691ce7ca2a
Add Asn1Time::from_str and Asn1Time::from_str_x509
...
Closes #1051
2019-01-27 13:05:03 -08:00
e56e09b6a4
Add RsaRef::check_key
2019-01-18 21:03:04 -06:00
6378eff9db
Forward to BigNumRef::to_asn1_integer
2019-01-18 17:58:48 +01:00
4ff5f4486f
Add `Asn1Integer::from_bn`
2019-01-18 12:21:39 +01:00
b565a0c7eb
Implement AsRef<str/[u8]> for OpensslString{Ref}
2019-01-17 14:19:36 +01:00
69aa335871
Drop data_encoding dev dependency
2019-01-04 20:50:00 -08:00
1c48c9c456
Update bn.rs
2019-01-04 11:54:36 +01:00
57e02abb50
Release openssl v0.10.16
2018-12-16 09:04:07 -08:00
800c232c09
Fix cargo dependency documentation
...
`feature` -> `features`
2018-11-24 13:29:10 -07:00
5c7fa43d87
Add bindings to RAND_keep_random_devices_open
...
Closes #1019
2018-11-22 09:32:50 -07:00
38a4dccceb
Add new SHAKE128/256 EVP message digest functions in OpenSSL 1.1.1, fixes #1017 .
2018-11-21 15:46:03 -05:00
e0e0a96cb3
Add new SHA3 EVP message digest functions in OpenSSL 1.1.1
2018-11-21 15:31:50 -05:00
b88778bc76
Release openssl v0.10.15
2018-10-22 09:03:28 -07:00
93c67e2f77
Implement DoubleEndedIterator for stack iters
2018-10-22 08:49:24 -07:00
e2783971ea
Release openssl v0.10.14
2018-10-18 20:16:55 -07:00
3aecfe5655
Release openssl-sys v0.9.39
2018-10-18 20:11:35 -07:00
4256cfbf19
Fix some accidentally-public functions
2018-10-18 11:37:36 -07:00
3013d2e93f
Release openssl v0.10.13
2018-10-14 16:10:22 -07:00
d3bb880866
Release openssl-sys 0.9.37
2018-10-14 16:09:17 -07:00
d52be16cc4
Merge pull request #1005 from samscott89/add-pkcs7-support
...
Add PKCS7 support
2018-10-10 22:18:46 -07:00
04ada473d1
Cleanup
2018-10-10 21:25:29 -07:00
d2cc0eae2d
Move README info into crate root docs
...
This is more discoverable in the modern Rust world!
2018-10-07 19:59:33 -07:00
8ae761063c
Address comments.
2018-10-02 22:53:03 -04:00
2dd3736444
Refactor to match style and add documentation.
2018-10-02 17:25:18 -04:00
cd1d1955d9
PKCS7 Support
...
(Rebased onto latest version)
2018-10-02 17:25:18 -04:00
18dfc9b6b2
Add support for encoding and decoding ECDSA signatures
2018-09-28 14:43:33 +02:00
5894cdfdc5
Fix get session callback
...
This could previously open up the possibility of a double-free!
Closes #996
2018-09-17 09:30:16 -07:00
22231d7547
Support the client hello callback
2018-09-15 13:29:18 -07:00
a548913e44
Release openssl 0.10.12
2018-09-13 19:23:09 -07:00
348cb7391b
Fix typo
...
Fix typo in docs for openssl::rsa::Rsa::from_private_components
2018-09-13 12:39:57 -10:00
8c6bc774db
Support libressl 2.8.0
...
Closes #988
2018-09-12 20:44:22 -07:00
ea18d84de3
clean up example
2018-09-02 14:51:08 -07:00
947dfbd143
Small cleanup
...
Closes #981
2018-09-02 14:26:27 -07:00
bc4e47a321
Fix lookup errors with SNI callback.
...
The job of an SNI callback is typically to swap out the context
associated with an SSL depending on the domain the client is trying to
talk to. Typically, only the callbacks associated with the current
context are used, but this is not the case for the SNI callback.
If SNI is run for a second time on a connection (i.e. in a
renegotiation) and the context was replaced with one that didn't itself
register an SNI callback, the old callback would run but wouldn't be
able to find its state in the context's ex data. To work around this, we
pass the pointer to the callback data directly to the callback to make
sure it's always available. It still lives in ex data to handle the
lifetime management.
Closes #979
2018-08-31 20:23:55 -07:00
2df87cfd59
Fix doc reference
2018-08-19 20:19:10 -07:00
ef7721092d
SRTP cleanup
2018-08-19 18:50:11 -07:00
59c578cf04
Add methods for DTLS/SRTP key handshake
2018-08-14 16:04:33 +02:00
1396143c66
Add get_shutdown and set_shutdown
2018-08-08 13:19:55 -07:00
ef69870ea2
Release openssl 0.10.11
2018-08-04 10:12:12 -07:00
71ee9439ca
Support builds of OpenSSL from vendored source (take 2)
...
This is a revival of #684 to see if I can help push it across the finish line!
Closes #580
2018-07-30 15:15:24 -07:00
415f399b2c
Fix tests when built with no-ec2m
...
The other curve identifier isn't valid, at least in some contexts so
just ignore the test in those cases.
Closes #964
2018-07-29 09:48:03 -07:00
ee5215bd31
SslSessionRef methods return static strings
...
Closes #961
2018-07-19 20:22:57 -07:00
a964d05d4a
Fix spelling in symm docs
2018-07-14 11:54:26 -10:00
1392b006e2
Merge pull request #937 from marcoh00/iterable-x509names
...
X509NameRef: Provide an iterator over all entries
2018-07-07 20:20:45 -07:00
6422ffb1b2
Clean up IGE example
...
Closes #955
2018-07-04 23:15:33 -07:00
07c49e517e
Only grab the name entry count when needed
2018-06-26 22:31:10 -07:00
4c1891cc10
Merge pull request #950 from WanzenBug/master
...
Add access to private/public components of DSA key pairs.
2018-06-23 23:53:09 -04:00
339d09fbf3
Simplify DSA from private components
2018-06-23 18:16:32 +02:00
321c076ab3
Fix build with openssl 1.1.1 and no-psk
...
I used this as build flags for openssl 1.1.1:
```
/usr/bin/perl ./Configure linux-x86_64 no-shared no-zlib no-psk no-srp no-weak-ssl-ciphers no-idea
```
rust-openssl crashed with this error:
```
Compiling openssl v0.10.10
error[E0433]: failed to resolve. Use of undeclared type or module `CStr`
--> /home/stefan/.cargo/registry/src/github.com-1ecc6299db9ec823/openssl-0.10.10/src/ssl/callbacks.rs:386:16
|
386 | let line = CStr::from_ptr(line).to_bytes();
| ^^^^ Use of undeclared type or module `CStr`
error[E0412]: cannot find type `c_char` in this scope
--> /home/stefan/.cargo/registry/src/github.com-1ecc6299db9ec823/openssl-0.10.10/src/ssl/callbacks.rs:377:75
|
377 | pub unsafe extern "C" fn raw_keylog<F>(ssl: *const ffi::SSL, line: *const c_char)
| ^^^^^^ did you mean `c_uchar`?
help: possible candidates are found in other modules, you can import them into scope
|
1 | use libc::c_char;
|
1 | use std::os::raw::c_char;
|
error: aborting due to 2 previous errors
Some errors occurred: E0412, E0433.
For more information about an error, try `rustc --explain E0412`.
error: Could not compile `openssl`.
warning: build failed, waiting for other jobs to finish...
```
this patch fixes the problem
2018-06-21 22:19:29 +02:00
c624427e31
Fix fallback implementation of DSA utility methods
2018-06-18 20:32:34 +02:00
0390aba73b
Add tests for DSA key pairs
2018-06-18 18:12:34 +02:00
4994e75d2c
Add Dsa::from_(private|public)_components
...
Add 2 methods to create a DSA key pair from its raw components.
2018-06-18 18:10:02 +02:00
52c942f4b3
Add methods to access private and public part of DSA keys
2018-06-18 11:39:15 +02:00
6440ee04ef
Merge pull request #943 from lolzballs/master
...
Add wrapper for SSL_CTX_set_psk_server_callback
2018-06-17 15:47:00 -07:00
bf86580bec
Disable TLSv1.3 for psk_ciphers test
2018-06-17 17:00:22 -04:00
115cb730b0
Switch to accessors in libressl where possible
...
Some accessors are mysteriously still macros so we can't make everything
opaque yet, unfortunately.
cc #909
2018-06-09 21:49:36 -07:00
6834b97ff4
Release openssl v0.10.10
2018-06-06 13:37:25 -07:00
d82a49bee2
Release openssl-sys 0.9.33
2018-06-06 13:36:24 -07:00
cdc90c7e9d
Add SslRef::set_alpn_protos
2018-06-04 20:19:27 -07:00
14b5439347
Rename X509NameRef::all_entries and refactor end-of-iterator checks
2018-06-03 15:38:46 +02:00
f5e6d57c47
Provide an Asn1Object getter method for X509NameEntryRef
2018-06-03 15:38:46 +02:00
2afdc16fc9
Make X509NameRef provide an iterator over all X509NameEntries
2018-06-03 15:38:46 +02:00
0745d66927
Update to 1.1.1-pre7
...
The initial session ticket is now sent as part of SSL_accept, so some
tests need to write a single byte through the stream to make sure that
both ends have fully completed to avoid test flakes.
TLSv1.3 cipher suite control has been extracted from the normal cipher
list into a separate method: SslContextBuilder::set_ciphersuites.
2018-06-02 13:58:56 -07:00
88c61d252f
Ensure psk test callbacks are called
2018-06-02 15:50:24 -04:00
285884c925
push PSK callback errors onto ErrorStack
2018-06-02 15:49:59 -04:00
bcc4ca0285
Change psk test cipher to PSK-AES128-CBC-SHA
...
Hopefully it works on CI servers now
2018-06-02 13:59:04 -04:00
b1c77a7ea5
Use is_null()
2018-06-02 13:49:42 -04:00
5d8a44612d
add test for psk; deprecated set_psk_callback
2018-06-02 13:47:52 -04:00
b1eb1224f5
Merge remote-tracking branch 'origin/master'
2018-06-02 10:56:31 -04:00
83767b861e
Release openssl v0.10.9
2018-06-01 20:59:26 -07:00
52f581ffc9
Release openssl-sys v0.9.32
2018-06-01 20:57:09 -07:00
a3a2605115
fix build on older rustc
2018-06-01 20:47:46 -07:00
10b2a34529
Adjust Nid signature algorithm APIs
2018-06-01 20:36:19 -07:00
c2145384a9
Fix types
2018-06-01 20:07:13 -07:00
15cb335e66
Fix use-after-free in cms
...
Closes #941
2018-06-01 19:38:52 -07:00
3456add537
Add SslRef::verified_chain
2018-05-29 21:53:22 -07:00
2977f6ed30
rewrite Nid::{long_name,short_name} to return Results instead of Options
2018-05-28 12:15:05 +02:00
b8de619fbe
Get Nid string representations
2018-05-28 12:13:40 +02:00
a774c0c5f2
Rename X509Ref::fingerprint to X509Ref::digest and avoid allocating
2018-05-24 21:07:36 -07:00
772e1c003f
Add some digest support
2018-05-24 21:06:11 -07:00
3cd33cdd8b
Don't panic on bogus servernames
...
Also add a second version of the method to avoid filtering out non-utf8
names.
Closes #930
2018-05-24 20:22:15 -07:00
c0876cc8c6
Add bindings to SSL_get_finished and SSL_get_peer_finished
...
These are used for the tls-unique SCRAM channel binding mode.
2018-05-24 20:00:28 -07:00
c7db3d18ad
Merge pull request #920 from Ralith/max-early-data-accessors
...
TLS1.3 early data support
2018-05-22 20:42:46 -07:00
2e478fdcf4
Expose early I/O
2018-05-22 20:25:28 -07:00
b187eb0ee3
Release openssl v0.10.8
2018-05-20 21:03:16 -07:00
25df3c8b51
Release openssl-sys 0.9.31
2018-05-20 21:02:12 -07:00
7a7f98a32c
Revert "Move proto version accessors to SslContextRef"
2018-05-20 20:55:20 -07:00
b976b5fd52
Move proto version accessors to SslContextRef
...
Add a Derf impl for SslContextBuilder so existing use still works.
2018-05-20 20:47:00 -07:00
f0347fbce8
Improve error Display impls
2018-05-20 19:37:19 -07:00
3ab1cc7a8f
Make Stack Sync + Send
2018-05-20 15:24:38 -07:00
4c1fdf1d81
Support ALPN on libressl
...
Closes #690
2018-05-20 12:52:49 -07:00
a6fcef01c0
Overhaul openssl cfgs
...
Also expose hostname verification on libressl
2018-05-20 12:33:02 -07:00
d991566f2b
Support min/max version in LibreSSL
...
Their implementations of the accessors don't behave expected with no
bounds, so we ignore those bits of the tests.
2018-05-19 19:57:12 -07:00
69c75a178b
Expose early keying material export
2018-05-17 13:16:41 -07:00
d5d414b16f
Expose max TLS1.3 early data accessors
2018-05-17 12:02:32 -07:00
47a68e2929
Add wrapper for SSL_CTX_set_psk_server_callback
2018-05-16 17:49:36 -04:00
53671518fd
Merge pull request #902 from ur0/CMS_sign
...
Add the CMS_sign and i2d_CMS_ContentInfo function bindings
2018-05-13 15:53:49 +01:00
b1e5c8b1ed
Implement Clone for Rsa
...
Closes #917
2018-05-12 16:34:47 -07:00
ff2c7ffefd
Merge Ssl impl blocks
2018-05-12 16:50:50 +01:00
c25b6f3e26
Clean up SSL callbacks
...
Also add an Arc to avoid a weird use after free edge case if a callback
changes a callback.
2018-05-12 15:02:53 +01:00
5cfbe7ac6a
Disable tests that talk to Google on LibreSSL 2.5.0
...
They're flickering, and I'm assuming it's just because that version is
so old.
2018-05-12 13:59:22 +01:00
e5d65306e7
Change SslContext callback handling
...
Use the existing infrastructure!
2018-05-12 13:19:01 +01:00
afaa2387c8
Gate away CMS_KEY_PARAM from OpenSSL 1.0.1
2018-05-10 21:41:59 +05:30
541458c1c1
Properly version-gate CMS constants
2018-05-10 21:20:32 +05:30
90898e99c9
Move CMS_* flags to the openssl-sys package
...
Also renames attributes in the bitflags struct.
2018-05-10 20:26:57 +05:30
7a1b59d605
Fix base version for min/max proto accessors
...
Closes #911
2018-05-09 20:04:43 +01:00
42cbd0111b
Release openssl v0.10.7
2018-04-30 20:41:23 -07:00
25e3f66e3e
Release openssl-sys v0.9.30
2018-04-30 20:40:29 -07:00
47431f66bb
Expose SslSession <-> DER conversion
2018-04-29 01:54:16 -07:00
aa619c81c0
Some misc cleanup
2018-04-27 15:41:12 -07:00
043ad63a52
Use bitflags for CMS options
2018-04-26 09:15:29 +05:30
24ece94e99
Remove Rsa::build
...
It could be a bit confusing since it only works for private keys.
2018-04-25 19:55:35 -07:00
261463542f
Merge pull request #901 from eoger/rsa-from-builder
...
Add RsaPrivateKeyBuilder
2018-04-25 14:51:02 -07:00
9a83e3350b
Add RsaPrivateKeyBuilder
...
Fixes #837
2018-04-25 11:18:57 -04:00
13caf731a2
Implement CR suggestions
...
* Don't do un-necessary heap pointer gymnastics
* Use the to_der! macro instead of a manually written impl
* Allow optional arguments for CMS_sign
2018-04-22 10:57:09 +05:30
5bb89d7552
Add functions to X509Req to obtain public key and extensions
...
This allows for basic CSR signing.
2018-04-21 23:14:48 +02:00
8ce5dee00d
Add the CMS_sign and i2d_CMS_ContentInfo function bindings
...
This adds the CMS_sign and i2d_CMS_ContentInfo bindings in the
openssl-sys crate and Rusty wrappers in the openssl crate.
2018-04-20 17:15:04 +05:30
973a3fede1
Document that encrypt/decrypt use padding
2018-04-16 14:45:56 +01:00
cab98be606
Release openssl v0.10.6
2018-04-05 11:12:06 -07:00
78d91428b5
Release openssl-sys 0.9.28
2018-04-05 11:09:36 -07:00
75bf48368d
Return `PKey<Private>` from `private_key_from_der`
2018-04-04 14:58:52 +02:00
e423da2d12
Merge pull request #858 from Ralith/stateless-api
...
Introduce SslStreamBuilder
2018-03-31 11:28:03 -07:00
5c317d5a35
Remove unneeded build keys
2018-03-30 11:32:57 +02:00
a14b7cc276
Don't enable features for docs anymore
2018-03-29 22:41:40 +02:00
ac950b28aa
Fix a flag name
2018-03-29 10:26:43 +02:00
1bbe1b6a8f
Clean up a couple of holdovers from old features
2018-03-29 10:20:18 +02:00
f99c101559
Add test for stateless connection
2018-03-28 18:14:48 -07:00
99fdb2bd0b
Introduce SslStreamBuilder
2018-03-28 18:14:48 -07:00
bbb1cb61f6
Update to OpenSSL 1.1.1-pre3
2018-03-28 18:14:44 -07:00
c82a87a18e
Add Asn1IntegerRef::to_bn
...
Also deprecate Asn1IntegerRef since it's just asking for trouble.
2018-03-28 20:48:28 +02:00
7890672725
Add X509Ref::serial_number
2018-03-28 20:41:28 +02:00
d49e496940
Remove a last couple features
2018-03-19 20:41:08 +00:00
063186b62e
Merge pull request #856 from Flakebi/master
...
Make it possible to use cmac
2018-03-19 13:22:51 -07:00
0860115156
Make it possible to use cmac
...
This adds Signer::new_without_digest to create Signers which don't have
a digest (like cmac, which is based on aes).
As openssl supports cmac since version 1.1.0, the functions are behind
the ossl110 feature.
This allows building CMAC/OMAC1 and the EAX AEAD on top of this library.
2018-03-19 21:02:46 +01:00
7c33346960
Remove version-specific features
...
Closes #852
2018-03-19 00:41:33 -07:00
cf658e4c5c
Merge pull request #875 from Ralith/hash-extras
...
Expose cipher digests and digest sizes
2018-03-16 22:00:59 -07:00
09b1fe9a0d
Expose additional cipher and digest accessors
2018-03-16 20:33:23 -07:00
66a2ad76b7
Merge pull request #874 from rohit-lshift/priv-key-from-num
...
Added a function to create a EcKey<Private> from its parts
2018-03-13 21:50:17 -07:00
e3a657d22b
Change function name to be similar to RSA one
2018-03-13 08:57:35 +00:00
9452c01672
Merge pull request #864 from mlen/aes-ccm-bindings
...
Implement AES-{128,256}-CCM bindings
2018-03-11 16:30:37 -07:00
170adae336
Merge pull request #873 from sfackler/tweaks
...
Add a Sync + Send bound to the custom ext type
2018-03-11 16:10:54 -07:00
7edecbd3a8
Merge pull request #872 from sfackler/tweaks
...
Some ECDSA fixes/tweaks
2018-03-11 15:37:28 -07:00
9f5ef88880
Add a Sync + Send bound to the custom ext type
...
It's stored inside of the Ssl, so this is probably tecnically
necessarly?
2018-03-11 15:36:47 -07:00
d0329473bd
Merge branch 'master' into custom-extensions
2018-03-11 15:27:28 -07:00
c9ef7f3cd5
Some ECDSA fixes/tweaks
2018-03-11 15:23:23 -07:00
1b830c3fb7
Merge pull request #863 from rohit-lshift/master
...
Exposed some of ECDSA functions
2018-03-11 15:08:16 -07:00
4ee7e0d3a9
Tweak verify_cert's signature
...
The call can fail either due to an invalid cert or an internal error,
and we should distinguish between the two.
2018-03-11 14:08:34 -07:00
cefad46cf5
fixup! Implement AES-{128,256}-CCM bindings
2018-03-11 22:04:01 +01:00
00359a1a55
Merge pull request #861 from bkchr/verify_certificate
...
Implements `X509_verify_cert`
2018-03-11 13:37:21 -07:00
40e59db37c
Rename Oid to Id
2018-03-11 13:29:01 -07:00
d7a7c379a8
Changes `init` to take a closure which is called with the initialized context
...
After calling the closure, we automatically cleanup the context. This is
required, because otherwise we could have dangling references in the context.
2018-03-11 11:34:36 +01:00
c0a4bc4202
Revert previous commit
2018-03-11 07:41:22 +00:00
e02dbde2f7
Generic custom extension add fn return type
2018-03-10 22:30:54 -08:00
eb5fda588f
Merge pull request #862 from bkchr/sign_verifier
...
Adds new functions for Verifier/Signer
2018-03-10 16:42:33 -08:00
562fe79f4c
Add one more set of impls
2018-03-10 08:53:46 -08:00
bc304565e7
Arguments should be BigNumRef and not BigNum
2018-03-10 16:29:54 +00:00
245f5f3a11
Impl Sync and Send for various types
...
Closes #865
2018-03-09 22:14:50 -08:00
b0bc1c770e
High-level API for OpenSSL 1.1.1 custom extension support
2018-03-09 20:33:49 -08:00
7fe3fabf24
Switches to new type wrapper for RsaPssSaltlen
2018-03-10 00:27:15 +01:00
a5d7f8a718
Moves store context init into its own function
2018-03-10 00:15:03 +01:00
e655b561a7
Added a function to create a EC<Key> from its parts
2018-03-09 15:58:56 +00:00
7ab650098c
Remove unneeded paramter
2018-03-09 10:39:58 +00:00
4866e9ff8a
fixup! Implement AES-{128,256}-CCM bindings
2018-03-08 21:57:39 +01:00
8461129456
Changes as per PR feedback
2018-03-08 17:42:15 +00:00
9e2755abae
Get curves for OpenSSL tests itself
2018-03-08 17:10:09 +00:00
0a38b5a9ef
Try out another curve
2018-03-08 16:56:40 +00:00
4b4d312018
Another try at using the correct curve
2018-03-08 16:46:31 +00:00
dcbb45cc9d
Implement AES-{128,256}-CCM bindings
2018-03-08 17:24:55 +01:00
d4de2a408f
Use examples listed in OpenSSL docs for testing
2018-03-08 16:12:35 +00:00
a5ba1a0007
Adds `RsaPssSaltlen` enum to encode the special values
2018-03-08 16:17:32 +01:00
b0ea53184d
Switches to newtype wrapper for Oid
2018-03-08 12:24:37 +01:00
1a0b085377
Extends the test to verify the certificate two times
2018-03-08 12:10:29 +01:00
810ddeb4ca
Moves `cleanup` into its own function
2018-03-08 12:08:39 +01:00
2d6cd9eb16
Exposed some of ECDSA functions
2018-03-08 09:44:05 +00:00
724dd6f830
Adds more functions to `Verifier`/`Signer` for RSA keys
2018-03-07 20:43:28 +01:00
84a5ce7607
Adds RSA PKCS1 PSS padding
2018-03-07 20:43:12 +01:00
9a8a1c752b
Adds `PKeyRef::get_id` to get the OID of a key
2018-03-07 18:42:13 +01:00
888f4ccaab
Fixes the implementation of `X509StoreContextRef::verify_cert`
...
The certificate, the store and the certificates chain does not need to be
consumed by `verify_cert` and instead are taken as references. We also call
`X509_STORE_CTX_cleanup`, after the verification succeeded.
2018-03-07 16:07:57 +01:00
53adf0e6a4
delay return until after forgets
2018-03-07 13:54:35 +01:00
6abac82f13
cleanup and add negative test
2018-03-07 13:54:35 +01:00
a1cfde765a
add cleanup ffi to store context
2018-03-07 13:54:15 +01:00
3187366cc5
restructure to self contained function
2018-03-07 13:53:29 +01:00
2251a6f2b6
Little tweaks
2018-03-07 13:51:58 +01:00
d8a11973e2
convert to raw pass-through methods
2018-03-07 13:51:58 +01:00
910386027d
add comment about consuming self in verify_cert
2018-03-07 13:50:12 +01:00
35cad33d51
fix error check
2018-03-07 13:50:12 +01:00
847fac25f8
properly version library functions
2018-03-07 13:48:09 +01:00
3595ff9e51
Fix memory mgmt
2018-03-07 13:42:39 +01:00
eb6296e892
add verify_cert and store_context_builder
2018-03-07 13:41:44 +01:00
f645165ee2
Remove the x509 module-level example
...
The example generated a bogus certificate that was missing a serial
number, a validity range, etc.
Generating a correct x509 certificate is complex enough that doing it
correctly is too long to be a reasonable doc example. There's already
a more complete example in the examples directory that handles things
more correctly.
Closes #859
2018-03-05 19:25:01 -08:00
f92de22b8d
Add SslOptions::ENABLE_MIDDLEBOX_COMPAT
2018-03-03 14:57:38 -08:00
b6985c7e8d
Release openssl v0.10.5
2018-02-28 14:33:04 -08:00
aa9addf532
Release openssl-sys 0.9.27
2018-02-28 14:31:23 -08:00
85d8db21d2
Always include something in ErrorStack's Display
...
The error stack can be empty after a some kinds of errors (AEAD
validation failure in Crypter is one example), and we don't want to
display as an empty string in that case.
2018-02-27 15:56:23 -08:00
b7ba577339
Add min/max protocol version support
2018-02-25 23:20:10 -08:00
d5dd6575c1
Restore error stack in cookie callback
2018-02-25 22:11:08 -08:00
e04dbfa3ee
Expose cookie generate/verify callback setters
2018-02-25 20:05:15 -08:00
cebfbd9a25
Merge pull request #850 from sfackler/put-error
...
Add the ability to push errors back onto the error stack.
2018-02-24 20:58:07 -08:00
5fd23d38d5
Add the ability to push errors back onto the error stack.
2018-02-24 20:46:03 -08:00
f72f35e9bd
Add RFC 5705 support
2018-02-23 22:04:57 -08:00
7e0591a377
Actually add version stuff
2018-02-21 23:25:28 -08:00
950c39c2e6
Merge pull request #840 from olehermanse/master
...
Add des_ede3_cbc cipher and more tests/examples
2018-02-21 23:03:33 -08:00
15048f4c02
Inline connector constants
2018-02-21 19:41:06 -08:00
6977e9e89f
Don't special case 1.0.1
...
It appears that 1.0.1's defaults are actually okay.
2018-02-21 18:44:04 -08:00
7e02c09861
Added example/test in symm.rs for encrypting a private key with a symmetric cipher
...
Signed-off-by: Ole Herman Schumacher Elgesem <oleherman93@gmail.com>
2018-02-21 13:16:04 +01:00
7192a5291f
Update SslConnector cipher list
...
Based off of python/cpython#3532 , we use OpenSSL's default cipher list
and turn of things we don't like. This can't be used with 1.0.1,
however, which had a poor default set. There, we use the old defaults,
with the bits that aren't implemented in 1.0.1 removed (namely TLSv1.3
suites and ChaCha).
2018-02-20 22:27:54 -08:00
69a91815b8
Release openssl v0.10.4
2018-02-18 10:50:13 -08:00
2daaf3fdea
Add some debugging-related bindings
2018-02-17 17:49:49 -08:00
90d5f85511
Add SSL_version binding
2018-02-17 13:44:21 -08:00
3f5e3f095e
Fix session cloning
2018-02-17 10:12:47 -08:00
e5123d266b
Bind remove and get session callbacks
2018-02-16 22:24:34 -08:00
4dffa0c33f
SSL session callbacks have always been around
2018-02-16 21:31:09 -08:00
8abc51c2b3
Fix symm decrypt documentation example
2018-02-16 11:59:47 +01:00
af4832e145
Doc tweak
2018-02-15 21:33:39 -08:00
a9d8bea33c
Add more session cache support
2018-02-15 21:30:20 -08:00
cc34a7149e
Add des_ede3_cbc cipher
...
Signed-off-by: Ole Herman Schumacher Elgesem <oleherman93@gmail.com>
2018-02-15 17:44:44 +01:00
f4ddd66b03
Tweak features
...
We should keep the version features totally separate for now.
2018-02-14 22:11:24 -08:00
e8fd63bae3
Fix tests for TLS 1.3
...
Google yells at you when using TLS 1.3 without SNI by sending a bogus
self-signed cert!
2018-02-14 19:36:11 -08:00
eb24a2157a
More tests for pem_pkcs1 methods
...
Signed-off-by: Ole Herman Schumacher Elgesem <oleherman93@gmail.com>
2018-02-15 03:02:58 +01:00
2765775535
OpenSSL 1.1.1 support
2018-02-13 22:31:37 -08:00
041d473c0a
Added binding for PEM_read_bio_RSAPublicKey
...
Signed-off-by: Ole Herman Schumacher Elgesem <oleherman93@gmail.com>
2018-02-14 02:08:01 +01:00
9f35b74c1d
Release openssl 0.10.3 and openssl-sys 0.9.25
2018-02-12 10:56:06 -08:00
b1ab0ec473
Don't leak X509s
2018-02-12 09:32:26 -08:00
2fd79b525e
Merge pull request #831 from apeduru/rsa-docs
...
Add RSA docs
2018-02-11 20:56:37 -08:00
a686ed7891
Use Padding constant in RSA docs example
2018-02-10 23:36:05 -05:00
fda5e50638
Merge pull request #833 from CmdrMoozy/des_ede3
...
Support EVP_des_ede3.
2018-02-04 17:36:31 -08:00
404bbeddfd
Support EVP_des_ede3.
...
This cipher is used, for example, for DES challenges for authenticating
against a Yubikey, so supporting it in rust-openssl is generally useful.
2018-02-04 13:17:09 -08:00
c9fed802b3
Add RSA docs
2018-01-25 14:46:45 -05:00
a6499d44bb
Merge pull request #824 from apeduru/pkey-docs
...
Add PKey docs
2018-01-24 11:00:07 -08:00
d3169a565e
Add HMAC to Pkey docs
2018-01-24 09:53:28 -05:00
81f7d17822
tests: if server failed to start, print exit code instead of timing out
...
```
% cargo +stable test --lib ssl::test::test_connect_with_alpn_successful_single_match --features=v102
Finished dev [unoptimized + debuginfo] target(s) in 0.0 secs
Running /Users/nga/devel/left/rust-openssl/target/debug/deps/openssl-a38e12a3527f6932
running 1 test
test ssl::test::test_connect_with_alpn_successful_single_match ... FAILED
failures:
---- ssl::test::test_connect_with_alpn_successful_single_match stdout ----
thread 'ssl::test::test_connect_with_alpn_successful_single_match' panicked at 'server exited: exit code: 1', src/ssl/test.rs:91:24
note: Run with `RUST_BACKTRACE=1` for a backtrace.
failures:
ssl::test::test_connect_with_alpn_successful_single_match
test result: FAILED. 0 passed; 1 failed; 0 ignored; 0 measured; 159 filtered out
```
2018-01-24 00:27:13 -08:00
6552a9cbfd
Print the public key in PKey example
2018-01-23 22:43:53 -05:00
60337266ab
add support for rfc822Name (email) and uniformResourceIdentifier (uri) to GeneralName
2018-01-15 11:22:29 -06:00
9943bb6869
Release openssl v0.10.2
2018-01-11 17:34:25 -08:00
692562470b
Add setters to ConnectConfiguration
2018-01-11 17:24:38 -08:00
be50654564
Release openssl v0.10.1
2018-01-10 22:30:08 -08:00
be1e787ce6
Add from conversion
...
This is needed for tokio-openssl
2018-01-10 22:26:32 -08:00
d85e2a2937
Release openssl 0.10.0
2018-01-10 22:08:11 -08:00
9a27bb2c03
Release openssl-sys v0.9.24
2018-01-10 22:06:55 -08:00
b9eace6569
Fix import in pkey docs
2018-01-07 14:17:03 -05:00
33ec3a5784
Missing colon
2018-01-07 14:15:17 -05:00
15420eb44a
Add Pkey docs
2018-01-07 14:13:17 -05:00
af7aa52364
Adjust the SNI callback
...
Brings it more in line with how the raw callback is structured.
2018-01-06 22:20:20 -08:00
f50dd20cb6
Fix docs
2018-01-06 21:42:37 -08:00
91e120ca95
Rename and document RSA accessors
2018-01-06 17:44:24 -08:00
05c5c422fd
Merge pull request #820 from sfackler/key-constructor-docs
...
Rename key serialization/deserialization methods
2018-01-06 17:14:51 -08:00
3c19702299
Rename key serialization/deserialization methods
...
Also document their specific formats.
Closes #502
2018-01-06 13:27:44 -08:00
45c15a65ad
FIPS mode support
...
Closes #818
2018-01-06 08:51:20 -08:00
753a7d07b1
Merge pull request #811 from apeduru/x509-docs
...
Add documentation for x509 module
2018-01-04 16:48:01 -08:00
c4620a30c6
Fix links in x509 module
2018-01-01 16:16:41 -05:00
Steven Fackler