min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,809 Commits 2 Branches 0 Tags 16 MiB
Commit Graph

204 Commits

Author SHA1 Message Date
Steven Fackler dc4098bdd8 Clean up x509 name entries 2016-10-31 22:43:05 -07:00
Steven Fackler cd7fa9fca2 Update x509 2016-10-31 20:54:34 -07:00
Steven Fackler f640613863 Update PKey 2016-10-31 20:12:55 -07:00
Steven Fackler 849fca4a7b Convert Asn1Time 2016-10-31 20:02:24 -07:00
Steven Fackler f75f82e466 Rustfmt 2016-10-30 16:37:45 -07:00
Steven Fackler c89f2c0be0 Use PKeyRef in X509Generator 2016-10-29 16:37:56 -07:00
Steven Fackler 85169e5a61 Fix reexport 2016-10-29 15:02:07 -07:00
Steven Fackler 4c7a5a418e Implement client and server connectors 2016-10-29 14:02:26 -07:00
Steven Fackler 1a288da86c Make verification unconditionally exposed internally 2016-10-28 22:14:44 -07:00
Steven Fackler 4f59d57675 Move SslString to a shared location 2016-10-26 21:28:00 -07:00
Steven Fackler d39a2cedad Fix tests 2016-10-22 16:01:26 -07:00
Steven Fackler 2fd201d9c3 De-enumify Nid 2016-10-22 10:08:32 -07:00
Steven Fackler 98b7f2f935 Flatten crypto module 2016-10-22 09:16:38 -07:00
Steven Fackler 8ec53eb0e1 Fix X509StoreContext 2016-10-21 20:59:07 -07:00
Steven Fackler b7017a7eec Update Asn1TimeRef 2016-10-21 17:13:30 -07:00
Steven Fackler 23fc6c828b Convert X509Ref 2016-10-21 17:01:13 -07:00
Steven Fackler b3eb8d516c Switch X509Name over to new borrow setup 
The use of actual references enables us to be correct with respect to
mutability without needing two structs for the mutable and immutable
cases and more deref impls.
 2016-10-20 22:51:10 -07:00
Steven Fackler 5ab037f056 Allow the X509 verify error to be read from an SslRef 2016-10-18 22:21:06 -07:00
Steven Fackler cfd5192a7d De-enumify X509ValidationError 
Also make it an Error.

Closes #352.
 2016-10-18 22:10:37 -07:00
Steven Fackler 080050e10d Drop lifetime on GeneralNames 2016-10-18 21:52:49 -07:00
Steven Fackler 194298a057 Implement new feature setup 
The basic idea here is that there is a feature for each supported
OpenSSL version. Enabling multiple features represents support for
multiple OpenSSL versions, but it's then up to you to check which
version you link against (probably by depending on openssl-sys and
making a build script similar to what openssl does).
 2016-10-17 21:57:54 -07:00
Steven Fackler 7ec015325b Finish error overhaul 2016-10-16 21:07:17 -07:00
Steven Fackler c171be551a De-enumify message digests 2016-10-15 15:23:29 -07:00
Steven Fackler d976b8f595 Enable hostname verification on 1.0.2 2016-10-14 18:56:15 -07:00
Steven Fackler af51b263b1 Support hostname verification 
Closes #206
 2016-10-14 17:39:31 -07:00
Alex Crichton 43c951f743 Add support for OpenSSL 1.1.0 
This commit is relatively major refactoring of the `openssl-sys` crate as well
as the `openssl` crate itself. The end goal here was to support OpenSSL 1.1.0,
and lots of other various tweaks happened along the way. The major new features
are:

* OpenSSL 1.1.0 is supported
* OpenSSL 0.9.8 is no longer supported (aka all OSX users by default)
* All FFI bindings are verified with the `ctest` crate (same way as the `libc`
  crate)
* CI matrixes are vastly expanded to include 32/64 of all platforms, more
  OpenSSL version coverage, as well as ARM coverage on Linux
* The `c_helpers` module is completely removed along with the `gcc` dependency.
* The `openssl-sys` build script was completely rewritten
  * Now uses `OPENSSL_DIR` to find the installation, not include/lib env vars.
  * Better error messages for mismatched versions.
  * Better error messages for failing to find OpenSSL on a platform (more can be
    done here)
  * Probing of OpenSSL build-time configuration to inform the API of the `*-sys`
    crate.
* Many Cargo features have been removed as they're now enabled by default.

As this is a breaking change to both the `openssl` and `openssl-sys` crates this
will necessitate a major version bump of both. There's still a few more API
questions remaining but let's hash that out on a PR!

Closes #452
 2016-10-12 22:49:55 -07:00
Steven Fackler cd69343d67 Fix SslContext::add_extra_chain_cert 
SSL_CTX_add_extra_chain_cert assumes ownership of the certificate, so
the method really needs to take an X509 by value. Work around this by
manually cloning the cert.

This method has been around for over a year but I'm guessing nobody
actually used it since it produces a nice double free into segfault!
 2016-08-17 19:30:57 -07:00
David Weinstein 7a653282a9 Get rid of use Asn1TimeRef warning for some builds 2016-08-17 01:23:54 -04:00
David Weinstein 06f19cf285 Be explicit regarding Asn1TimeRef lifetimes 2016-08-17 01:23:54 -04:00
David Weinstein 90c42fc026 Fix docs 2016-08-17 01:23:54 -04:00
David Weinstein 234ce581f9 Add x509_validity feature to travis tests 
- also update docs for new x509 `not_before`, `not_after`
 2016-08-17 01:23:54 -04:00
David Weinstein 96b1ef829c Add `"x509_expiry"` feature flag 
- fix return of `ASN1_TIME_print`
- assert on null `date`
 2016-08-17 01:23:54 -04:00
David Weinstein 32a4e2ba50 Introduce `Asn1TimeRef` 2016-08-17 01:23:54 -04:00
David Weinstein f9cd4bff1f Progress on asn1 expiry 
- Use MemBio and implement `Display` for Asn1Time

- Tweak doc for asn1 `not_before`, `not_after`
 2016-08-17 01:23:54 -04:00
Steven Fackler 88dcb1c81d Add a little comment to sketchy transmute 2016-08-15 18:41:18 -07:00
Steven Fackler e5299fd7c9 Fix memory leak in general name stack 2016-08-14 11:16:53 -07:00
Steven Fackler 6b12a0cdde PKCS #12 support 2016-08-14 11:11:26 -07:00
Steven Fackler 5042d3d170 Mangle c helper functions 
We want to make sure that multiple openssl versions can coexist in the
same dependency tree.

Closes #438
 2016-08-13 12:05:29 -07:00
Steven Fackler 59fe901357 Method renames 2016-08-10 21:28:17 -07:00
Steven Fackler c15642ccea Tweaks 2016-08-10 21:25:18 -07:00
Steven Fackler c4e7743c57 Asn1 and Bignum renames 2016-08-10 20:51:06 -07:00
Steven Fackler 1ac54b06e9 Move X509_get_extensions to openssl helpers 2016-08-09 22:15:16 -07:00
Steven Fackler 0854632ff5 Make c_helpers optional 2016-08-09 22:02:49 -07:00
Steven Fackler 6b1016c86e Add PKey::from_rsa 2016-08-07 22:56:44 -07:00
Steven Fackler 6e5cd7ef47 Remove X509Generator::bitlenth 2016-08-07 22:46:14 -07:00
Steven Fackler a8f827d28c Fix example 2016-08-07 22:44:42 -07:00
Steven Fackler 77ba043acf x509 cleanup 2016-08-07 21:53:05 -07:00
Steven Fackler 79602b6af4 get_error -> error 2016-08-07 21:34:58 -07:00
Steven Fackler 7855f428aa PKey reform 
This deletes the vast majority of PKey's API, since it was weirdly tied
to RSA and super broken.
 2016-08-07 20:38:46 -07:00
Steven Fackler 7ca5ccf064 Hash reform 
Closes #430
 2016-08-07 16:29:36 -07:00
Steven Fackler bc97d088b0 get_handle -> handle 2016-08-05 21:07:17 -07:00
Steven Fackler fe47e93f2f Fix pkey method safety 2016-08-05 21:04:40 -07:00
Steven Fackler b4145c6fa5 Clean up x509 2016-08-05 20:55:05 -07:00
Steven Fackler 4e911e7972 Make x509 constructors unsafe 2016-08-05 19:51:59 -07:00
Steven Fackler 08e27f31ed Restructure PEM input/output methods 
Dealing with byte buffers directly avoids error handling weirdness and
we were loading it all into memory before anyway.
 2016-08-02 20:49:28 -07:00
Steven Fackler f0ffa246b8 Merge remote-tracking branch 'origin/master' into breaks 2016-07-31 15:15:47 -07:00
Steven Fackler 4eaada2c4b Merge pull request #427 from onur/save_der 
Implement save_der for X509 and X509Req
 2016-07-29 09:05:51 -07:00
Onur Aslan 7c082904fc Implement get_handle for X509Req 2016-07-29 16:30:24 +03:00
Onur Aslan 5ed77df197 Implement save_der for X509 and X509Req 2016-07-29 12:14:49 +03:00
Steven Fackler 1b0757409d Rustfmt 2016-05-16 23:03:13 -07:00
Steven Fackler fa62232649 Error reform 2016-05-03 20:24:07 -07:00
Steven Fackler 59c13aea84 Still check UTF validity in dnsname 2016-05-01 18:14:33 -07:00
Steven Fackler 2cfb25136f Document SAN APIs and tweak accessor names 2016-05-01 09:09:51 -07:00
Steven Fackler 87782b22cf Implement IntoIterator for &GeneralNames 2016-04-30 21:32:29 -07:00
Corey Farwell bf7076b785 Implement `iter` method on `GeneralNames`. 2016-05-01 00:02:10 -04:00
Steven Fackler 7b73003b67 Add X509StoreContext::error_depth 2016-04-30 09:27:50 -07:00
Steven Fackler 32722e1850 Add accessors for x509 subject alt names 2016-04-29 21:15:32 -07:00
Steven Fackler caf9272c85 Start on GeneralName 2016-04-28 22:16:29 -07:00
Steven Fackler 627f394d59 Revert "Revert "impl Clone for PKey and X509 by using their 'references' member"" 2016-01-31 20:38:36 +00:00
Steven Fackler 8ab4b54541 Revert "impl Clone for PKey and X509 by using their 'references' member" 2016-01-28 23:37:27 -08:00
Jimmy Cuadra 5e0830286e Preserve X.509 extension insertion order. 
Ensures that extensions that are order-dependent are inserted in the
same order when calling out to OpenSSL during certificate signing.

Fixes #327.
 2016-01-28 20:02:44 -08:00
Cody P Schafer 36a667be49 x509: impl Clone using references & CRYPTO_add() 2016-01-19 22:04:51 -05:00
Steven Fackler 157e6aa961 Rustfmt 2015-12-15 21:51:20 -08:00
Ondrej Perutka f54af75eb7 Cast correctly c_char raw pointers (fixes build on ARM #314) 2015-11-30 21:06:54 +01:00
Steven Fackler 1bc96a5b3d Remove deprecated X509 methods 2015-11-16 20:56:02 -08:00
Steven Fackler a8a10e64ad Split stuff requiring a shim out to a separate crate 2015-11-16 20:16:01 -08:00
Jethro Beekman 90dd54b541 Implement certificate extensions for certificate requests 2015-07-08 13:37:35 -07:00
Jethro Beekman 1e4cba36e8 Add missing C-string conversion, fixing recent build errors 2015-07-08 11:05:18 -07:00
Jethro Beekman e3c562d6a0 Fix/add more X509generator tests 2015-07-08 10:09:40 -07:00
Jethro Beekman 1bcbe8f4bc Add X509generator.add_names method 2015-07-08 10:09:40 -07:00
Jethro Beekman f2b0da1de7 Add public add_name method to X509Generator 2015-07-08 10:08:41 -07:00
Jethro Beekman 11bcac01ec Replace CN field by names vector 2015-07-08 10:06:52 -07:00
Jethro Beekman b46574b635 Add arbitrary X509 extensions by OID string 2015-07-01 00:18:45 -07:00
Jethro Beekman 2fa1344367 Add public generic extension interface to X509Generator 
* Add add_extension and add_extensions functions
* Deprecate set_usage and set_ext_usage
* Change test to use add_extension
 2015-07-01 00:18:45 -07:00
Jethro Beekman 8d1abf5156 Implement "extensions" field in X509generator, and change existing extensions to use that 2015-07-01 00:18:45 -07:00
Jethro Beekman c4e398d397 Turn "dirty hack" into slightly less dirty hack, with potential to become non-dirty 2015-07-01 00:18:44 -07:00
Jethro Beekman 14a2f5c5e9 Move X509 extensions to seperate module, implement ToString instead of custom AsStr 2015-07-01 00:18:44 -07:00
Steven Fackler 8e180371ec Merge pull request #219 from jethrogb/topic/x509req 
Implement limited X509_REQ functionality
 2015-05-29 00:01:21 -04:00
Jethro Beekman ed6f7997a2 Remove superfluous dead_code attribute 2015-05-28 20:47:53 -07:00
Jethro Beekman c1232f3035 Implement limited X509_REQ functionality 2015-05-28 00:22:14 -07:00
Jethro Beekman a0cbcf56cf Clarify which keys are used where 2015-05-27 23:46:02 -07:00
Steven Fackler 1123c7387e Fix SslString Debug impl and drop lifetime 2015-05-17 11:22:42 -07:00
Joseph Glanville e88f1567b4 Add support for reading X509 subject information 2015-05-18 02:41:42 +10:00
Manuel Schölling 7db00b97ba Add X509::public_key() 2015-04-15 22:59:07 +02:00
Manuel Schölling 632d8398cf Add ability to load private keys from files and use raw keys and certificates for SslContext 2015-04-03 14:34:24 +02:00
Alex Crichton 293f1ce5b1 Fixup for beta 
Add derive(Clone) and don't negate unsigned numbers
 2015-04-02 18:14:51 -07:00
Steven Fackler 121a667f9b Remove a bunch of use of core feature 2015-03-30 23:09:15 -07:00
Steven Fackler c101abac6b Remove unsafe_destructor 2015-03-30 21:24:34 -07:00
Steven Fackler 36c90bb205 Fix deprecation warnings 2015-03-25 21:50:21 -07:00
Manuel Schölling 6373b96924 Add X509Generator::sign() 2015-03-21 18:02:29 +01:00
Steven Fackler ac24bc5422 Fix warnings and build issues 2015-03-20 08:33:42 -07:00
Steven Fackler 6991cc6a30 Convert to new IO. 2015-02-24 23:01:57 -08:00
Kevin Butler cb0e1688c8 Update depreciated code 2015-02-20 21:04:01 +00:00
Steven Fackler ec65b0c67b Move docs to this repo and auto build 2015-02-07 21:30:05 -08:00