84a5ce7607
Adds RSA PKCS1 PSS padding
2018-03-07 20:43:12 +01:00
9a8a1c752b
Adds `PKeyRef::get_id` to get the OID of a key
2018-03-07 18:42:13 +01:00
888f4ccaab
Fixes the implementation of `X509StoreContextRef::verify_cert`
...
The certificate, the store and the certificates chain does not need to be
consumed by `verify_cert` and instead are taken as references. We also call
`X509_STORE_CTX_cleanup`, after the verification succeeded.
2018-03-07 16:07:57 +01:00
53adf0e6a4
delay return until after forgets
2018-03-07 13:54:35 +01:00
6abac82f13
cleanup and add negative test
2018-03-07 13:54:35 +01:00
a1cfde765a
add cleanup ffi to store context
2018-03-07 13:54:15 +01:00
3187366cc5
restructure to self contained function
2018-03-07 13:53:29 +01:00
2251a6f2b6
Little tweaks
2018-03-07 13:51:58 +01:00
d8a11973e2
convert to raw pass-through methods
2018-03-07 13:51:58 +01:00
910386027d
add comment about consuming self in verify_cert
2018-03-07 13:50:12 +01:00
35cad33d51
fix error check
2018-03-07 13:50:12 +01:00
847fac25f8
properly version library functions
2018-03-07 13:48:09 +01:00
3595ff9e51
Fix memory mgmt
2018-03-07 13:42:39 +01:00
eb6296e892
add verify_cert and store_context_builder
2018-03-07 13:41:44 +01:00
f645165ee2
Remove the x509 module-level example
...
The example generated a bogus certificate that was missing a serial
number, a validity range, etc.
Generating a correct x509 certificate is complex enough that doing it
correctly is too long to be a reasonable doc example. There's already
a more complete example in the examples directory that handles things
more correctly.
Closes #859
2018-03-05 19:25:01 -08:00
f92de22b8d
Add SslOptions::ENABLE_MIDDLEBOX_COMPAT
2018-03-03 14:57:38 -08:00
b6985c7e8d
Release openssl v0.10.5
2018-02-28 14:33:04 -08:00
aa9addf532
Release openssl-sys 0.9.27
2018-02-28 14:31:23 -08:00
85d8db21d2
Always include something in ErrorStack's Display
...
The error stack can be empty after a some kinds of errors (AEAD
validation failure in Crypter is one example), and we don't want to
display as an empty string in that case.
2018-02-27 15:56:23 -08:00
b7ba577339
Add min/max protocol version support
2018-02-25 23:20:10 -08:00
d5dd6575c1
Restore error stack in cookie callback
2018-02-25 22:11:08 -08:00
e04dbfa3ee
Expose cookie generate/verify callback setters
2018-02-25 20:05:15 -08:00
cebfbd9a25
Merge pull request #850 from sfackler/put-error
...
Add the ability to push errors back onto the error stack.
2018-02-24 20:58:07 -08:00
5fd23d38d5
Add the ability to push errors back onto the error stack.
2018-02-24 20:46:03 -08:00
f72f35e9bd
Add RFC 5705 support
2018-02-23 22:04:57 -08:00
7e0591a377
Actually add version stuff
2018-02-21 23:25:28 -08:00
950c39c2e6
Merge pull request #840 from olehermanse/master
...
Add des_ede3_cbc cipher and more tests/examples
2018-02-21 23:03:33 -08:00
15048f4c02
Inline connector constants
2018-02-21 19:41:06 -08:00
6977e9e89f
Don't special case 1.0.1
...
It appears that 1.0.1's defaults are actually okay.
2018-02-21 18:44:04 -08:00
7e02c09861
Added example/test in symm.rs for encrypting a private key with a symmetric cipher
...
Signed-off-by: Ole Herman Schumacher Elgesem <oleherman93@gmail.com>
2018-02-21 13:16:04 +01:00
7192a5291f
Update SslConnector cipher list
...
Based off of python/cpython#3532 , we use OpenSSL's default cipher list
and turn of things we don't like. This can't be used with 1.0.1,
however, which had a poor default set. There, we use the old defaults,
with the bits that aren't implemented in 1.0.1 removed (namely TLSv1.3
suites and ChaCha).
2018-02-20 22:27:54 -08:00
69a91815b8
Release openssl v0.10.4
2018-02-18 10:50:13 -08:00
2daaf3fdea
Add some debugging-related bindings
2018-02-17 17:49:49 -08:00
90d5f85511
Add SSL_version binding
2018-02-17 13:44:21 -08:00
3f5e3f095e
Fix session cloning
2018-02-17 10:12:47 -08:00
e5123d266b
Bind remove and get session callbacks
2018-02-16 22:24:34 -08:00
4dffa0c33f
SSL session callbacks have always been around
2018-02-16 21:31:09 -08:00
8abc51c2b3
Fix symm decrypt documentation example
2018-02-16 11:59:47 +01:00
af4832e145
Doc tweak
2018-02-15 21:33:39 -08:00
a9d8bea33c
Add more session cache support
2018-02-15 21:30:20 -08:00
cc34a7149e
Add des_ede3_cbc cipher
...
Signed-off-by: Ole Herman Schumacher Elgesem <oleherman93@gmail.com>
2018-02-15 17:44:44 +01:00
f4ddd66b03
Tweak features
...
We should keep the version features totally separate for now.
2018-02-14 22:11:24 -08:00
e8fd63bae3
Fix tests for TLS 1.3
...
Google yells at you when using TLS 1.3 without SNI by sending a bogus
self-signed cert!
2018-02-14 19:36:11 -08:00
eb24a2157a
More tests for pem_pkcs1 methods
...
Signed-off-by: Ole Herman Schumacher Elgesem <oleherman93@gmail.com>
2018-02-15 03:02:58 +01:00
2765775535
OpenSSL 1.1.1 support
2018-02-13 22:31:37 -08:00
041d473c0a
Added binding for PEM_read_bio_RSAPublicKey
...
Signed-off-by: Ole Herman Schumacher Elgesem <oleherman93@gmail.com>
2018-02-14 02:08:01 +01:00
9f35b74c1d
Release openssl 0.10.3 and openssl-sys 0.9.25
2018-02-12 10:56:06 -08:00
b1ab0ec473
Don't leak X509s
2018-02-12 09:32:26 -08:00
2fd79b525e
Merge pull request #831 from apeduru/rsa-docs
...
Add RSA docs
2018-02-11 20:56:37 -08:00
a686ed7891
Use Padding constant in RSA docs example
2018-02-10 23:36:05 -05:00
fda5e50638
Merge pull request #833 from CmdrMoozy/des_ede3
...
Support EVP_des_ede3.
2018-02-04 17:36:31 -08:00
404bbeddfd
Support EVP_des_ede3.
...
This cipher is used, for example, for DES challenges for authenticating
against a Yubikey, so supporting it in rust-openssl is generally useful.
2018-02-04 13:17:09 -08:00
c9fed802b3
Add RSA docs
2018-01-25 14:46:45 -05:00
a6499d44bb
Merge pull request #824 from apeduru/pkey-docs
...
Add PKey docs
2018-01-24 11:00:07 -08:00
d3169a565e
Add HMAC to Pkey docs
2018-01-24 09:53:28 -05:00
81f7d17822
tests: if server failed to start, print exit code instead of timing out
...
```
% cargo +stable test --lib ssl::test::test_connect_with_alpn_successful_single_match --features=v102
Finished dev [unoptimized + debuginfo] target(s) in 0.0 secs
Running /Users/nga/devel/left/rust-openssl/target/debug/deps/openssl-a38e12a3527f6932
running 1 test
test ssl::test::test_connect_with_alpn_successful_single_match ... FAILED
failures:
---- ssl::test::test_connect_with_alpn_successful_single_match stdout ----
thread 'ssl::test::test_connect_with_alpn_successful_single_match' panicked at 'server exited: exit code: 1', src/ssl/test.rs:91:24
note: Run with `RUST_BACKTRACE=1` for a backtrace.
failures:
ssl::test::test_connect_with_alpn_successful_single_match
test result: FAILED. 0 passed; 1 failed; 0 ignored; 0 measured; 159 filtered out
```
2018-01-24 00:27:13 -08:00
6552a9cbfd
Print the public key in PKey example
2018-01-23 22:43:53 -05:00
60337266ab
add support for rfc822Name (email) and uniformResourceIdentifier (uri) to GeneralName
2018-01-15 11:22:29 -06:00
9943bb6869
Release openssl v0.10.2
2018-01-11 17:34:25 -08:00
692562470b
Add setters to ConnectConfiguration
2018-01-11 17:24:38 -08:00
be50654564
Release openssl v0.10.1
2018-01-10 22:30:08 -08:00
be1e787ce6
Add from conversion
...
This is needed for tokio-openssl
2018-01-10 22:26:32 -08:00
d85e2a2937
Release openssl 0.10.0
2018-01-10 22:08:11 -08:00
9a27bb2c03
Release openssl-sys v0.9.24
2018-01-10 22:06:55 -08:00
b9eace6569
Fix import in pkey docs
2018-01-07 14:17:03 -05:00
33ec3a5784
Missing colon
2018-01-07 14:15:17 -05:00
15420eb44a
Add Pkey docs
2018-01-07 14:13:17 -05:00
af7aa52364
Adjust the SNI callback
...
Brings it more in line with how the raw callback is structured.
2018-01-06 22:20:20 -08:00
f50dd20cb6
Fix docs
2018-01-06 21:42:37 -08:00
91e120ca95
Rename and document RSA accessors
2018-01-06 17:44:24 -08:00
05c5c422fd
Merge pull request #820 from sfackler/key-constructor-docs
...
Rename key serialization/deserialization methods
2018-01-06 17:14:51 -08:00
3c19702299
Rename key serialization/deserialization methods
...
Also document their specific formats.
Closes #502
2018-01-06 13:27:44 -08:00
45c15a65ad
FIPS mode support
...
Closes #818
2018-01-06 08:51:20 -08:00
753a7d07b1
Merge pull request #811 from apeduru/x509-docs
...
Add documentation for x509 module
2018-01-04 16:48:01 -08:00
c4620a30c6
Fix links in x509 module
2018-01-01 16:16:41 -05:00
c2430b87f7
Merge branch 'master' into x509-docs
2018-01-01 15:40:02 -05:00
1553447385
Misc cleanup
2018-01-01 12:23:41 -08:00
9043cf9aa7
Move X509Filetype to SslFiletype
...
These constants have the same values, but X509_FILETYPE_DEFAULT doesn't
work in the Ssl methods and using the SSL_* names is a bit less
confusing.
2018-01-01 11:50:07 -08:00
a4c9dd4af3
Fix x509 doc examples
2018-01-01 11:48:55 -05:00
bb5ab2b43f
Bump hex to 0.3
...
The `to_hex` method has been removed and `hex::encode` should be used
instead.
2018-01-01 17:38:38 +01:00
1a40795886
Add documentation for x509 module
2017-12-31 22:39:28 -05:00
d207897458
Parameterize keys over what they contain
...
Closes #790
2017-12-30 21:53:39 -08:00
89dd50b3ce
Add issuer name access.
...
Closes #808
2017-12-29 10:50:49 -08:00
1085e79447
Remove `SslRef::compression`
...
TLS compression is extremely deprecated, so no-one should be messing
with this in the first place.
2017-12-28 20:22:05 -08:00
23bab6336e
Add a parameter to servername
2017-12-28 10:18:23 -08:00
7fbda61609
Overhaul ALPN
...
There was previously a lot of behind the scenes magic. We now bind much
more directly to the relevant functions.
Also remove APN support. That protocol is supersceded by ALPN - let's
see if anyone actually needs to use it.
2017-12-27 16:24:01 -07:00
52a06adc08
Overhaul ssl error
2017-12-26 21:03:49 -07:00
f9866cd44f
Split X509StoreContextRef::ssl up
2017-12-26 14:53:35 -07:00
129b6b9d84
Overhaul verify error type
...
Also set the error in the hostname verification callback for 1.0.1
2017-12-26 14:43:10 -07:00
19dc6ce1eb
Adjust SslConnector and SslAcceptor construction
2017-12-26 10:39:21 -07:00
ce0641f093
Drop Any bounds
2017-12-26 08:55:12 -07:00
2adf2cf12b
Remove deprecated APIs
2017-12-25 22:09:27 -07:00
3744e31e16
Fix a bunch of FIXMEs
2017-12-25 21:44:41 -07:00
7cc6c9b2f2
Tweak default ssl options
2017-12-25 21:18:49 -07:00
7d0c6c9442
Fix tests
2017-12-25 20:32:06 -07:00
77448362ce
Rename X509FileType to X509Filetype
2017-12-25 19:57:02 -07:00
3eab162dc2
Move to associated consts
2017-12-25 19:56:27 -07:00
bbae793eb3
Upgrade bitflags to 1.0
...
Closes #756
2017-12-25 19:38:11 -07:00
2aaba8bd7a
Make Nid values associated constants
2017-12-25 19:19:47 -07:00
34d700309c
Clean up 1.0.1 hostname verification
2017-12-23 19:32:33 -07:00
Bastian Köcher