be removed in 0.8.

cc #325
 2015-12-18 21:20:47 -08:00
Steven Fackler e077ed0b4d Disable cross compilation for now 2015-12-17 21:13:44 -08:00
Steven Fackler 053c924d5a Fix nonblocking behavior 
A new nonblocking socket may not have finished connecting yet, so reads
and writes can return ENOTCONNECTED which we should reinterpret into a
WantRead or WantWrite

Closes #323
 2015-12-17 16:54:11 -08:00
Ondrej Perutka 02d2230a76 Fix regression of c_char type mismatches on ARM 2015-12-16 11:11:14 +01:00
Steven Fackler 157e6aa961 Rustfmt 2015-12-15 21:51:20 -08:00
Steven Fackler edfb318e0b Fix bounds on ssl_read and ssl_write 2015-12-15 20:06:07 -08:00
Steven Fackler 6d559bf1da Cleanup SNI stuff 2015-12-15 19:39:24 -08:00
Steven Fackler 3a0e64dca5 Cleanup 2015-12-15 19:33:36 -08:00
Steven Fackler 514c5ec415 Merge pull request #309 from Geal/master 
Add support for Server Name indication (SNI) on the server's side
 2015-12-15 19:22:39 -08:00
Steven Fackler f2fae1f83f Document unused variant 
No reason to hide it
 2015-12-14 23:44:28 -08:00
Steven Fackler b8c8b770e3 Yet more AsRawSocket fixes 2015-12-12 18:01:21 -08:00
Steven Fackler ddedda1d03 More AsRawSocket fixes 2015-12-12 16:47:03 -08:00
Steven Fackler 63a45ac622 Fix AsRawSocket impls 2015-12-12 16:33:58 -08:00
Steven Fackler d6ce9afdf3 Have NonblockingSslStream delegate to SslStream 2015-12-12 15:46:17 -08:00
Steven Fackler 1df131ff81 Build out a new error type 2015-12-12 15:01:16 -08:00
Steven Fackler aa37dba0bc Make error handling more reliable 2015-12-10 21:58:22 -08:00
Steven Fackler 91f8c542f7 Replace SslStream implementation! 2015-12-09 23:30:29 -08:00
Steven Fackler 8f56897043 Implement read and write 2015-12-09 22:02:02 -08:00
Steven Fackler 9ee6f1c578 IT LIVES 2015-12-09 21:43:02 -08:00
Steven Fackler 4d883d488e Custom BIO infrastructure 2015-12-08 23:02:38 -08:00
Geoffroy Couprie 6850c810d3 Increment SSL_CTX's reference count in Ssl::get_ssl_context() 
Without this, whenever the returned SslContext is released,
the refcount of the underlying SSL_CTX will decrease and it
will be freed too soon
 2015-12-03 12:26:55 +01:00