1e4cba36e8
Add missing C-string conversion, fixing recent build errors
2015-07-08 11:05:18 -07:00
3351d5b807
Merge pull request #227 from jethrogb/topic/x509_name
...
Allow setting of arbitrary X509 names
2015-07-08 10:21:19 -07:00
0cb4368ef8
Merge pull request #221 from jethrogb/topic/ssl_options
...
Several SSL option fixes
2015-07-08 10:20:33 -07:00
e3c562d6a0
Fix/add more X509generator tests
2015-07-08 10:09:40 -07:00
1bcbe8f4bc
Add X509generator.add_names method
2015-07-08 10:09:40 -07:00
f2b0da1de7
Add public add_name method to X509Generator
2015-07-08 10:08:41 -07:00
11bcac01ec
Replace CN field by names vector
2015-07-08 10:06:52 -07:00
3229296105
Merge pull request #233 from jethrogb/topic/x509_extension
...
Allow setting of arbitrary X509 extensions
2015-07-08 03:10:40 -04:00
cc497b4768
Release v0.6.4
2015-07-06 11:09:03 -07:00
f4afe615dd
Unpin the bitflags version.
...
This dependency causes Servo to depend on multiple versions of the bitflags
crate.
2015-07-06 19:47:59 +02:00
aeefa364b7
Decouple C SSL Option bit flags from Rust version
...
The OpenSSL "SSL_OP_*" flags are in constant flux between different OpenSSL
versions. To avoid having to change the Rust definitions, we implement our
own numbering system in Rust, and use an automatically-generated C shim to
convert the bitflags at runtime.
2015-07-01 21:49:11 -07:00
f9a836fae9
tabs to spaces
2015-07-01 00:18:45 -07:00
93eb0cfa2d
Add documentation on X509 Extensions
2015-07-01 00:18:45 -07:00
e9cc8cb121
Add Issuer Alternative Name extension
2015-07-01 00:18:45 -07:00
f4168b1161
Add Subject Alternate Name extension
2015-07-01 00:18:45 -07:00
b46574b635
Add arbitrary X509 extensions by OID string
2015-07-01 00:18:45 -07:00
e367567d00
Add arbitrary X509 extensions by NID
2015-07-01 00:18:45 -07:00
2fa1344367
Add public generic extension interface to X509Generator
...
* Add add_extension and add_extensions functions
* Deprecate set_usage and set_ext_usage
* Change test to use add_extension
2015-07-01 00:18:45 -07:00
53b868697a
Implement arbitrary X509 Extended Key Usage values
2015-07-01 00:18:45 -07:00
8d1abf5156
Implement "extensions" field in X509generator, and change existing extensions to use that
2015-07-01 00:18:45 -07:00
d5a4d48cab
Turn assertions into unwraps such that tests provide useful output on panic.
2015-07-01 00:18:44 -07:00
c4e398d397
Turn "dirty hack" into slightly less dirty hack, with potential to become non-dirty
2015-07-01 00:18:44 -07:00
14a2f5c5e9
Move X509 extensions to seperate module, implement ToString instead of custom AsStr
2015-07-01 00:18:44 -07:00
9074af5bdd
Add a test that checks whether 3 known subject attributes can be retrieved by NID
2015-06-30 23:51:54 -07:00
1d214bce61
Fix NID definitions to match OpenSSL. The previous numbers were introduced incorrectly in #213
2015-06-30 23:34:17 -07:00
a6ff56209d
Revert "Don't build a custom openssl on OSX"
...
This reverts commit 645430602d
2015-06-30 00:07:38 -07:00
61e61bbae4
Fix backcompat method
2015-06-29 22:04:31 -07:00
dfacea1df6
Fix build with alpn feature
2015-06-29 21:58:54 -07:00
01e01e3747
ssl: support ALPN
...
Heavily based on the existing NPN wrapping code. Naming of public
functions is identical to the NPN ones with `s/npn/alpn/` applied to
prevent devs from needing to remember 2 names (and to let my copy the
npn tests and perform the subistution to generate the apln tests).
It might make sense to (at some point) use macros or a trait to cut down
the duplication.
2015-06-29 10:58:45 -04:00
539ae2eebf
ssl/NPN: factor out encoding of the protocol list
...
The intention is to allow the encoding to be reused by the ALPN support
code.
2015-06-29 10:57:44 -04:00
a94ea78d8a
ssl: use a common helper to generate new ex data indexes, switch NPN to a lazyref
...
Rather than having the verification data idx generation and NPN use
there own (similar) impls to generate indexes with destructors, unify
them.
Make NPNs use of indexes more idomatic by storing the index in a
lazyref rather than having a function with static data members.
2015-06-29 10:57:44 -04:00
8fdd0e2ec1
More docs
2015-06-28 11:30:49 -07:00
94b0f26c10
Fix windows build
2015-06-28 10:21:06 -07:00
b1dd46ae6a
Docs
2015-06-28 10:15:33 -07:00
3325e6b474
Make the direct constructors the defaults
2015-06-28 10:06:42 -07:00
797488dd09
Add docs for accept and connect
2015-06-28 00:21:41 -07:00
b1a30ce4ba
Rename new_client to connect and new_server to accept
2015-06-28 00:12:47 -07:00
1373a76ce1
Implement direct IO support
2015-06-28 00:06:14 -07:00
9b235a7b91
Prepare for direct stream support
2015-06-27 22:37:10 -07:00
c722f889c1
Docs tweak
2015-06-27 21:40:55 -07:00
0cff370f1d
Reduce SslStream constructor duplication
2015-06-27 21:40:00 -07:00
a80a77bbb8
Initialize stream buffer
2015-06-27 19:42:13 -07:00
9d0acfe615
Fix set_hostname
...
It was previously failing to null terminate the hostname string (was
anyone actually using this?). Also move the macro expansion to the C
shim.
2015-06-27 19:37:45 -07:00
645430602d
Don't build a custom openssl on OSX
...
I don't believe the bugfix the required this is needed anymore
2015-06-27 15:45:48 -07:00
cb7248d8cb
Import shim'd HMAC stuff with the original name
2015-06-27 15:23:19 -07:00
d0b769c93c
Move macro replicas into C shim
2015-06-27 15:11:11 -07:00
524c1e63aa
Release v0.6.3
2015-06-25 23:22:04 -07:00
212acf0bb8
Add a test for connection negotiation failure
2015-06-25 23:07:25 -07:00
c8d23f37a4
Fix EOF handling in retry wrapper
2015-06-25 22:47:53 -07:00
2c18bc7f52
Remove superfluous vec! usage
2015-06-14 21:56:48 -07:00
d2d20a8377
Use AsRef for backwards compatibility with passing IV as Vec
2015-06-14 21:56:23 -07:00
cbf0cbafbf
Pass symmetric crypto initialization vector as a slice
...
Note: This change is backwards-incompatible. Users will need to add turn their
parameters into references.
2015-06-12 18:38:52 -07:00
7344b2703a
Bump bitflags version
2015-06-02 14:33:10 +05:30
7320c1619f
Correction on sign and verify documentation to be more explicit of right
...
behaviour (no hash done by the functions).
2015-05-30 13:08:45 +02:00
8e180371ec
Merge pull request #219 from jethrogb/topic/x509req
...
Implement limited X509_REQ functionality
2015-05-29 00:01:21 -04:00
ed6f7997a2
Remove superfluous dead_code attribute
2015-05-28 20:47:53 -07:00
c1232f3035
Implement limited X509_REQ functionality
2015-05-28 00:22:14 -07:00
a0cbcf56cf
Clarify which keys are used where
2015-05-27 23:46:02 -07:00
1123c7387e
Fix SslString Debug impl and drop lifetime
2015-05-17 11:22:42 -07:00
6d53a3ed20
Test reading CN from test certificate
2015-05-18 02:41:42 +10:00
e88f1567b4
Add support for reading X509 subject information
2015-05-18 02:41:42 +10:00
e7a5ecc8dd
Add test for get_peer_certificate()
2015-05-16 19:37:31 +10:00
5d9eaf53da
Add accessor for peer_certificate
2015-05-16 19:20:38 +10:00
d723481f77
Fix doc root
2015-05-13 16:31:27 -07:00
8a9aa0c657
Merge pull request #210 from manuels/pending
...
Add SslStream.pending()
2015-05-05 22:57:14 -04:00
fb2822d5c7
Merge pull request #201 from manuels/pkey_cmp
...
Add comparison for PKeys
2015-05-04 10:19:13 -07:00
00c17035ec
Abstract over AsRef<Path>
2015-05-02 13:59:11 -07:00
d044d87c1b
Release v0.6.2
2015-05-01 10:43:54 -07:00
b0bcb44556
Move PKey comparison func to public_eq()
2015-05-01 10:58:15 +02:00
c8fae312ad
Add SslStream.pending()
2015-04-30 20:00:30 +02:00
73617dabfa
Write through to underlying stream for every write call
...
cc #208
2015-04-30 00:18:23 -07:00
bce84a6d53
Release v0.6.1
2015-04-22 15:08:56 -07:00
123d400277
Add comparison for PKeys
2015-04-16 17:14:21 +02:00
7db00b97ba
Add X509::public_key()
2015-04-15 22:59:07 +02:00
8027fff782
Fix nightly build issues
2015-04-15 09:10:22 -07:00
8eb5db45bf
Fix non-dtls tests
2015-04-08 22:12:57 -07:00
c5a16db97e
Fix dtls tests
...
There's a reason static mut is unsafe...
2015-04-08 22:10:13 -07:00
483e0b1f0a
Clean up build infrastructure
2015-04-08 21:52:54 -07:00
6f1e9cf47c
Make connected_socket a dev-dependency
2015-04-06 13:00:12 +02:00
b3eae0e3f6
Adapt code for rust-1.0.0-beta
2015-04-06 12:56:38 +02:00
912cacf4bc
Fix rebase errors
2015-04-06 12:26:10 +02:00
fb98f482e2
Add ability to load private keys from files and use raw keys and certificates for SslContext
...
Conflicts:
openssl/src/crypto/pkey.rs
openssl/src/ssl/tests.rs
2015-04-06 12:25:37 +02:00
3c03dd9535
Add ability to load private keys from files and use raw keys and certificates for SslContext
...
Conflicts:
openssl/src/ssl/tests.rs
2015-04-06 12:25:15 +02:00
114253c55e
Change SslContext::set_read_ahead(c_long) to SslContext::set_read_ahead(u32)
2015-04-06 12:23:11 +02:00
62b19e87e8
Fix preemtively exiting openssl dtls server for tests
2015-04-06 12:23:11 +02:00
362a7dfc93
Debug halteproblem with tests
2015-04-06 12:23:11 +02:00
dbef985e32
Move connected_socket to its own crate and fix SSL_CTX_set_read_ahead()
2015-04-06 12:23:11 +02:00
5788f3bec8
Use latest OpenSSL version in travis tests and more verbose error message in ConnectedSocket
2015-04-06 12:22:51 +02:00
014f59ae60
Fix detect_invalid_ipv4 test on OSX
...
Looks like the invalid IP 254.254.254.254 is fine for OSX
2015-04-06 12:22:51 +02:00
3680763906
Fix OSX related compiler error and correct travis OpenSSL setup
2015-04-06 12:22:51 +02:00
4f2978bbd3
Adjust sin_len/sin6_len for non-linux platforms
...
Fixing errors for platforms you don't own is really annoying ;)
Fixing errors
2015-04-06 12:22:51 +02:00
efbd4eee05
Fix portability issue and typo
2015-04-06 12:22:50 +02:00
8a0e9d6cca
Fix travis test setup for DTLS
2015-04-06 12:22:50 +02:00
664600eadf
Add DTLSv1 and DTLSv1.2 support
2015-04-06 12:22:50 +02:00
5408b641dd
Add connect() support for UDP sockets
2015-04-06 12:14:36 +02:00
51dd12934a
Release v0.6.0
2015-04-05 16:50:37 -07:00
36f264551a
Merge pull request #186 from manuels/set_raw_key
...
Use raw keys and certs in SslContext
2015-04-05 16:45:24 -07:00
ed97463346
Release v0.5.5
2015-04-03 08:44:34 -07:00
7e88d8c277
Fix errors in tests (SslVerifyPeer -> SSL_VERIFY_PEER)
2015-04-03 15:16:38 +02:00
57f046e8ea
Use raw pointers instead of ptr::Unique
2015-04-03 14:42:35 +02:00
e1d65fc2be
Return Result<(),SslError> instead of Option<SslError>
2015-04-03 14:34:24 +02:00
b6c5c113f5
Add SslContext::add_extra_chain_cert()
2015-04-03 14:34:24 +02:00
632d8398cf
Add ability to load private keys from files and use raw keys and certificates for SslContext
2015-04-03 14:34:24 +02:00
b42202b858
Change SslVerifyMode to bitflags and add SSL_VERIFY_FAIL_IF_NO_PEER_CERT
...
SslVerifyMode was changed to bitflags to allow for bitwise operations
like (SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT).
2015-04-03 14:34:24 +02:00
4606687829
Stabilize openssl!
2015-04-02 21:12:05 -07:00
293f1ce5b1
Fixup for beta
...
Add derive(Clone) and don't negate unsigned numbers
2015-04-02 18:14:51 -07:00
f4761bb292
Remove two features
2015-04-02 13:59:55 -07:00
368c0a18ee
Release v0.5.4
2015-04-02 11:17:31 -07:00
19a24b80e9
Fix doctest errors
2015-04-02 11:15:59 -07:00
24b876521b
rustup: changes to io::Error
2015-04-02 11:12:18 -07:00
121a667f9b
Remove a bunch of use of core feature
2015-03-30 23:09:15 -07:00
c101abac6b
Remove unsafe_destructor
2015-03-30 21:24:34 -07:00
a2199e0132
Release v0.5.3
2015-03-29 10:22:09 -07:00
2b1a9a7814
Fix verify data free function
...
Turns out this is called with a null pointer if you never set the data
which didn't end up doing anything until the recent zeroing drop
changes.
Also use a map of indexes since statics in generic functions don't
monomorphize
2015-03-29 10:18:30 -07:00
7c079698fc
Fix error with current rust nightly
2015-03-29 15:19:34 +02:00
2453c0f96c
Fix npn feature
2015-03-25 22:02:14 -07:00
36c90bb205
Fix deprecation warnings
2015-03-25 21:50:21 -07:00
73a5276d47
Release v0.5.2
2015-03-25 11:38:04 -07:00
5a80cc8aae
Update to rust master
2015-03-25 10:51:28 -07:00
f50577909e
openssl: Add tests for server-side NPN
2015-03-23 08:41:15 +01:00
8f05e0452a
openssl: Add tests for client-side NPN
...
An additional `openssl` process is spun up before the tests are ran.
This process has NPN enabled with some default protocols.
2015-03-23 08:41:15 +01:00
be674a28e0
openssl: Advertise NPN protocols for server sockets
...
If a server socket is created with a context on which the
`set_npn_protocols` method has been called, during TLS connection
establishment, the server will advertise the list of protocols given to
the method, in case the client indicates that it supports the NPN TLS
extension.
2015-03-23 08:41:15 +01:00
8931299eab
openssl: Add methods to get the protocol selected by NPN
...
The method is added to the `Ssl` struct, since this is how the native
OpenSSL API works. It is also added to the `SslStream` convenience
struct, since the `Ssl` instance that it wraps is not public and clients
may want to check which protocol is in use on a particular SSL stream.
2015-03-23 08:41:15 +01:00
5689ad9260
openssl: Implement client-side NPN protocol selection
...
After the `set_npn_protocols` method of the `SslContext` struct is
called, any future TLS connections established with this context will
perform NPN negotiation.
The chosen protocol is the one with the highest priority in the
server's protocol list that is also in the client's protocol list.
(This is the default behavior provided by OpenSSL's
`SSL_select_next_proto` function.)
If there is no overlap between the two lists, no error is raised.
2015-03-23 08:41:15 +01:00
83c279013b
openssl: Add method for setting protocols to be used in NPN
...
A new method `set_npn_protocols` is added to the `SslContext` struct,
when the `npn` feature is enabled.
The method takes a list of protocols that are supported by the peer.
These protocols will be used during Next Protocol Negotiation.
The method saves the given list within the extra data of the OpenSSL
Context structure, so that the list can be referred to later on by the
callbacks invoked during TLS connection establishment.
2015-03-23 08:41:15 +01:00
3388a12802
openssl: Add NPN crate feature
2015-03-23 08:14:47 +01:00
20335c4f00
Merge pull request #187 from manuels/x509_sign
...
Add X509Generator::sign()
2015-03-21 13:53:25 -04:00
6373b96924
Add X509Generator::sign()
2015-03-21 18:02:29 +01:00
b406b7c6e6
Fix doc test
2015-03-21 10:00:00 -07:00
ac24bc5422
Fix warnings and build issues
2015-03-20 08:33:42 -07:00
a65b03c89e
Fix warnings
2015-03-10 19:38:44 -07:00
8b8736fb46
Merge pull request #172 from reaperhulk/add-ssl-ctx-set-get-options
...
add support for SSL_CTX_set_options and SSL_CTX_get_options
2015-03-07 08:43:30 -08:00
c3eee3b194
Added try_clone to SslStream for SslStream<TcpStream>.
2015-03-02 16:32:25 -05:00
5154581c32
Release v0.5.0
2015-02-27 19:49:01 -08:00
2789764fe3
Merge branch 'breaks'
...
Conflicts:
openssl/src/lib.rs
2015-02-27 19:47:24 -08:00
14e6b1b530
Silence stability warning
2015-02-26 09:02:16 -08:00
6991cc6a30
Convert to new IO.
2015-02-24 23:01:57 -08:00
1b4a2eef0e
Switch to cargo liblibc
2015-02-24 21:47:30 -08:00
8940bd767b
add support for SSL_CTX_clear_options and use bitflags
2015-02-23 19:39:23 -06:00
06ba41ad47
add support for SSL_CTX_set_options and SSL_CTX_get_options
...
fixes #168
2015-02-22 15:45:00 -06:00
69e371aafd
Remove old attributes
2015-02-21 16:48:32 -08:00
81c057b7b9
Relase v0.4.3
2015-02-20 13:47:02 -08:00
cb0e1688c8
Update depreciated code
2015-02-20 21:04:01 +00:00
00e4941a75
Unique<T> now derefs to *mut T
2015-02-20 20:43:07 +00:00
9ca965231c
Release v0.4.2
2015-02-19 09:14:25 -08:00
6bfc4d986b
Fix warnings
2015-02-19 09:13:22 -08:00
d3e48fa131
Release v0.4.1
2015-02-16 23:29:42 -08:00
4e83bebb4b
Rename method for clarity
2015-02-16 23:28:47 -08:00
e52d02171b
Properly handle errors in write
2015-02-16 22:38:34 -08:00
f0eb8e39e3
Deal with openssl errors in read
...
I'm not sure of a great way to generate this case in a test,
unfortunately.
Closes #157
2015-02-16 22:21:13 -08:00
4350298a52
Release v0.4.0
2015-02-13 23:36:34 -08:00
2fa1571e2e
Remove deprecated functions from openssl-sys
2015-02-13 23:31:00 -08:00
aa5b59f034
Move openssl license to openssl
2015-02-13 23:24:40 -08:00
a87decff0e
Release v0.3.6
2015-02-12 13:23:13 -08:00
fabc1da31e
rustup to current master
2015-02-12 18:25:45 +01:00
64287197a2
Release v0.3.5
2015-02-11 21:31:52 -08:00
af0835a8fd
Releaes v0.3.4
2015-02-11 19:59:23 -08:00
a68a74ff6b
Release v0.3.3
2015-02-09 00:05:48 -08:00
5f6d98adc3
Release v0.3.2
2015-02-08 23:40:11 -08:00
6ef819f971
Fix builds against 0.9.x OpenSSL
...
Namely builds on OSX
2015-02-08 23:31:46 -08:00
0894efc3ff
Fix stuff
2015-02-07 21:48:03 -08:00
6f10585593
Build fixes
2015-02-07 21:39:51 -08:00
ec65b0c67b
Move docs to this repo and auto build
2015-02-07 21:30:05 -08:00
Jethro Beekman