627f394d59
Revert "Revert "impl Clone for PKey and X509 by using their 'references' member""
2016-01-31 20:38:36 +00:00
4e58fd10de
Fix PKey RSA constructors
...
`set1` functions bump the object's refcount so we were previously
leaking the RSA object. Split the decode from PEM part out to a method
on RSA and use that in the PKey constructors.
Also make RSA a pointer and actually free it.
2016-01-30 13:12:06 -08:00
8ab4b54541
Revert "impl Clone for PKey and X509 by using their 'references' member"
2016-01-28 23:37:27 -08:00
274715fad0
Merge pull request #343 from jimmycuadra/ordered-extensions
...
Preserve X.509 extension insertion order
2016-01-28 22:37:48 -08:00
87f94c832f
Bump openssl version to test with
2016-01-28 22:21:10 -08:00
5e0830286e
Preserve X.509 extension insertion order.
...
Ensures that extensions that are order-dependent are inserted in the
same order when calling out to OpenSSL during certificate signing.
Fixes #327 .
2016-01-28 20:02:44 -08:00
7610804c9d
Remove unwraps from rsa accessors
2016-01-22 19:10:22 -08:00
18e7e2455c
Merge pull request #330 from esclear/master
...
Add a interface to RSA structs
2016-01-22 19:07:38 -08:00
d25858cb57
Exclude test directory from package
2016-01-22 16:34:31 -08:00
2ece5b1039
Release v0.7.5
2016-01-22 15:57:21 -08:00
b7d3357f37
Fix connect and accept error reporting
...
We were previously trying to create an error twice so the second
wouldn't be correct.
2016-01-22 15:34:31 -08:00
3ee2bf9310
Fix up RSA integration
2016-01-20 20:29:06 +00:00
74db7db560
Merge branch 'master' of https://github.com/sfackler/rust-openssl
2016-01-20 19:59:41 +00:00
95a83c477c
Merge pull request #334 from jmesmon/ssl-context
...
ssl: fix refcounting of SslContext when set_ssl_context is used
2016-01-19 20:04:44 -08:00
36a667be49
x509: impl Clone using references & CRYPTO_add()
2016-01-19 22:04:51 -05:00
3c51f159a7
crypto/pkey: impl Clone for PKey using openssl's ref counting
2016-01-19 22:04:51 -05:00
d1825c7a86
openssl/ssl/context: test that we are refcounting correctly
...
Not a perfect test, on failure it _might_ exit with this output:
Process didn't exit successfully:
`/home/cody/g/rust-openssl/openssl/target/debug/openssl-8e712036e3aac4fe`
(signal: 11)
But unclear if we can do any better.
2016-01-18 16:40:14 -05:00
dacde211c3
ssl: fix refcounting of SslContext when set_ssl_context is used
...
Additionally impl Clone for SslContext to both allow us to use it &
allow external users to take advantage of SslContext's internal
refcount.
Maintain the existing signature for set_ssl_context(), but
add inline comments recommending changing it.
Fixes #333
2016-01-18 15:37:13 -05:00
1f45723b39
Fix incorrect unsafe declaration
2016-01-12 20:57:01 +00:00
7e8df9febd
Adhere to rust conventions
2016-01-12 18:15:07 +00:00
86e2f81f43
Fix should_panic check
2016-01-11 23:45:12 -08:00
1865dd7374
Test nightly on travis
2016-01-11 22:38:06 -08:00
fd6454f625
Add stream panic propagation behind a nightly feature gate
2016-01-11 22:36:58 -08:00
1238405637
Make the BigNum generation from a native pointer unsafe
2016-01-09 22:09:38 +00:00
b32a50797c
Merge pull request #328 from Cyberunner23/PemRSA
...
Add support for RSA PEM files.
2016-01-09 13:08:00 -08:00
c0b9a4c8ec
Added tests for private_rsa_key_from_pem() and public_rsa_key_from_pem()
2016-01-09 14:36:01 -05:00
89e88727ff
Mark PKey as `Send` and `Sync`
...
Provided that the locking function is set, the underlying `ffi::EVP_KEY`
type should be safe to use across threads.
2016-01-07 06:33:25 +01:00
1d3277fbee
Added private_rsa_key_from_pem and public_rsa_key_from_pem.
2016-01-05 13:22:56 -05:00
578fac7e80
Add public interface to access BigNums from RSA keys
2016-01-01 19:46:03 +00:00
5e5d24ee25
Implement the possibility to create BigNums from their ffi counterpart
2016-01-01 19:36:29 +00:00
5813ca371d
Add RSA structs
2016-01-01 19:33:49 +00:00
926c8167be
Release v0.7.4
2015-12-18 22:41:46 -08:00
11129aa521
Rustfmt
2015-12-18 22:34:30 -08:00
a31acdbb93
Fix deprecation location
2015-12-18 22:21:23 -08:00
e85b49d375
Work around the worst of clone bogusness
...
SslStream::{clone,try_clone} are inherently broken since the Ssl object
shared by both streams is only going to be talking to one stream. Stuff
like hyper depends on try_clone, so we'll leave it here for now but
minimize the brokenness to "no worse than what it used to be like".
They'll be removed in 0.8.
cc #325
2015-12-18 21:20:47 -08:00
5fa46d428d
Release v0.7.3
2015-12-17 21:25:48 -08:00
e077ed0b4d
Disable cross compilation for now
2015-12-17 21:13:44 -08:00
053c924d5a
Fix nonblocking behavior
...
A new nonblocking socket may not have finished connecting yet, so reads
and writes can return ENOTCONNECTED which we should reinterpret into a
WantRead or WantWrite
Closes #323
2015-12-17 16:54:11 -08:00
ccab187f5a
Travis fixes
2015-12-16 23:51:19 -08:00
2cf65fc68d
Stop using manifest-path for now
...
Some ssl tests depend on the working directory being openssl
2015-12-16 23:39:29 -08:00
e7744874f4
Try cross compiling
2015-12-16 23:25:19 -08:00
2531ac9a45
Test overhaul + add an arm cross compile build
...
The ARM build doesn't do anything yet
2015-12-16 22:52:30 -08:00
02d2230a76
Fix regression of c_char type mismatches on ARM
2015-12-16 11:11:14 +01:00
157e6aa961
Rustfmt
2015-12-15 21:51:20 -08:00
edfb318e0b
Fix bounds on ssl_read and ssl_write
2015-12-15 20:06:07 -08:00
13f7cfd9d8
Release v0.7.2
2015-12-15 19:41:57 -08:00
6d559bf1da
Cleanup SNI stuff
2015-12-15 19:39:24 -08:00
3a0e64dca5
Cleanup
2015-12-15 19:33:36 -08:00
167008d247
Merge pull request #320 from uasi/add-variations-of-pbkdf2
...
Add PBKDF2-HMAC-SHA256 and -SHA512 functions
2015-12-15 19:30:57 -08:00
514c5ec415
Merge pull request #309 from Geal/master
...
Add support for Server Name indication (SNI) on the server's side
2015-12-15 19:22:39 -08:00
f2fae1f83f
Document unused variant
...
No reason to hide it
2015-12-14 23:44:28 -08:00
b8c8b770e3
Yet more AsRawSocket fixes
2015-12-12 18:01:21 -08:00
ddedda1d03
More AsRawSocket fixes
2015-12-12 16:47:03 -08:00
63a45ac622
Fix AsRawSocket impls
2015-12-12 16:33:58 -08:00
d6ce9afdf3
Have NonblockingSslStream delegate to SslStream
2015-12-12 15:46:17 -08:00
1df131ff81
Build out a new error type
2015-12-12 15:01:16 -08:00
aa37dba0bc
Make error handling more reliable
2015-12-10 21:58:22 -08:00
b6647cc610
Put pbkdf2_hmac_{256,512}() behind feature gate
...
PKCS5_PBKDF2_HMAC is not available with openssl-0.9.8 on os x
2015-12-10 23:00:49 +09:00
e9b8627af2
Add PBKDF2-HMAC-SHA256 and -SHA512 functions
2015-12-10 20:29:52 +09:00
91f8c542f7
Replace SslStream implementation!
2015-12-09 23:30:29 -08:00
8f56897043
Implement read and write
2015-12-09 22:02:02 -08:00
9ee6f1c578
IT LIVES
2015-12-09 21:43:02 -08:00
4d883d488e
Custom BIO infrastructure
2015-12-08 23:02:38 -08:00
8cc69267fd
Bump openssl version for travis
2015-12-07 19:03:29 -08:00
6850c810d3
Increment SSL_CTX's reference count in Ssl::get_ssl_context()
...
Without this, whenever the returned SslContext is released,
the refcount of the underlying SSL_CTX will decrease and it
will be freed too soon
2015-12-03 12:26:55 +01:00
f54af75eb7
Cast correctly c_char raw pointers (fixes build on ARM #314 )
2015-11-30 21:06:54 +01:00
fce7cf4d36
Release v0.7.1
2015-11-28 16:14:58 -08:00
7835ea1c90
Make shims for SSL_CTX_ctrl and SSL_CTX_callback_ctrl macro wrappers
2015-11-25 08:10:36 +01:00
e486944320
fix memory management
2015-11-25 07:51:22 +01:00
667e3f44b9
Avoid freeing the SSL object when Ssl is dropped
2015-11-24 17:15:52 +01:00
dba3a0ced2
implement get/set ssl context
2015-11-24 17:11:00 +01:00
cb4263f91e
test SNI support
2015-11-24 17:11:00 +01:00
6bb3d8f1b5
Implement try_clone for MaybeSslStream
...
Closes #308
2015-11-20 21:33:36 -08:00
38b3b4a11e
Fixed a typo in a comment.
2015-11-19 19:52:26 -05:00
3c6c4a7b3d
Fix a leak when using `EVP_PKEY_get1_RSA`.
...
`EVP_PKEY_get1_RSA` returns a RSA structure with its reference count
increased by 1 and therefore we need to call `RSA_free` after finishing
using that value.
2015-11-18 11:36:34 +08:00
82547f53d7
Release v0.7.0
2015-11-16 21:10:50 -08:00
1bc96a5b3d
Remove deprecated X509 methods
2015-11-16 20:56:02 -08:00
f36f610d07
Move HMAC_CTX_copy to sys-extras
2015-11-16 20:16:01 -08:00
a8a10e64ad
Split stuff requiring a shim out to a separate crate
2015-11-16 20:16:01 -08:00
8139fadbff
Bump ws2_32-sys version
2015-11-16 20:16:01 -08:00
309b6d9f46
Switch to libc 0.2
2015-11-16 20:16:01 -08:00
03e4908c13
Move SSL methods to Ssl object, add getter
2015-11-16 20:16:01 -08:00
fae44250f6
Fix feature gated sslv3
2015-11-16 20:16:01 -08:00
be2cbabdb7
Revert "Revert "Merge pull request #280 from ltratt/libressl_build""
...
This reverts commit ae3d0e36d7
2015-11-16 20:16:01 -08:00
b0cb0f7c40
Revert "Use AsRef for backwards compatibility with passing IV as Vec"
...
This reverts commit d2d20a8377
2015-11-16 20:16:01 -08:00
65e1d08dd3
Merge pull request #300 from thommay/pkey_private_encrypt
...
Provide public_decrypt, private_encrypt for PKEY
2015-11-16 23:16:04 -05:00
776852ff2b
Travis without sudo
2015-11-08 23:16:42 -08:00
11e3b1b563
Provide public_decrypt, private_encrypt for PKEY
2015-10-28 18:15:55 +00:00
1e7ff1d8a8
Better debug impls
2015-10-26 21:43:52 -07:00
c895b9f09f
Get nonblocking tests working on OSX/Windows
2015-10-22 08:45:29 -07:00
c37767df8f
Nonblocking streams support.
2015-10-20 23:14:26 -07:00
f318a2c84c
Release v0.6.7
2015-10-14 22:25:35 -04:00
ae3d0e36d7
Revert "Merge pull request #280 from ltratt/libressl_build"
...
This reverts commit aad933e50760ee731408
2015-10-14 21:51:32 -04:00
8f5b67fed4
Merge pull request #286 from jedisct1/use_certificate_chain
...
Add set_certificate_chain_file()
2015-10-13 09:26:18 -04:00
81bc1edb61
Merge pull request #284 from bheart/cfb-mode
...
AES CFB-mode feature
2015-10-12 21:18:27 -04:00
a28253ee7d
Add set_certificate_chain_file()
...
SSL_CTX_use_certificate_chain_file() is preferred over
SSL_CTX_use_certificate_file().
It allows the use of complete certificate chains instead of loading
only the first certificate in a PEM file.
2015-10-12 20:54:00 +02:00
acbcb49414
AES CFB{1,8,128} mode support
2015-10-11 20:09:36 +02:00
aad933e507
Merge pull request #280 from ltratt/libressl_build
...
Fix build on LibreSSL.
2015-10-10 21:56:20 -04:00
60ee731408
Merge pull request #277 from nixpulvis/read_public_pem
...
Add public key PEM read function.
2015-10-10 21:55:37 -04:00
677ed6ad1b
Release v0.6.6
2015-10-05 22:34:32 +01:00
d7342a09a7
Fix build on LibreSSL.
...
LibreSSL has deprecated SSLv3_method, so this commit makes that a compile-time
feature.
It also removes a test referencing SSL_OP_CISCO_ANYCONNECT, as the LibreSSL
header says it is amongst "Obsolete flags kept for compatibility. No sane code
should use them."
2015-10-03 17:25:38 +00:59
df93e5e90b
Update documentation about SSLv23
...
In OpenSSL world, the SSLv23 option is a poorly name method that will
negotiate what version of TLS or SSL to use. It starts with the best
version the library supports and then precedes to keep trying all the
way down to SSL 2.0.
2015-10-02 16:22:11 -05:00
ffa9d330fd
Add public key PEM read function.
2015-10-01 20:33:12 -04:00
ccc6d07da3
Add an ecdh_auto description
2015-09-25 15:23:52 +02:00
28320a65a7
Add SSL::set_ecdh_auto()
...
This sets automatic curve selection and enables ECDH support.
Requires LibreSSL or OpenSSL >= 1.0.2, so behind a feature gate.
2015-09-25 13:15:37 +02:00
a91b6bf3bd
Enable testing on Windows via AppVeyor
...
This abolishes the test.sh script which spawns a bunch of `openssl` instances to
instead run/manage the binary in-process (providing more isolation to boot). The
tests have been updated accordingly and the `connected_socket` dependency was
also dropped in favor of `net2` as it the former doesn't work on Windows.
2015-09-22 17:37:21 -07:00
b1b76f7913
Merge pull request #266 from jmesmon/alpn
...
ssl/npn+alpn: adjust protocol selection to fail if no protocols match
2015-09-16 11:51:45 -07:00
4c28eb706e
ssl/alpn: test mismatch between protocols resulting in None
2015-09-16 13:35:12 -04:00
1c3f04138f
Merge pull request #261 from jedisct1/try_ssl_null
...
Use try_ssl_null!() when relevant
2015-09-16 01:13:24 -04:00
6a2b4402e9
Use try_ssl_null!() when relevant
2015-09-13 12:45:05 +02:00
6666a1818a
Add DH::from_pem() to load DH parameters from a file
2015-09-13 12:44:50 +02:00
f4bf55faa3
Merge pull request #270 from mvdnes/crypto_segv
...
Check if public/private RSA key is properly loaded
2015-09-11 11:31:15 -04:00
87d5c0e429
Fix one call to RSA_size found by tests
2015-09-11 09:24:24 +02:00
3be32528e5
Add tests to ensure a panic occurs instead of segv
2015-09-11 09:23:51 +02:00
0eb2f0ecfa
Check rsa.is_null() before passing it to RSA_size
...
RSA_size will cause an segmentation fault if it is null
2015-09-10 13:04:25 +02:00
02b109bf04
Check _fromstr function for success
2015-09-10 12:58:40 +02:00
4781a3304a
Make the docs say that load_pub/save_pub methods take DER bytes
2015-09-09 19:58:45 -04:00
50c5042c70
ssl/npn+alpn: adjust protocol selection to fail if no protocols match
...
The current behavior causes a server written using rust-openssl to (if
it cannot negotiate a protocol) fallback to the first protocol it has
avaliable.
This makes it impossible to detect protocol mismatches.
This updates our selection to be more similar to how openssl's
s_server behaves: non-matching protocols are not supplied with a
fallback.
Note that some setups may actually want a fallback protocol supplied
via ALPN. To support those cases, we should consider adding a generic
callback that allows protocol selection to be entirely controlled by
the programmer.
For the purposes of having a sane default, however, not supplying a
default (and mimicing s_server's behavior) is the best choice.
2015-09-01 17:14:04 -04:00
164f3f0873
openssl/ssl: fix some of the comment text where I missed replacing NPN with ALPN
2015-09-01 17:13:39 -04:00
e28b73e1f6
Merge pull request #259 from jedisct1/dh
...
Add support for DHE for forward secrecy
2015-09-01 00:10:03 -04:00
7b0b70bd13
Release v0.6.5
2015-08-31 19:10:27 -07:00
9add4e1001
Add support for set_tmp_dh() and RFC5114 DH parameters for forward secrecy.
...
rust-openssl didn't support forward secrecy at all.
This adds support for DHE, by exposing set_tmp_dh() as well as the RFC5114
parameters, which are conveniently exposed since OpenSSL 1.0.2.
With OpenSSL >= 1.0.2, and the rfc5114 feature gate, enabling DHE is as simple
as (here for 2048-bit MODP group with 256-bit prime order subgroup):
use openssl::dh::DH;
let dh = DH::get_2048_256().unwrap();
ctx.set_tmp_dh(dh).unwrap();
With OpenSSL < 1.0.2, DH::from_params() can be used to manually specify the
DH parameters (here for 2048-bit MODP group with 256-bit prime order subgroup):
use openssl::bn::BigNum;
use openssl::dh::DH;
let p = BigNum::from_hex_str("87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F25D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA3016C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0EF13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D967E144E5140564251CCACB83E6B486F6B3CA3F7971506026C0B857F689962856DED4010ABD0BE621C3A3960A54E710C375F26375D7014103A4B54330C198AF126116D2276E11715F693877FAD7EF09CADB094AE91E1A1597").unwrap();
let g = BigNum::from_hex_str("3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF205407F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC831D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6184B523D1DB246C32F63078490F00EF8D647D148D47954515E2327CFEF98C582664B4C0F6CC41659").unwrap();
let q = BigNum::from_hex_str("8CF83642A709A097B447997640129DA299B1A47D1EB3750BA308B0FE64F5FBD3").unwrap();
let dh = DH::from_params(p, g, q).unwrap();
ctx.set_tmp_dh(dh).unwrap();
2015-08-31 23:12:57 +02:00
dc8cba4822
Merge pull request #251 from ebarnard/evp_bytestokey
...
Expose EVP_BytesToKey
2015-08-23 13:37:55 -04:00
8067565707
Expose EVP_BytesToKey
...
This is based on work by pyrho.
Closes #88
2015-08-23 17:08:18 +07:00
4cb68efd99
Merge pull request #253 from manuels/master
...
Add get_state_string()
2015-08-19 02:31:15 -04:00
3fe3d57976
Add get_state_string()
2015-08-17 19:01:43 +02:00
fa5c4cb5df
Fix openssl source link in tests
2015-08-15 14:37:03 -07:00
769b8312d8
Merge pull request #240 from jethrogb/topic/x509_req_extension
...
Implement certificate extensions for certificate requests
2015-08-15 16:04:42 -04:00
df32e53afa
Grab errno for directstream want errors
2015-08-10 22:29:34 -04:00
69cbd14540
Handle WantWrite and WantRead errors
2015-08-08 12:25:16 -07:00
a10604e15d
Merge pull request #243 from manuels/master
...
Fix probelms with DTLS when no packets are pending.
2015-08-02 22:27:19 -04:00
02dc3eda2f
Merge pull request #242 from awelkie/master
...
Added AES CTR-mode under feature flag.
2015-08-02 22:25:09 -04:00
c7eded31a7
Expose ssl::init
2015-07-26 18:28:25 +02:00
ab7bfad225
Add function to write RSA public key as PEM
2015-07-23 22:30:07 -07:00
3fc8482d36
Make curl follow redirects
2015-07-23 21:51:06 -07:00
a43011d77c
Fix probelms with DTLS when no packets are pending.
...
When using DTLS you might run into the situation where no packets
are pending, so SSL_read returns len=0. On a TLS connection this
means that the connection was closed, but on DTLS it does not
(a DTLS connection cannot be closed in the usual sense).
This commit fixes a bug introduced by c8d23f3
2015-07-18 13:00:34 +02:00
b478c29151
Added AES CTR-mode under feature flag.
2015-07-15 20:45:18 -04:00
90dd54b541
Implement certificate extensions for certificate requests
2015-07-08 13:37:35 -07:00
1e4cba36e8
Add missing C-string conversion, fixing recent build errors
2015-07-08 11:05:18 -07:00
3351d5b807
Merge pull request #227 from jethrogb/topic/x509_name
...
Allow setting of arbitrary X509 names
2015-07-08 10:21:19 -07:00
0cb4368ef8
Merge pull request #221 from jethrogb/topic/ssl_options
...
Several SSL option fixes
2015-07-08 10:20:33 -07:00
e3c562d6a0
Fix/add more X509generator tests
2015-07-08 10:09:40 -07:00
1bcbe8f4bc
Add X509generator.add_names method
2015-07-08 10:09:40 -07:00
f2b0da1de7
Add public add_name method to X509Generator
2015-07-08 10:08:41 -07:00
11bcac01ec
Replace CN field by names vector
2015-07-08 10:06:52 -07:00
3229296105
Merge pull request #233 from jethrogb/topic/x509_extension
...
Allow setting of arbitrary X509 extensions
2015-07-08 03:10:40 -04:00
cc497b4768
Release v0.6.4
2015-07-06 11:09:03 -07:00
f4afe615dd
Unpin the bitflags version.
...
This dependency causes Servo to depend on multiple versions of the bitflags
crate.
2015-07-06 19:47:59 +02:00
aeefa364b7
Decouple C SSL Option bit flags from Rust version
...
The OpenSSL "SSL_OP_*" flags are in constant flux between different OpenSSL
versions. To avoid having to change the Rust definitions, we implement our
own numbering system in Rust, and use an automatically-generated C shim to
convert the bitflags at runtime.
2015-07-01 21:49:11 -07:00
f9a836fae9
tabs to spaces
2015-07-01 00:18:45 -07:00
93eb0cfa2d
Add documentation on X509 Extensions
2015-07-01 00:18:45 -07:00
e9cc8cb121
Add Issuer Alternative Name extension
2015-07-01 00:18:45 -07:00
f4168b1161
Add Subject Alternate Name extension
2015-07-01 00:18:45 -07:00
b46574b635
Add arbitrary X509 extensions by OID string
2015-07-01 00:18:45 -07:00
e367567d00
Add arbitrary X509 extensions by NID
2015-07-01 00:18:45 -07:00
2fa1344367
Add public generic extension interface to X509Generator
...
* Add add_extension and add_extensions functions
* Deprecate set_usage and set_ext_usage
* Change test to use add_extension
2015-07-01 00:18:45 -07:00
53b868697a
Implement arbitrary X509 Extended Key Usage values
2015-07-01 00:18:45 -07:00
8d1abf5156
Implement "extensions" field in X509generator, and change existing extensions to use that
2015-07-01 00:18:45 -07:00
d5a4d48cab
Turn assertions into unwraps such that tests provide useful output on panic.
2015-07-01 00:18:44 -07:00
c4e398d397
Turn "dirty hack" into slightly less dirty hack, with potential to become non-dirty
2015-07-01 00:18:44 -07:00
14a2f5c5e9
Move X509 extensions to seperate module, implement ToString instead of custom AsStr
2015-07-01 00:18:44 -07:00
9074af5bdd
Add a test that checks whether 3 known subject attributes can be retrieved by NID
2015-06-30 23:51:54 -07:00
1d214bce61
Fix NID definitions to match OpenSSL. The previous numbers were introduced incorrectly in #213
2015-06-30 23:34:17 -07:00
a6ff56209d
Revert "Don't build a custom openssl on OSX"
...
This reverts commit 645430602d
2015-06-30 00:07:38 -07:00
61e61bbae4
Fix backcompat method
2015-06-29 22:04:31 -07:00
dfacea1df6
Fix build with alpn feature
2015-06-29 21:58:54 -07:00
01e01e3747
ssl: support ALPN
...
Heavily based on the existing NPN wrapping code. Naming of public
functions is identical to the NPN ones with `s/npn/alpn/` applied to
prevent devs from needing to remember 2 names (and to let my copy the
npn tests and perform the subistution to generate the apln tests).
It might make sense to (at some point) use macros or a trait to cut down
the duplication.
2015-06-29 10:58:45 -04:00
539ae2eebf
ssl/NPN: factor out encoding of the protocol list
...
The intention is to allow the encoding to be reused by the ALPN support
code.
2015-06-29 10:57:44 -04:00
a94ea78d8a
ssl: use a common helper to generate new ex data indexes, switch NPN to a lazyref
...
Rather than having the verification data idx generation and NPN use
there own (similar) impls to generate indexes with destructors, unify
them.
Make NPNs use of indexes more idomatic by storing the index in a
lazyref rather than having a function with static data members.
2015-06-29 10:57:44 -04:00
8fdd0e2ec1
More docs
2015-06-28 11:30:49 -07:00
94b0f26c10
Fix windows build
2015-06-28 10:21:06 -07:00
b1dd46ae6a
Docs
2015-06-28 10:15:33 -07:00
3325e6b474
Make the direct constructors the defaults
2015-06-28 10:06:42 -07:00
797488dd09
Add docs for accept and connect
2015-06-28 00:21:41 -07:00
b1a30ce4ba
Rename new_client to connect and new_server to accept
2015-06-28 00:12:47 -07:00
1373a76ce1
Implement direct IO support
2015-06-28 00:06:14 -07:00
9b235a7b91
Prepare for direct stream support
2015-06-27 22:37:10 -07:00
c722f889c1
Docs tweak
2015-06-27 21:40:55 -07:00
0cff370f1d
Reduce SslStream constructor duplication
2015-06-27 21:40:00 -07:00
a80a77bbb8
Initialize stream buffer
2015-06-27 19:42:13 -07:00
9d0acfe615
Fix set_hostname
...
It was previously failing to null terminate the hostname string (was
anyone actually using this?). Also move the macro expansion to the C
shim.
2015-06-27 19:37:45 -07:00
645430602d
Don't build a custom openssl on OSX
...
I don't believe the bugfix the required this is needed anymore
2015-06-27 15:45:48 -07:00
cb7248d8cb
Import shim'd HMAC stuff with the original name
2015-06-27 15:23:19 -07:00
d0b769c93c
Move macro replicas into C shim
2015-06-27 15:11:11 -07:00
524c1e63aa
Release v0.6.3
2015-06-25 23:22:04 -07:00
212acf0bb8
Add a test for connection negotiation failure
2015-06-25 23:07:25 -07:00
c8d23f37a4
Fix EOF handling in retry wrapper
2015-06-25 22:47:53 -07:00
2c18bc7f52
Remove superfluous vec! usage
2015-06-14 21:56:48 -07:00
d2d20a8377
Use AsRef for backwards compatibility with passing IV as Vec
2015-06-14 21:56:23 -07:00
cbf0cbafbf
Pass symmetric crypto initialization vector as a slice
...
Note: This change is backwards-incompatible. Users will need to add turn their
parameters into references.
2015-06-12 18:38:52 -07:00
7344b2703a
Bump bitflags version
2015-06-02 14:33:10 +05:30
7320c1619f
Correction on sign and verify documentation to be more explicit of right
...
behaviour (no hash done by the functions).
2015-05-30 13:08:45 +02:00
8e180371ec
Merge pull request #219 from jethrogb/topic/x509req
...
Implement limited X509_REQ functionality
2015-05-29 00:01:21 -04:00
ed6f7997a2
Remove superfluous dead_code attribute
2015-05-28 20:47:53 -07:00
c1232f3035
Implement limited X509_REQ functionality
2015-05-28 00:22:14 -07:00
a0cbcf56cf
Clarify which keys are used where
2015-05-27 23:46:02 -07:00
1123c7387e
Fix SslString Debug impl and drop lifetime
2015-05-17 11:22:42 -07:00
6d53a3ed20
Test reading CN from test certificate
2015-05-18 02:41:42 +10:00
e88f1567b4
Add support for reading X509 subject information
2015-05-18 02:41:42 +10:00
e7a5ecc8dd
Add test for get_peer_certificate()
2015-05-16 19:37:31 +10:00
5d9eaf53da
Add accessor for peer_certificate
2015-05-16 19:20:38 +10:00
d723481f77
Fix doc root
2015-05-13 16:31:27 -07:00
8a9aa0c657
Merge pull request #210 from manuels/pending
...
Add SslStream.pending()
2015-05-05 22:57:14 -04:00
fb2822d5c7
Merge pull request #201 from manuels/pkey_cmp
...
Add comparison for PKeys
2015-05-04 10:19:13 -07:00
00c17035ec
Abstract over AsRef<Path>
2015-05-02 13:59:11 -07:00
d044d87c1b
Release v0.6.2
2015-05-01 10:43:54 -07:00
b0bcb44556
Move PKey comparison func to public_eq()
2015-05-01 10:58:15 +02:00
c8fae312ad
Add SslStream.pending()
2015-04-30 20:00:30 +02:00
73617dabfa
Write through to underlying stream for every write call
...
cc #208
2015-04-30 00:18:23 -07:00
bce84a6d53
Release v0.6.1
2015-04-22 15:08:56 -07:00
123d400277
Add comparison for PKeys
2015-04-16 17:14:21 +02:00
7db00b97ba
Add X509::public_key()
2015-04-15 22:59:07 +02:00
8027fff782
Fix nightly build issues
2015-04-15 09:10:22 -07:00
8eb5db45bf
Fix non-dtls tests
2015-04-08 22:12:57 -07:00
c5a16db97e
Fix dtls tests
...
There's a reason static mut is unsafe...
2015-04-08 22:10:13 -07:00
483e0b1f0a
Clean up build infrastructure
2015-04-08 21:52:54 -07:00
6f1e9cf47c
Make connected_socket a dev-dependency
2015-04-06 13:00:12 +02:00
b3eae0e3f6
Adapt code for rust-1.0.0-beta
2015-04-06 12:56:38 +02:00
912cacf4bc
Fix rebase errors
2015-04-06 12:26:10 +02:00
fb98f482e2
Add ability to load private keys from files and use raw keys and certificates for SslContext
...
Conflicts:
openssl/src/crypto/pkey.rs
openssl/src/ssl/tests.rs
2015-04-06 12:25:37 +02:00
3c03dd9535
Add ability to load private keys from files and use raw keys and certificates for SslContext
...
Conflicts:
openssl/src/ssl/tests.rs
2015-04-06 12:25:15 +02:00
114253c55e
Change SslContext::set_read_ahead(c_long) to SslContext::set_read_ahead(u32)
2015-04-06 12:23:11 +02:00
62b19e87e8
Fix preemtively exiting openssl dtls server for tests
2015-04-06 12:23:11 +02:00
362a7dfc93
Debug halteproblem with tests
2015-04-06 12:23:11 +02:00
dbef985e32
Move connected_socket to its own crate and fix SSL_CTX_set_read_ahead()
2015-04-06 12:23:11 +02:00
5788f3bec8
Use latest OpenSSL version in travis tests and more verbose error message in ConnectedSocket
2015-04-06 12:22:51 +02:00
014f59ae60
Fix detect_invalid_ipv4 test on OSX
...
Looks like the invalid IP 254.254.254.254 is fine for OSX
2015-04-06 12:22:51 +02:00
3680763906
Fix OSX related compiler error and correct travis OpenSSL setup
2015-04-06 12:22:51 +02:00
4f2978bbd3
Adjust sin_len/sin6_len for non-linux platforms
...
Fixing errors for platforms you don't own is really annoying ;)
Fixing errors
2015-04-06 12:22:51 +02:00
efbd4eee05
Fix portability issue and typo
2015-04-06 12:22:50 +02:00
8a0e9d6cca
Fix travis test setup for DTLS
2015-04-06 12:22:50 +02:00
664600eadf
Add DTLSv1 and DTLSv1.2 support
2015-04-06 12:22:50 +02:00
5408b641dd
Add connect() support for UDP sockets
2015-04-06 12:14:36 +02:00
51dd12934a
Release v0.6.0
2015-04-05 16:50:37 -07:00
36f264551a
Merge pull request #186 from manuels/set_raw_key
...
Use raw keys and certs in SslContext
2015-04-05 16:45:24 -07:00
ed97463346
Release v0.5.5
2015-04-03 08:44:34 -07:00
7e88d8c277
Fix errors in tests (SslVerifyPeer -> SSL_VERIFY_PEER)
2015-04-03 15:16:38 +02:00
57f046e8ea
Use raw pointers instead of ptr::Unique
2015-04-03 14:42:35 +02:00
e1d65fc2be
Return Result<(),SslError> instead of Option<SslError>
2015-04-03 14:34:24 +02:00
b6c5c113f5
Add SslContext::add_extra_chain_cert()
2015-04-03 14:34:24 +02:00
632d8398cf
Add ability to load private keys from files and use raw keys and certificates for SslContext
2015-04-03 14:34:24 +02:00
b42202b858
Change SslVerifyMode to bitflags and add SSL_VERIFY_FAIL_IF_NO_PEER_CERT
...
SslVerifyMode was changed to bitflags to allow for bitwise operations
like (SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT).
2015-04-03 14:34:24 +02:00
4606687829
Stabilize openssl!
2015-04-02 21:12:05 -07:00
293f1ce5b1
Fixup for beta
...
Add derive(Clone) and don't negate unsigned numbers
2015-04-02 18:14:51 -07:00
f4761bb292
Remove two features
2015-04-02 13:59:55 -07:00
368c0a18ee
Release v0.5.4
2015-04-02 11:17:31 -07:00
19a24b80e9
Fix doctest errors
2015-04-02 11:15:59 -07:00
24b876521b
rustup: changes to io::Error
2015-04-02 11:12:18 -07:00
121a667f9b
Remove a bunch of use of core feature
2015-03-30 23:09:15 -07:00
c101abac6b
Remove unsafe_destructor
2015-03-30 21:24:34 -07:00
Steven Fackler