min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,491 Commits 2 Branches 0 Tags 16 MiB
Commit Graph

360 Commits

Author SHA1 Message Date
Steven Fackler 26a3358a2b Add basic X509_STORE access 
There's more to do here, but this enabled addition of trusted CAs from
X509 objects.

Closes #394
 2016-11-12 00:24:12 +00:00
Steven Fackler 6b7279eb52 Consistently support both PEM and DER encodings 
Closes #500
 2016-11-11 20:10:10 +00:00
Steven Fackler 15490a43e3 Add EcKey <-> PKey conversions 
Closes #499
 2016-11-11 19:17:38 +00:00
Steven Fackler 32cbed0782 PKey <-> DH conversions 
Closes #498
 2016-11-11 19:04:54 +00:00
Steven Fackler 609a09ebb9 Add PKey::dsa 
Closes #501
 2016-11-11 18:52:37 +00:00
Steven Fackler 0d2d4865e5 Release v0.9.1 2016-11-11 16:45:22 +00:00
Steven Fackler 203a02c3e6 Actually support AES GCM 
This is an AEAD cipher, so we need some extra functionality. As another
bonus, we no longer panic if provided an IV with a different length than
the cipher's default.
 2016-11-08 20:35:21 +00:00
Steven Fackler 1edb6f682e Support client CA advertisement 2016-11-06 12:17:14 -08:00
Steven Fackler a4e0581e4f Fix build on 1.0.1 2016-11-06 11:57:50 -08:00
Steven Fackler bcb7b3f5dc Add accessors for cert and private key 
Closes #340
 2016-11-06 10:46:38 -08:00
Alex Crichton c2bf8acad8 Provide a tailored error message on Linux 
I just ran into a case where I installed OpenSSL in a docker container but I
forgot to install pkg-config. Right now openssl-sys relies on pkg-config, so
print out a nice error about this.
 2016-11-05 22:55:25 -07:00
Steven Fackler 72ac2a0105 Release v0.9.0 2016-11-05 20:05:50 -07:00
Steven Fackler fb9420fc91 Always dump openssl confs 2016-11-04 21:15:07 -07:00
Steven Fackler 91fd58b4c2 More buildscript tweaks 2016-11-04 21:10:49 -07:00
Steven Fackler 9198bcda3a Improve buildscript logic 2016-11-04 21:08:34 -07:00
Steven Fackler 62a9f89fce Avoid lhash weirdness 2016-11-03 20:38:51 -07:00
Steven Fackler 7f308aa5e1 Fix signature 2016-11-02 08:26:18 -07:00
Steven Fackler aa0040125b Use built in DH parameters when available 
Fall back to a hardcoded PEM blob on 1.0.1, but serialized from
DH_get_2048_256.
 2016-11-01 22:50:22 -07:00
Steven Fackler 176348630a Don't clear BigNums in destructor 
Instead add a clear method.
 2016-11-01 21:59:07 -07:00
Steven Fackler 343ce159ec Fix stack signatures 2016-11-01 19:51:55 -07:00
Steven Fackler c776534ad4 Clean up stack 2016-11-01 19:25:40 -07:00
Steven Fackler 77b76ed8a8 Merge pull request #506 from simias/stack 
Implemented a generic Stack API and use it to deal with StackOf(X509) and StackOf(GENERAL_NAME)
 2016-11-01 18:59:35 -07:00
Lionel Flandrin 8d0090faec Implement X509StoreContextRef::get_chain 2016-11-01 21:23:18 +01:00
Lionel Flandrin 3bdefa987a Implement a generic Stack API to deal with OpenSSL stacks 2016-11-01 21:23:13 +01:00
Lionel Flandrin 9ea27c12b9 Add method to encode a public key as a DER blob 2016-11-01 17:34:21 +01:00
Steven Fackler dc4098bdd8 Clean up x509 name entries 2016-10-31 22:43:05 -07:00
Steven Fackler cd7fa9fca2 Update x509 2016-10-31 20:54:34 -07:00
Steven Fackler 16e398e005 Update verify 2016-10-31 20:19:59 -07:00
Steven Fackler 558124b755 Expose SSL_MODEs 2016-10-30 22:02:26 -07:00
Steven Fackler 677718f8da Configure ECDH parameters in connector 2016-10-30 13:38:09 -07:00
Steven Fackler 8c58ecc2fa Implement EcKey 
cc #499
 2016-10-30 13:17:20 -07:00
Steven Fackler 781417d50f Add a macro definition 2016-10-27 19:12:55 -07:00
Steven Fackler bea53bb39b Support AES GCM 
Closes #326
 2016-10-25 20:59:33 -07:00
Steven Fackler 39279455c8 Add a shutdown method 2016-10-25 20:40:18 -07:00
Steven Fackler 04fc853ee3 Remove NIDs only defined in 1.0.2+ 2016-10-23 09:16:20 -07:00
Steven Fackler 2fd201d9c3 De-enumify Nid 2016-10-22 10:08:32 -07:00
Steven Fackler 5ab037f056 Allow the X509 verify error to be read from an SslRef 2016-10-18 22:21:06 -07:00
Steven Fackler cfd5192a7d De-enumify X509ValidationError 
Also make it an Error.

Closes #352.
 2016-10-18 22:10:37 -07:00
Steven Fackler c4459c37d9 Callback cleanup 2016-10-18 21:13:13 -07:00
Steven Fackler 6609a81685 Migrate DSA sign/verify to EVP APIs 2016-10-15 15:02:02 -07:00
Steven Fackler 228b8fbc5b Correctly bind BIO_new_mem_buf 2016-10-15 13:39:47 -07:00
Steven Fackler bb23b33829 Fix signature of EVP_DigestVerifyFinal on 1.0.1 2016-10-15 12:24:20 -07:00
Steven Fackler 6ae472487f Support HMAC PKeys and remove hmac module 2016-10-15 11:06:11 -07:00
Steven Fackler b564cb5db7 Add digest signature methods 2016-10-15 09:48:34 -07:00
Steven Fackler 64b8e5e553 Merge pull request #471 from sfackler/no-comp 
Handle OPENSSL_NO_COMP
 2016-10-14 23:09:11 -07:00
Steven Fackler ba997c590e Prefer 1.1 when looking for Homebrew installs 2016-10-14 22:55:44 -07:00
Steven Fackler 7ac0599638 Fix test_alpn_server_select_none 
In OpenSSL 1.1, a failure to negotiate a protocol is a fatal error, so
fork that test. This also popped up an issue where we assumed all errors
had library, function, and reason strings which is not necessarily the
case.

While we're in here, adjust the Display impl to match what OpenSSL
prints out.

Closes #465
 2016-10-14 22:01:21 -07:00
Steven Fackler f520aa2860 Handle OPENSSL_NO_COMP 
Closes #459
 2016-10-14 20:50:45 -07:00
Steven Fackler d7a433bdef Respect osslconf in systest 
Also cfg off SSLv3_method, since it's disabled in the OpenSSL that ships
with Arch Linux. More such flags can be added on demand - it doesn't
seem worth auditing everything for them.
 2016-10-14 19:16:08 -07:00
Steven Fackler d976b8f595 Enable hostname verification on 1.0.2 2016-10-14 18:56:15 -07:00