7c0965e66d
Merge pull request #740 from johnthagen/memcmp
...
Document memcmp module
2017-09-28 23:51:38 -04:00
2c7a19013c
documented and example for ASN1 module
2017-09-28 16:27:00 -07:00
b65540709f
Document nid module
2017-09-28 14:25:39 -04:00
c5aef19d05
Add instructions for adding OpenSSL DLLs to PATH if needed during install
2017-09-28 13:34:49 -04:00
1e3b8183bb
Moved details about function and reworded block requirements
2017-09-28 08:04:10 -07:00
a02b07fe76
WIP ASN.1 documentation
2017-09-28 08:00:23 -07:00
c4b044b6ba
Fix doc test and move external documentation link to rand_bytes function
2017-09-28 10:36:53 -04:00
26fa22fe04
Fix typos
2017-09-28 09:52:46 -04:00
220c707fd9
Document rand module
2017-09-28 09:49:03 -04:00
0f0ab2e425
Hide ec_key module in docs because it is deprecated
2017-09-28 09:28:08 -04:00
f759f8dd4a
Preface with links to conventional AES
2017-09-27 08:46:13 -07:00
ad879ad7de
AES (IGE) encryption documentation
2017-09-26 16:51:37 -07:00
afde5a84b1
AES Module level docs and example
2017-09-26 16:34:06 -07:00
b07b0e7fb7
WIP: document AES
2017-09-25 17:01:08 -07:00
cd558d99e7
Release v0.9.18
2017-09-20 10:21:37 -04:00
dc92a514ef
Properly handle IPs in hostname verification
2017-09-20 10:04:09 -04:00
f0db1dbc95
Merge pull request #695 from Keruspe/master
...
openssl-sys: support libressl 2.6.1
2017-09-17 13:57:18 -07:00
b73548da18
openssl: ecdh_tmp_callback doesn't work with libressl 2.6.1
...
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2017-09-17 19:55:47 +02:00
5091830379
openssl: libressl 2.6.1 dropped suuport for npn
...
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2017-09-17 19:46:05 +02:00
7d41009a9c
Update default client cipher list
2017-09-16 13:10:55 -04:00
9bd64edc08
Fix indentation
2017-09-15 22:31:03 -04:00
68a30c29c9
Set SSL_MODE_RELEASE_BUFFERS by default
...
Closes #696
2017-09-14 19:15:00 -07:00
ca40c2e6a3
Symlink README in place
...
Allows crates.io to render it properly
2017-08-21 04:00:25 -07:00
1a6edc409f
Rename function, removing `get_`
...
Fix per PR comment, should have been like this from the start :).
2017-08-22 07:44:27 +10:00
f599df124b
Add ability to get affine coordinates from EcPoint
...
The initial usecase here is creating JWK representations as defined
within RFC 7517 from an EcKey created via a PEM source.
2017-08-21 15:08:48 +10:00
9143516037
Add SHA384 and SHA512
2017-08-16 21:03:46 -07:00
673bcfaf5a
Add SHA1 an SHA224 hashers
2017-08-16 20:26:16 -07:00
c175ac639d
Release v0.9.17
2017-08-14 17:13:36 -07:00
1d92ff290e
Add a stateful SHA256 hasher
2017-08-14 17:07:44 -07:00
ea6edb133e
Release v0.9.16
2017-08-10 22:17:50 -07:00
4c3b3476f4
Merge pull request #675 from sdemos/master
...
added cms decryption
2017-08-09 14:20:51 -07:00
caf7b8ecbc
added cms decryption
2017-08-09 12:26:45 -07:00
be1b573f6b
Delete DTLS tests
2017-08-08 22:01:58 -07:00
c966583877
Refine sig for set_public_key_affine_coordinates
...
This functions signature was originally defined to require mutable
references for `x` / `y` as the underpinning OpenSSL C API
was not `const`.
However the actual OpenSSL implementation makes no changes. This being
the case we've chosen to reflect non mutability at the Rust level.
2017-08-09 14:20:22 +10:00
16e8fbc31e
Fix EC_KEY_set_public_key_affine_coordinates
...
Previous definition incorrectly used `const` pointers but the
underpinning library definition (unfortunately) does not.
2017-08-09 13:34:08 +10:00
d9e0321851
Set the private key within EcKeyBuilder
...
The initial usecase here is creating EcKey instances from JWK
representations, that hold private keys, as defined within RFC 7517.
2017-08-09 12:44:54 +10:00
cfb4ea31d5
Support for EcKey creation from affine coordinates
...
Sets the public key for an EcKey based on its affine co-ordinates,
i.e. it constructs an EC_POINT object based on the supplied x and y
values and sets the public key to be this EC_POINT.
The initial usecase here is creating EcKey instances from JWK
representations as defined within RFC 7517.
2017-08-09 12:21:54 +10:00
f34af83653
Init in bn_ctx constructor
2017-07-30 13:24:36 -07:00
d1a42598d7
Init in Dh constructors
2017-07-30 13:23:19 -07:00
c2164a4864
Add peer_cert_chain
2017-07-29 10:34:10 -07:00
a132834132
Ignore dtls tests
...
They're way too flaky.
Closes #525
2017-07-29 09:54:04 -07:00
8fa9b58743
Tweak formatting on cipher list
2017-07-26 20:49:24 -07:00
01927c19ac
Initialize OpenSSL in DSA constructor
...
This fixes the double unlock errors that were popping up on circle
2017-07-25 21:59:52 -07:00
bf6dc28f0c
Release v0.9.15
2017-07-19 19:35:28 -07:00
7de1499c65
Fix X509::clone impl
...
Closes #667
2017-07-19 19:23:47 -07:00
9c9a0efafc
Remove unused import
2017-07-16 14:31:27 -07:00
3a7ca9c2ff
Switch over Linux tests to CircleCI
2017-07-16 14:15:09 -07:00
605b8af445
Tell docs.rs to build with all features
2017-07-15 22:08:52 -07:00
374ad206d5
Use foreign-type's Opaque
2017-07-15 21:53:49 -07:00
bcd0dcafcb
Rustfmt
2017-07-15 21:46:11 -07:00
5c2410c38a
Init before creating ex indexes
2017-07-15 18:58:24 -07:00
dbbf446a9e
Fix build
2017-07-15 17:25:02 -07:00
c68db708ee
Don't overwrite the configured verify mode
...
We can leverage the new extra data API to configure the verification
mode up front so users can reconfigure it as they like.
2017-07-15 16:50:36 -07:00
fd52bbe85c
Add an API to install extra data
2017-07-15 16:50:36 -07:00
e3c7a2785c
Move callbacks to a submodule
2017-07-15 16:50:36 -07:00
9290ed97c2
Merge pull request #657 from sfackler/rsa-pkcs1
...
Support PKCS#1 RSA public keys
2017-07-06 14:11:27 -10:00
279bffccf5
Merge pull request #641 from luser/psk
...
Expose PSK via a SslContextBuilder::set_psk_callback method
2017-07-04 18:19:17 -10:00
51a226eb4b
Support PKCS#1 RSA public keys
...
Closes #656
2017-07-04 20:57:00 -07:00
575e682da3
Add PKey::private_key_from_der
2017-06-23 21:04:13 -07:00
223e8e3689
Release v0.9.14
2017-06-14 19:59:45 -07:00
240eb9731f
Properly reexport ConnectConfiguration
2017-06-14 19:54:09 -07:00
d7135c88ac
Fix documentation typo
2017-06-10 18:40:57 -04:00
98d343dd32
Fix for changes in OpenSSL 1.1.0f
2017-06-06 18:45:54 -04:00
4de58596d9
Make some changes for review comments
2017-06-02 08:20:03 -04:00
3028958bf6
Little docs fix
2017-05-29 21:11:49 -07:00
c89af1d5f8
Add a fixme
2017-05-29 18:04:32 -07:00
cba475b9ae
Release v0.9.13
2017-05-29 17:46:07 -07:00
16183f41f6
Expose PSK via a SslContextBuilder::set_psk_callback method
2017-05-26 14:51:04 -04:00
27728f6fd9
Update bitflags 0.8 -> 0.9
2017-05-22 12:44:22 +03:00
4336d1d38c
Release v0.9.12
2017-05-12 11:47:46 -07:00
1fa7397b88
Set LD_LIBRARY_PATH when using custom build
2017-05-06 18:50:44 -07:00
67b5fd1c97
Support public key decode from DER
...
Closes #629
2017-05-06 16:40:33 -07:00
0efef98848
Add a note to rename variant
2017-05-06 16:35:55 -07:00
dd3896fdc5
Clarify use of ssl::HandshakeError::Interrupted
2017-05-03 12:03:18 -07:00
7e8a0a0dad
Expose the lower level SHA functions
...
These don't allocate so they're both infallible and significantly
faster.
2017-04-14 23:03:17 -07:00
429f7c869e
Release v0.9.11
2017-04-14 16:56:21 -07:00
fd6a1f70bd
Merge pull request #616 from sfackler/no-alloc
...
Don't force allocation for message digests
2017-04-13 19:37:11 -07:00
4cf9f6c4c0
Don't force allocation for message digests
2017-04-13 19:02:31 -07:00
b21046375a
(issues-600) Avoid compiling ec2m code against no-ec2m openssl
...
This commit avoids defining code that leads to undefined references when
compiling against an openssl built with no-ec2m.
2017-04-11 15:42:05 -07:00
e6a6ebb87d
Add new EC/PKEY methods to permit deriving shared secrets.
2017-04-10 15:40:36 -04:00
fc1bcecfc1
Don't exclude test data from package
...
Closes #612
2017-04-04 09:06:32 -07:00
af25627fdf
bump bitflags to 0.8
2017-04-03 23:04:23 +02:00
42ad50ae67
Release v0.9.10
2017-03-26 10:49:04 -07:00
ba2460d38d
Merge pull request #606 from cjcole/master
...
Fix order of arguments to BN_rand_range and BN_pseudo_rand_range
2017-03-26 05:01:29 +01:00
c8d1698f27
Logic to support client-side session reuse
2017-03-25 19:30:01 -07:00
d239e04c70
Fix order of arguments to BN_rand_range and BN_pseudo_rand_range
2017-03-25 12:29:18 -04:00
bf63f35dfb
Release v0.9.9
2017-03-14 12:55:36 -07:00
06b10a5753
Release v0.9.8
2017-03-09 20:33:17 +11:00
efe96396ad
Merge pull request #592 from Byron/master
...
Fix for len() == isize::max() for stacks that are unallocated
2017-03-09 20:28:42 +11:00
463db85110
Don't allow Stacks to be allocated with a null-ptr
...
The latter must be seen as undefined behaviour, as it will cause
the `sk_num` function to return -1 to indicate the error, which
causes all kinds of issues.
Thus there now is a panic to abort the program if stacks are initialized
with a null-ptr, and special handling of that case when decoding
a Pkcs file.
2017-03-07 07:39:25 +01:00
97536a9b82
Merge pull request #585 from bluejekyll/master
...
some helpful documentation and example on set_subject_name()
2017-03-07 13:19:52 +11:00
ec2685347c
Fix for empty stacks
...
The culprit is that `sk_num(stack)` can return -1
as c_int if there is no stack allocated.
Previously, thanks to unsafe casts, this would result in
a isize::max() for len() and iteration size if there was no stack.
Now this case is handled specifically, which fixes the issue.
2017-03-06 10:14:39 +01:00
f92ac2477b
Add test to run into issue with stack.len()
2017-03-06 09:59:00 +01:00
bf21ff5f80
Fix Shr trait impl for BigNum: was using shl
2017-03-01 11:24:11 -05:00
b431896057
mention the common fields
2017-02-22 22:05:39 -08:00
81362a4e79
scrypt support
...
Closes #586
2017-02-21 21:15:52 -08:00
9b24698aee
some helpful documentation and example.
2017-02-20 14:48:49 -08:00
268288337b
Expose more error information
2017-02-19 16:05:58 -08:00
618cc70d19
Add a fixme to drop const prefixes
2017-02-19 14:24:05 -08:00
710a30bb40
Tweaks
2017-02-18 21:58:38 -08:00
88740c1374
add Ok to result
2017-02-16 19:59:02 -08:00
323a646383
only forget in non-error condition
2017-02-16 19:50:58 -08:00
eef5b5d2ac
review fixes: reorder forget()
2017-02-16 19:49:14 -08:00
d080c10910
fix cfg options for v102 and v110
2017-02-16 19:49:14 -08:00
f8298882a4
add set_verify_cert_store() to ssl ctx
2017-02-16 19:49:14 -08:00
19f3b8a11a
Support PKCS#8 private key deserialization
...
Closes #581
2017-02-14 19:37:25 -08:00
06065ddcee
Release v0.9.7
2017-02-11 14:34:37 -08:00
129a3cff08
Update deprecation version
2017-02-11 10:27:09 -08:00
89cd1d3ea7
Use published foreign_types
2017-02-11 10:16:14 -08:00
16d5632983
Remove X509Req setters
2017-02-11 10:14:16 -08:00
f2c69ae7e9
Merge remote-tracking branch 'origin/master' into x509-builder
2017-02-11 10:13:00 -08:00
5ad4af70ae
Re-add reexport
2017-02-11 09:17:39 -08:00
1c25336520
Merge branch 'master' into x509_req_version_subject
2017-02-11 09:11:25 -08:00
03fe3015dc
X509 signature algorithm access
2017-02-10 21:37:33 -08:00
8e5735d84c
X509 signature access
2017-02-10 19:59:11 -08:00
a1d7956f82
Add Asn1BitString
2017-02-10 19:38:51 -08:00
8ae424235e
Make it compile again.
...
Make self mut in set_subject_name.
Add assert to prevent a null pointer in subject_name.
2017-02-07 21:49:07 +01:00
30a634c877
Merge branch 'master' into x509_req_version_subject
2017-02-07 20:41:27 +01:00
12ae31ad47
Switch to foreign_types
2017-02-03 23:03:35 -08:00
4900d3fe5d
Fixed constant names from openssl/rsa.h
...
Fixed PKeyCtxRef method that didn't need to be mutable.
Added non-mutable accessors for PKeyCtxRef for Signer and Verifier.
2017-01-31 11:59:59 -08:00
302ee77d32
Adding suggestions from review.
2017-01-30 16:51:10 -08:00
72a10f3e65
Fixing typo
2017-01-30 15:04:44 -08:00
ef61b814ff
Small amount of docs.
2017-01-30 15:04:44 -08:00
e1fc5b2b7e
Simplify protocol based on the semantics defined by openssl.
2017-01-30 15:04:44 -08:00
20eed1e762
Simplify code, so that openssl-sys really doesn't contain anything aside
...
from bindings
2017-01-30 15:04:44 -08:00
588fd33552
Testing first version that works with signer.
2017-01-30 15:04:44 -08:00
f5149eac5a
Add setters to new getter-functions in X509ReqRef
2017-01-27 20:55:40 +01:00
6a8f6f425f
Style changes according to review
2017-01-27 19:13:36 +01:00
557b936e27
Added X509ReqRef.subject_name and X509ReqRef.version
2017-01-26 21:05:33 +01:00
15b1b348b2
Pkcs12Builder tweaks
2017-01-25 11:37:26 +00:00
591022a7fa
fix multi-version compat
2017-01-23 22:12:11 -08:00
225552b823
Merge branch 'master' of github.com:sfackler/rust-openssl
2017-01-22 22:24:45 -08:00
fbfecd63ae
add some documentation
2017-01-22 22:23:21 -08:00
52c7868bb6
add pkcs12_create and to_der funcs
2017-01-22 21:27:31 -08:00
722bdb6a4c
Merge pull request #550 from Keruspe/master
...
LibreSSL support improvements
2017-01-22 18:39:34 +00:00
54900976bb
Support EC_GROUP_set_asn1_flag
...
Closes #561
2017-01-22 10:44:59 +00:00
1ffdf8a1ab
Fix test warnings
2017-01-21 14:43:43 +00:00
26e159a5f0
Support chacha20 and chacha20_poly1305
2017-01-21 11:12:02 +00:00
d353b36681
Support AES IGE
...
This is a special snowflake used only by Telegram apparently.
Closes #523
2017-01-21 09:41:13 +00:00
a1122197f8
Add categories
...
Closes #557
2017-01-20 16:35:43 +00:00
920ab0d6fb
OCSP functionality
2017-01-14 21:09:38 -08:00
9942643ab6
Release v0.9.6
2017-01-09 20:52:20 -08:00
1fbe8f8d71
Fix typo
2017-01-08 11:04:47 -08:00
1942977408
Add methods to construct SslAcceptorBuilder without key and cert
...
This will allow, in particular, initialization directly from files
rather than having to load and parse them manually.
2017-01-08 10:57:04 -08:00
0978f87095
libressl: make set_ecdh_auto available
...
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2017-01-05 20:47:01 +01:00
404e0341d8
Provide master key access
2017-01-04 22:01:30 -08:00
a2c118bf82
Add basic session tests
2017-01-04 21:18:13 -08:00
0b1bfee46d
session is nullable
2017-01-04 21:15:09 -08:00
5d53405597
Provide access to the session ID
2017-01-04 21:11:06 -08:00
88a7032f4b
Types and accessor for SslSession
2017-01-04 20:59:46 -08:00
cdf388e3f4
Release v0.9.5
2017-01-03 16:09:24 -08:00
dbd6134fd6
Clean up EcKey example a bit
2017-01-03 15:33:45 -08:00
0897c196e1
Merge pull request #547 from sfackler/x509-stack
...
Add X509::stack_from_pem
2017-01-03 15:31:03 -08:00
da817c952d
Merge pull request #541 from bluejekyll/master
...
add EcKey creation from EcPoint, public_key
2017-01-03 15:27:14 -08:00
6291407b17
Add X509::stack_from_pem
...
Implementation is a clone of SSL_CTX_use_certificate_chain_file
2017-01-03 14:56:00 -08:00
e2f1569500
Tweak layout a little bit
2017-01-03 12:35:52 -08:00
1767cd5464
Pointer from PKey docs to sign module.
...
Could even add a link, but I don't know how.
Someone who wants to use OpenSSL to compute an HMAC won't find a "hmac" module and won't find HMACs in the "hash" module. Unless the person knows that HMACs are used to "sign" messages (the usual term in this context would be "authenticate"), they will probably use the search function and look for "hmac", then they'll find this method. So it's helpful to include a pointer to the right API to use. Without such a pointer, the API user is left with a seemingly useless Pkey instance.
Similar pointers could be helpful from the other creator methods in this file. And/or from the top-level documentation or the hash documentation towards the sign module. Another idea would be a trivial `hmac` module with a few helper functions that internally just use Pkey. If many users who just want a simple HMAC value can use that API, there are fewer dependencies on `Pkey` and `sign`, which is probably a good thing.
2017-01-03 14:48:46 +01:00
cfb2539ed4
Typo
2017-01-02 09:37:31 -08:00
0483ea767c
Little cleanup
2017-01-01 11:05:54 -08:00
0e0bee50a5
Clean up bio
2017-01-01 10:18:43 -08:00
7e75c76bb4
Stick tag description on the right function
2017-01-01 10:13:34 -08:00
cdabc1b3e3
Fix docs
2017-01-01 10:07:32 -08:00
85a6e8acca
Fix doc reference
2017-01-01 09:53:08 -08:00
444c00955a
add EcKey creation from EcPoint, public_key
2016-12-31 10:40:56 -08:00
5c49b58a88
Indicate that memcmp::eq should be used for HMACs
2016-12-31 09:44:57 -08:00
762510a5fa
Release v0.9.4
2016-12-23 13:38:52 -05:00
7e035a7fd1
Merge pull request #538 from semarie/libressl
...
Add LibreSSL support
2016-12-22 11:59:19 -05:00
a70e27ae64
Add Travis build against LibreSSL
2016-12-21 09:27:21 +01:00
b3526cbd2b
Add LibreSSL 2.5.0 support
2016-12-21 09:27:12 +01:00
8e01f8d250
Handle zero-length reads/writes
...
This commit adds some short-circuits for zero-length reads/writes to
`SslStream`. Because OpenSSL returns 0 on error, then we could mistakenly
confuse a 0-length success as an actual error, so we avoid writing or reading 0
bytes by returning quickly with a success.
2016-12-20 15:52:18 -08:00
791f2c8f4d
Release v0.9.3
2016-12-09 21:54:06 -08:00
26cefe7d97
Switch to docs.rs for docs
2016-12-09 21:52:43 -08:00
152d788998
Fix ErrorStack display
2016-12-09 21:32:41 -08:00
5340895249
Add Blowfish tests
2016-12-09 21:31:26 +00:00
0850f605b1
Use EVP_bf_cfb64 instead of EVP_bf_cfb
2016-12-09 18:42:10 +00:00
0081665339
Add Blowfish support
2016-12-09 17:06:15 +00:00
0602712bf4
Release v0.9.2
2016-11-27 22:23:32 -08:00
146512099b
Implement Clone for SslConnector and SslAcceptor
2016-11-27 21:35:35 -08:00
234f126d7d
Cleanup
2016-11-27 21:00:59 -08:00
8b60d4a3c2
Return Option from group
2016-11-16 15:45:15 -08:00
e58dda8990
Remove EcGroup constructors
...
You also need a generator and possibly other stuff. Let's hold off on
construction until someone has a concrete requirement for them.
2016-11-16 13:53:03 +01:00
7515510125
Test elliptic curve signatures
2016-11-15 22:06:20 +01:00
ec0fa36714
Add a test for mul_generator
2016-11-15 21:24:34 +01:00
b914f779e8
Turns out yet another variant of EC_POINT_mul is allowed!
2016-11-15 21:20:06 +01:00
6794a45d60
Rename ec_key to ec
2016-11-14 22:37:01 +01:00
90acfaea51
Split EcKey::mul
2016-11-14 22:08:04 +01:00
e929e09216
Add EcPoint::invert
2016-11-14 22:02:47 +01:00
4c60aa005d
Fix non-static EcGroup method locations
2016-11-14 19:20:08 +01:00
82eb3c4f51
Add EcKey::check_key
2016-11-13 22:10:52 +00:00
35f11d555e
More functionality
2016-11-13 22:06:18 +00:00
1a52649516
More functionality
2016-11-13 20:46:01 +00:00
3d31539ba9
Public keys are not always present
2016-11-13 20:31:44 +00:00
0d0b5080e2
Rename new_by_curve_name to from_curve_name
2016-11-13 20:21:44 +00:00
b2de36049a
Add Some more elliptic curve functionality
2016-11-13 20:19:38 +00:00
7dbef567e6
Remove some stray manual impls
2016-11-13 18:00:42 +00:00
ccef9e339d
Macroise from_pem
2016-11-13 17:56:48 +00:00
df9666c334
Macroise to_pem
2016-11-13 17:42:45 +00:00
48c0009418
Macroise from_der
2016-11-13 17:06:50 +00:00
b0415f466c
Macroise to_der
2016-11-13 16:52:19 +00:00
ed9f600e28
Make password callback return a Result
2016-11-13 16:18:52 +00:00
387e78257b
Support serialization of encrypted private keys
...
Switch to PEM_write_bio_PKCS8PrivateKey since the other function outputs
nonstandard PEM when encrypting.
2016-11-13 16:09:52 +00:00
7d411c7975
Add private_key_from_pem_passphrase
2016-11-13 15:27:39 +00:00
2a8923c050
Macro-implement private_key_to_pem
2016-11-13 15:12:50 +00:00
08e0c4ca90
Some serialization support for EcKey
2016-11-13 15:02:38 +00:00
85c1474ce6
No need to use a raw string anymore
2016-11-13 12:19:31 +00:00
64e9932ac9
Use ffdhe2048 in mozilla_intermediate
2016-11-12 17:52:58 +00:00
2f8301fc63
Be a bit more emphatic about the danger
2016-11-12 16:51:26 +00:00
6b3599d319
Add a connect method that does not perform hostname verification
...
The method name is intentionally painful to type to discourage its use
2016-11-12 16:45:18 +00:00
7cdb58bc47
Simplify test logic a bit
2016-11-12 14:42:48 +00:00
157034d995
Add a missing init
2016-11-12 14:30:53 +00:00
796d7b4deb
Add constructors for various standard primes
2016-11-12 14:20:43 +00:00
96d24c8957
Add SslRef::set_{tmp_dh,tmp_ecdh,ecdh_auto}
2016-11-12 13:45:54 +00:00
2a1d7b2bcb
Pick different cipher lists on 1.0.1 and 1.0.2
2016-11-12 13:36:03 +00:00
93253ba599
Adjust cipher lists to work on older versions
2016-11-12 13:09:12 +00:00
780c46e0e7
Add SslRef::set_tmp_{ec,}dh_calback
2016-11-12 12:56:58 +00:00
563754fb08
Add SslContextBuilder::set_tmp_{ec,}dh_callback
2016-11-12 12:43:44 +00:00
b14d68f715
Drop bits to u32
2016-11-12 11:14:05 +00:00
9b5c62b053
Add PKey::bits
2016-11-12 11:00:15 +00:00
26a3358a2b
Add basic X509_STORE access
...
There's more to do here, but this enabled addition of trusted CAs from
X509 objects.
Closes #394
2016-11-12 00:24:12 +00:00
6b7279eb52
Consistently support both PEM and DER encodings
...
Closes #500
2016-11-11 20:10:10 +00:00
15490a43e3
Add EcKey <-> PKey conversions
...
Closes #499
2016-11-11 19:17:38 +00:00
32cbed0782
PKey <-> DH conversions
...
Closes #498
2016-11-11 19:04:54 +00:00
609a09ebb9
Add PKey::dsa
...
Closes #501
2016-11-11 18:52:37 +00:00
0d2d4865e5
Release v0.9.1
2016-11-11 16:45:22 +00:00
898e7f02df
Fix EOF detection
...
See https://github.com/openssl/openssl/issues/1903 for details
2016-11-11 15:10:30 +00:00
a42c6e8713
Drop rustc-serialize dependency
2016-11-09 20:35:23 +00:00
7c8ae5f664
Better docs for AEAD tag
2016-11-09 18:54:29 +00:00
aa7c27536a
Make sure to override SslContext verify callback always
...
The 1.0.1 code has to override this to setup hostname validation, and
don't want behavior to silently change depending on the OpenSSL version
you're building against.
2016-11-08 22:38:48 +00:00
913723997b
Add convenience functions for AEAD encryption/decryption
2016-11-08 22:35:16 +00:00
203a02c3e6
Actually support AES GCM
...
This is an AEAD cipher, so we need some extra functionality. As another
bonus, we no longer panic if provided an IV with a different length than
the cipher's default.
2016-11-08 20:35:21 +00:00
b3b7194e82
Docs
2016-11-08 19:10:56 +00:00
97872500a3
Deprecate X509Generator
2016-11-07 21:48:40 +00:00
c0e02e7e51
Use X509Builder in X509Generator
2016-11-07 21:15:36 +00:00
18c5d1f771
Add init calls to new constructors
2016-11-07 20:50:57 +00:00
d78acc729b
Add an X509ReqBuilder
2016-11-07 20:42:43 +00:00
597d05b8f8
Add stack creation and push
2016-11-06 23:46:42 -08:00
8f7df7b205
Add SubjectAlternativeName
2016-11-06 23:19:58 -08:00
d17c3355ab
More extension progress
2016-11-06 22:52:53 -08:00
5f18ffa4b3
Start of extension support
2016-11-06 21:58:43 -08:00
1939e6fd78
Add conf module
2016-11-06 14:49:26 -08:00
b83edbad0d
Start on an X509Builder
2016-11-06 14:07:34 -08:00
1edb6f682e
Support client CA advertisement
2016-11-06 12:17:14 -08:00
a4e0581e4f
Fix build on 1.0.1
2016-11-06 11:57:50 -08:00
bcb7b3f5dc
Add accessors for cert and private key
...
Closes #340
2016-11-06 10:46:38 -08:00
72ac2a0105
Release v0.9.0
2016-11-05 20:05:50 -07:00
79e2004eef
Fixes
2016-11-05 19:28:17 -07:00
8ad1e5565b
Remove set_rsa
...
PKey is reference counted so allowing mutation is unsound
2016-11-05 18:49:09 -07:00
96a5ccfc6b
Implement Pkcs12 via type_!
2016-11-05 18:46:34 -07:00
4e2ffe5b9b
Re-adjust BigNum API
2016-11-05 17:35:31 -07:00
8037258913
Return a Stack in Pkcs12
2016-11-05 13:57:05 -07:00
ed69d6b037
Add Stack::pop
2016-11-05 13:40:53 -07:00
52feaae59f
More cleanup
2016-11-05 13:15:14 -07:00
ac36d542fd
Simplify destructor a bit
2016-11-05 13:10:50 -07:00
398ab2fbc4
Add a consuming iterator for Stacks
2016-11-05 13:01:54 -07:00
f15c817c2d
Rustfmt
2016-11-05 10:54:17 -07:00
71a114707f
Remove unused dependency
2016-11-05 10:38:12 -07:00
99b41a0050
Rename accessors
2016-11-05 10:15:40 -07:00
91fd58b4c2
More buildscript tweaks
2016-11-04 21:10:49 -07:00
9198bcda3a
Improve buildscript logic
2016-11-04 21:08:34 -07:00
01ae978db0
Get rid of Ref
...
There's unfortunately a rustdoc bug that causes all methods implemented
for any Ref<T> to be inlined in the deref methods section :(
2016-11-04 17:16:59 -07:00
25443d7b48
Make utility functions private
2016-11-04 12:15:05 -07:00
6fe7dd3024
Remove an enum
2016-11-03 22:45:54 -07:00
772a506294
Clean up some bignum APIs
2016-11-03 21:06:23 -07:00
e87b75fa03
Rename BnCtx
2016-11-03 20:54:08 -07:00
62a9f89fce
Avoid lhash weirdness
2016-11-03 20:38:51 -07:00
aa0040125b
Use built in DH parameters when available
...
Fall back to a hardcoded PEM blob on 1.0.1, but serialized from
DH_get_2048_256.
2016-11-01 22:50:22 -07:00
176348630a
Don't clear BigNums in destructor
...
Instead add a clear method.
2016-11-01 21:59:07 -07:00
888b8b696c
Fix docs
2016-11-01 21:42:39 -07:00
e67733cc4e
Cleanup X509StoreContext::chain
2016-11-01 19:45:38 -07:00
d5a9a239f6
More minor cleanup
2016-11-01 19:36:08 -07:00
c776534ad4
Clean up stack
2016-11-01 19:25:40 -07:00
79c51d5e51
Clean up stack destructor
2016-11-01 19:12:38 -07:00
77b76ed8a8
Merge pull request #506 from simias/stack
...
Implemented a generic Stack API and use it to deal with StackOf(X509) and StackOf(GENERAL_NAME)
2016-11-01 18:59:35 -07:00
8d0090faec
Implement X509StoreContextRef::get_chain
2016-11-01 21:23:18 +01:00
36bf0bb387
Replace GeneralNames by the new Stack API
2016-11-01 21:23:18 +01:00
3bdefa987a
Implement a generic Stack API to deal with OpenSSL stacks
2016-11-01 21:23:13 +01:00
9ea27c12b9
Add method to encode a public key as a DER blob
2016-11-01 17:34:21 +01:00
43911db26c
Avoid extra allocations in Asn1Time Display impl
2016-10-31 23:09:07 -07:00
dd4836cdf6
Fix 1.1.0 build
2016-10-31 23:06:27 -07:00
f71395c600
Little cfg cleanup
2016-10-31 22:45:51 -07:00
dc4098bdd8
Clean up x509 name entries
2016-10-31 22:43:05 -07:00
ab30ad0ce7
Documentation
2016-10-31 21:00:26 -07:00
96a77cf5a8
Remove Opaque
2016-10-31 20:56:51 -07:00
cd7fa9fca2
Update x509
2016-10-31 20:54:34 -07:00
ff12d37aef
Update ssl
2016-10-31 20:32:55 -07:00
16e398e005
Update verify
2016-10-31 20:19:59 -07:00
e9d78181c3
Update Rsa
2016-10-31 20:15:12 -07:00
f640613863
Update PKey
2016-10-31 20:12:55 -07:00
d6579ab058
Update EcKey
2016-10-31 20:06:06 -07:00
fe5fb75d45
Update Dsa
2016-10-31 20:04:55 -07:00
28f375974a
Convert Dh
2016-10-31 20:02:24 -07:00
849fca4a7b
Convert Asn1Time
2016-10-31 20:02:24 -07:00
3363046c34
Update bignum
2016-10-31 20:02:24 -07:00
927c3e924c
Add a generic Ref type
2016-10-31 20:02:24 -07:00
006da59285
Return an SslRef
2016-10-30 22:42:32 -07:00
558124b755
Expose SSL_MODEs
2016-10-30 22:02:26 -07:00
e0211dac30
Rename set_CA_file
2016-10-30 21:39:26 -07:00
5b0fc9a185
Impl Sync and Send for SslContextBuilder
2016-10-30 20:34:35 -07:00
add8e4023e
Rename connectors
2016-10-30 19:39:18 -07:00
997e92e052
Merge ssl option setup
...
The client will ignore server-side options so we may as well stick them
all in the same spot.
2016-10-30 18:49:29 -07:00
bd457dba18
Move HandshakeError to submodule
2016-10-30 17:23:03 -07:00
287f6df6c6
Remove DsaParams
2016-10-30 17:04:55 -07:00
610403a562
Add RsaRef
2016-10-30 17:00:54 -07:00
c3b6eff191
Add DsaRef
2016-10-30 16:44:21 -07:00
f75f82e466
Rustfmt
2016-10-30 16:37:45 -07:00
7869651407
Remove out of date comment
2016-10-30 16:34:50 -07:00
9abbf6f80e
Use Python's cipher list on the client side.
2016-10-30 16:29:33 -07:00
d1179f1ad2
Update docs
2016-10-30 15:14:29 -07:00
52f288e090
Add a mozilla modern profile
2016-10-30 14:57:22 -07:00
7d13176cd1
Rename nwe to mozilla_intermediate
2016-10-30 14:34:05 -07:00
43b430e5b0
Pass SslMethod into constructors
2016-10-30 14:26:28 -07:00
ee79db61c2
Enable single ECDH use
2016-10-30 13:41:24 -07:00
677718f8da
Configure ECDH parameters in connector
2016-10-30 13:38:09 -07:00
8c58ecc2fa
Implement EcKey
...
cc #499
2016-10-30 13:17:20 -07:00
eb735f519a
Clean up generics a bit
2016-10-30 11:05:29 -07:00
23fe1e85e9
Pull Curl's CA list for Windows tests
2016-10-29 18:17:46 -07:00
761dd780c1
Add module level docs
2016-10-29 18:04:38 -07:00
c89f2c0be0
Use PKeyRef in X509Generator
2016-10-29 16:37:56 -07:00
c2b38d8bb3
Move docs
2016-10-29 15:02:36 -07:00
85169e5a61
Fix reexport
2016-10-29 15:02:07 -07:00
e72533c058
Docs for connectors
2016-10-29 15:00:46 -07:00
57d10ebbc3
Add PKeyRef
2016-10-29 14:19:09 -07:00
4c7a5a418e
Implement client and server connectors
2016-10-29 14:02:26 -07:00
1a288da86c
Make verification unconditionally exposed internally
2016-10-28 22:14:44 -07:00
c0cf4ab1c2
Remove private field in ParsedPkcs12
...
The function definition is fixed - nothing else is going to be coming
out of a PKCS#12 archive
2016-10-27 20:33:38 -07:00
dafb46fc51
Camel case DH
2016-10-27 20:26:18 -07:00
8604668a18
Make padding types consts
2016-10-27 19:56:52 -07:00
781417d50f
Add a macro definition
2016-10-27 19:12:55 -07:00
8e129af256
Fix description
2016-10-26 22:15:41 -07:00
63b1ec1a12
Stop returning an Option from cipher description
2016-10-26 22:13:10 -07:00
2234899e59
Fix drop signature
2016-10-26 22:00:33 -07:00
548c8b5fba
Remove macros module
2016-10-26 21:55:13 -07:00
654f0941e1
Don't double-allocate strings
2016-10-26 21:42:09 -07:00
4f59d57675
Move SslString to a shared location
2016-10-26 21:28:00 -07:00
ebc4c56c34
Add SslMethod::from_ptr
2016-10-26 20:43:43 -07:00
f4b7006771
Don't allow mutation of SslContexts
...
SslContext is reference counted and the various setter methods don't
take out locks where necessary. Fix this by adding a builder for the
context.
2016-10-25 23:12:56 -07:00
bea53bb39b
Support AES GCM
...
Closes #326
2016-10-25 20:59:33 -07:00
39279455c8
Add a shutdown method
2016-10-25 20:40:18 -07:00
eb655bddbc
Fix ordering
2016-10-25 20:01:28 -07:00
938fdd7137
Add into_error
2016-10-23 21:54:49 -07:00
ca71e00878
Fix Send + Sync-ness of SslStream
2016-10-23 20:55:31 -07:00
04fc853ee3
Remove NIDs only defined in 1.0.2+
2016-10-23 09:16:20 -07:00
d39a2cedad
Fix tests
2016-10-22 16:01:26 -07:00
787cad3c82
Use constants rather than constructors for Nid
2016-10-22 15:58:06 -07:00
3c50c74444
Camel case Rsa
2016-10-22 10:21:16 -07:00
b619c4e885
Camel case Dsa
2016-10-22 10:16:49 -07:00
2fd201d9c3
De-enumify Nid
2016-10-22 10:08:32 -07:00
ae72cbd28b
Fix hasher docs
2016-10-22 09:17:41 -07:00
98b7f2f935
Flatten crypto module
2016-10-22 09:16:38 -07:00
58f6d1138a
Properly propagate panics
2016-10-21 21:52:02 -07:00
9be0aab9ac
Borrow compression string
2016-10-21 21:46:32 -07:00
f1c68e3544
Rename SslContextOptions
2016-10-21 21:22:05 -07:00
8ec53eb0e1
Fix X509StoreContext
2016-10-21 20:59:07 -07:00
6f1a3f2834
Update BigNumRef
2016-10-21 20:26:53 -07:00
02b4385c5d
Convert X509VerifyParamRef
2016-10-21 19:58:06 -07:00
f0cde38929
Borrowed servername
2016-10-21 19:54:30 -07:00
fcb86b8394
Convert SslCipherRef
2016-10-21 19:45:46 -07:00
2bbeddd14a
Convert SslRef
2016-10-21 19:33:56 -07:00
fe98a90719
Convert SslContextRef
2016-10-21 19:15:09 -07:00
b7017a7eec
Update Asn1TimeRef
2016-10-21 17:13:30 -07:00
23fc6c828b
Convert X509Ref
2016-10-21 17:01:13 -07:00
b3eb8d516c
Switch X509Name over to new borrow setup
...
The use of actual references enables us to be correct with respect to
mutability without needing two structs for the mutable and immutable
cases and more deref impls.
2016-10-20 22:51:10 -07:00
bd0c0c60bd
Store a MidHandshakeSslStream in fatal errors
...
This in particular allows the X509 verification error to be retrieved,
as well as the stream itself.
2016-10-20 20:57:53 -07:00
8f3511c0cd
Redo SslStream construction
...
SslStream is now constructed via methods on Ssl. You realistically want
to create an Ssl for SNI and hostname verification so making it harder
to construct a stream directly from an SslContext is a good thing.
2016-10-20 19:59:09 -07:00
5ab037f056
Allow the X509 verify error to be read from an SslRef
2016-10-18 22:21:06 -07:00
cfd5192a7d
De-enumify X509ValidationError
...
Also make it an Error.
Closes #352 .
2016-10-18 22:10:37 -07:00
080050e10d
Drop lifetime on GeneralNames
2016-10-18 21:52:49 -07:00
c4459c37d9
Callback cleanup
2016-10-18 21:13:13 -07:00
f7e6d7fce6
Don't ignore errors in NPN/ALPN logic
...
Closes #479
2016-10-18 21:12:55 -07:00
194298a057
Implement new feature setup
...
The basic idea here is that there is a feature for each supported
OpenSSL version. Enabling multiple features represents support for
multiple OpenSSL versions, but it's then up to you to check which
version you link against (probably by depending on openssl-sys and
making a build script similar to what openssl does).
2016-10-17 21:57:54 -07:00
a938a001a7
Fix missing import
2016-10-16 23:26:38 -07:00
b7400d56e8
Fix algorithm field
2016-10-16 23:22:00 -07:00
68954cfc51
Finish BN overhaul
2016-10-16 23:13:00 -07:00
7ec015325b
Finish error overhaul
2016-10-16 21:07:17 -07:00
78daed2d58
ssl error handling cleanup
2016-10-16 20:14:04 -07:00
89a366d9f7
Finish crypto error cleanup
2016-10-16 19:24:04 -07:00
19440c2981
More error cleanup
...
Also allocation free RSA
2016-10-16 19:06:02 -07:00
73ccfe7a29
Continue error handling cleanup
...
Also overhaul/clean up pkcs5 internals
2016-10-16 16:42:56 -07:00
8f89f0bfa9
Start on error + BN refactor
2016-10-16 15:54:09 -07:00
6ea551dc82
Fix set_read_ahead signature
2016-10-15 16:53:10 -07:00
4ba5292a0a
De-enumify Padding
2016-10-15 16:19:19 -07:00
ee18988584
De-enumify SslMethod
2016-10-15 16:10:03 -07:00
1cecaeb62d
De-enumify Cipher
2016-10-15 15:47:40 -07:00
c171be551a
De-enumify message digests
2016-10-15 15:23:29 -07:00
6609a81685
Migrate DSA sign/verify to EVP APIs
2016-10-15 15:02:02 -07:00
228b8fbc5b
Correctly bind BIO_new_mem_buf
2016-10-15 13:39:47 -07:00
4ed81d6426
Fix EVP_DigestVerifyFinal version support
2016-10-15 13:12:37 -07:00
2ff82649b5
Add examples to crypto::sign
2016-10-15 12:50:03 -07:00
ea8cbbe9dc
Fix typo
2016-10-15 12:31:30 -07:00
4d567358a1
Distinguish between verification errors and "other" errors.
2016-10-15 12:31:06 -07:00
bb23b33829
Fix signature of EVP_DigestVerifyFinal on 1.0.1
2016-10-15 12:24:20 -07:00
6ae472487f
Support HMAC PKeys and remove hmac module
2016-10-15 11:06:11 -07:00
cce1d44f28
Remove old RSA sign and verify methods
2016-10-15 10:43:19 -07:00
f73313d688
Signature and verification support
2016-10-15 10:36:59 -07:00
64b8e5e553
Merge pull request #471 from sfackler/no-comp
...
Handle OPENSSL_NO_COMP
2016-10-14 23:09:11 -07:00
e1d1006fad
Check feature compatibility in build script
2016-10-14 23:03:44 -07:00
984b9a0cc7
Don't run test on ARM
...
They're very segfaulty, but it's almost certainly due to the QEMU layer.
We really just want to make sure things compile.
2016-10-14 22:28:24 -07:00
7ac0599638
Fix test_alpn_server_select_none
...
In OpenSSL 1.1, a failure to negotiate a protocol is a fatal error, so
fork that test. This also popped up an issue where we assumed all errors
had library, function, and reason strings which is not necessarily the
case.
While we're in here, adjust the Display impl to match what OpenSSL
prints out.
Closes #465
2016-10-14 22:01:21 -07:00
f520aa2860
Handle OPENSSL_NO_COMP
...
Closes #459
2016-10-14 20:50:45 -07:00
d976b8f595
Enable hostname verification on 1.0.2
2016-10-14 18:56:15 -07:00
af51b263b1
Support hostname verification
...
Closes #206
2016-10-14 17:39:31 -07:00
ae282a78e2
Remove link_name usage
2016-10-14 16:15:50 -07:00
0908fddc74
Ignore DTLS tests on Windows/ARM for now
...
cc #467
2016-10-14 11:15:22 -07:00
f44cff29e6
Cleanup
2016-10-13 22:34:39 -07:00
3d535f661f
Use stdlib logic for udp
2016-10-13 20:15:26 -07:00
a09f46266d
Fix windows for real
2016-10-13 20:09:43 -07:00
5b29fc9d69
Disable npn tests on < 1.0.2
...
s_client doesn't seem to support the required flag before then.
2016-10-13 20:03:02 -07:00
140ef1b988
Fix tests on windows
2016-10-13 20:01:31 -07:00
143556078b
Reenable dtls tests
2016-10-13 19:48:30 -07:00
edfc50f37d
Clean up features
2016-10-13 19:46:13 -07:00
1883590c61
Correct feature selection in tests
2016-10-13 19:21:12 -07:00
b610e01793
Flag off dtls and mask ssl_ops
...
Also un-feature gate npn as it ships with 1.0.1
2016-10-13 19:06:53 -07:00
ce4d233d38
Tweak some comments in Cargo.toml
2016-10-12 22:53:03 -07:00
715b700aff
Ignore a test on OpenSSL 1.1.0
2016-10-12 22:51:47 -07:00
af3e06d3e8
Add remaining SSL_OP constants
2016-10-12 22:50:08 -07:00
43c951f743
Add support for OpenSSL 1.1.0
...
This commit is relatively major refactoring of the `openssl-sys` crate as well
as the `openssl` crate itself. The end goal here was to support OpenSSL 1.1.0,
and lots of other various tweaks happened along the way. The major new features
are:
* OpenSSL 1.1.0 is supported
* OpenSSL 0.9.8 is no longer supported (aka all OSX users by default)
* All FFI bindings are verified with the `ctest` crate (same way as the `libc`
crate)
* CI matrixes are vastly expanded to include 32/64 of all platforms, more
OpenSSL version coverage, as well as ARM coverage on Linux
* The `c_helpers` module is completely removed along with the `gcc` dependency.
* The `openssl-sys` build script was completely rewritten
* Now uses `OPENSSL_DIR` to find the installation, not include/lib env vars.
* Better error messages for mismatched versions.
* Better error messages for failing to find OpenSSL on a platform (more can be
done here)
* Probing of OpenSSL build-time configuration to inform the API of the `*-sys`
crate.
* Many Cargo features have been removed as they're now enabled by default.
As this is a breaking change to both the `openssl` and `openssl-sys` crates this
will necessitate a major version bump of both. There's still a few more API
questions remaining but let's hash that out on a PR!
Closes #452
2016-10-12 22:49:55 -07:00
c1e41349fb
Rename NoPadding to None
2016-10-07 08:10:01 -07:00
b6719de92e
Rename EncryptionPadding to Padding
2016-10-07 08:09:02 -07:00
50648b7dac
Removed max_size; removed all encrypt/decrypt methods except private/public encrypt/decrypt which take the padding
2016-10-07 10:01:16 +03:00
f16cd5586f
added try_ssl_size, which handles -1 as error and returns the value otherwise; added RSA private_decrypt and public encrypt
...
lift_ssl_size
Added public/private encrypt/decrypt to RSA from the original commit + tests; added try_ssl_returns_size macro to check for -1 in case of SSL functions which return size
2016-10-05 14:39:11 +03:00
c5da7131f5
Make sure private component exists when signing
...
Closes #457
2016-09-29 00:09:31 +02:00
8d95383f32
Release v0.8.3
2016-09-09 09:19:24 -07:00
9a449dbd6e
Fix password callback on ARM
...
Closes #449
2016-09-08 09:35:56 -07:00
5e08ad0085
Implement Clone for openssl::error::ErrorStack
2016-09-01 20:10:02 +02:00
4718a88e04
Release openssl-sys v0.7.17, openssl v0.8.2
2016-08-18 12:59:22 -07:00
cd69343d67
Fix SslContext::add_extra_chain_cert
...
SSL_CTX_add_extra_chain_cert assumes ownership of the certificate, so
the method really needs to take an X509 by value. Work around this by
manually cloning the cert.
This method has been around for over a year but I'm guessing nobody
actually used it since it produces a nice double free into segfault!
2016-08-17 19:30:57 -07:00
80ed1ef8ab
Ignore flickering test on windows
2016-08-16 22:41:36 -07:00
7a653282a9
Get rid of use Asn1TimeRef warning for some builds
2016-08-17 01:23:54 -04:00
06f19cf285
Be explicit regarding Asn1TimeRef lifetimes
2016-08-17 01:23:54 -04:00
90c42fc026
Fix docs
2016-08-17 01:23:54 -04:00
234ce581f9
Add x509_validity feature to travis tests
...
- also update docs for new x509 `not_before`, `not_after`
2016-08-17 01:23:54 -04:00
8fa4059b82
Add test for `"x509_validity"` feature
2016-08-17 01:23:54 -04:00
96b1ef829c
Add `"x509_expiry"` feature flag
...
- fix return of `ASN1_TIME_print`
- assert on null `date`
2016-08-17 01:23:54 -04:00
32a4e2ba50
Introduce `Asn1TimeRef`
2016-08-17 01:23:54 -04:00
f9cd4bff1f
Progress on asn1 expiry
...
- Use MemBio and implement `Display` for Asn1Time
- Tweak doc for asn1 `not_before`, `not_after`
2016-08-17 01:23:54 -04:00
e64d3fcfcc
Fix finicky sha1 stdin format
2016-08-17 00:58:05 -04:00
e60c257019
Improve build script
...
- try and fallback to a mirror when openssl.org is down
- check the sha1 of the downloaded tarball
2016-08-17 00:48:56 -04:00
629f638f08
Release openssl-sys v0.7.16, openssl v0.8.1
2016-08-15 18:44:57 -07:00
88dcb1c81d
Add a little comment to sketchy transmute
2016-08-15 18:41:18 -07:00
e6c4135c53
Docs for pkcs12
2016-08-14 11:24:18 -07:00
e5299fd7c9
Fix memory leak in general name stack
2016-08-14 11:16:53 -07:00
6b12a0cdde
PKCS #12 support
2016-08-14 11:11:26 -07:00
ad4a8cc140
More test fixes
2016-08-14 11:05:53 -07:00
3876332734
Fix tests
2016-08-14 10:29:55 -07:00
773a6f0735
Start on PKCS #12 support
2016-08-14 10:11:38 -07:00
5042d3d170
Mangle c helper functions
...
We want to make sure that multiple openssl versions can coexist in the
same dependency tree.
Closes #438
2016-08-13 12:05:29 -07:00
2e8f19ca2f
Release openssl-sys v0.7.15, openssl v0.8.0
2016-08-11 21:00:43 -07:00
63239bf3ee
Require bitflags 7
2016-08-11 20:52:43 -07:00
b21805f541
Fix tests
2016-08-10 22:10:32 -07:00
0359afb99e
Little tweaks
2016-08-10 22:02:36 -07:00
9a3fa4d98d
Fix build
2016-08-10 21:37:24 -07:00
59fe901357
Method renames
2016-08-10 21:28:17 -07:00
c15642ccea
Tweaks
2016-08-10 21:25:18 -07:00
5e6b8e68fd
More API cleanup
2016-08-10 21:07:41 -07:00
c4e7743c57
Asn1 and Bignum renames
2016-08-10 20:51:06 -07:00
35c79d1768
Fix build
2016-08-09 23:13:56 -07:00
00db0bc4b3
Test hmac features
2016-08-09 22:56:08 -07:00
67b5b4d814
Make hmac support optional and remove openssl-sys-extras
...
rust-openssl no longer requires headers for the default feature set.
2016-08-09 22:52:12 -07:00
966c5385ea
Fix build
2016-08-09 22:26:18 -07:00
1ac54b06e9
Move X509_get_extensions to openssl helpers
2016-08-09 22:15:16 -07:00
0854632ff5
Make c_helpers optional
2016-08-09 22:02:49 -07:00
2f46c793e5
Remove rust_SSL_clone
2016-08-09 21:23:54 -07:00
15e8997052
Docs for Crypter::new
2016-08-08 23:31:25 -07:00
b8712c5c51
Fix size check
...
Decryption requires an extra byte of space
2016-08-08 23:25:06 -07:00
a8224d199b
symm reform
2016-08-08 23:10:03 -07:00
522447378e
Copy over getter macros
2016-08-08 20:37:48 -07:00
bf07dd9a4e
Remove symm_internal
2016-08-08 20:26:04 -07:00
e4b97921a9
Clean up RSA and DSA accessors
2016-08-08 19:04:30 -07:00
deb94a904b
Fix build on 1.9
2016-08-07 22:58:20 -07:00
6b1016c86e
Add PKey::from_rsa
2016-08-07 22:56:44 -07:00
6e5cd7ef47
Remove X509Generator::bitlenth
2016-08-07 22:46:14 -07:00
a8f827d28c
Fix example
2016-08-07 22:44:42 -07:00
1968956536
Restore disabled tests
2016-08-07 22:40:51 -07:00
2a3e9a2856
Add RSA::generate
2016-08-07 22:35:37 -07:00
25752280ae
Move init to crate root
2016-08-07 22:09:19 -07:00
77ba043acf
x509 cleanup
2016-08-07 21:53:05 -07:00
79602b6af4
get_error -> error
2016-08-07 21:34:58 -07:00
a0a6c03d74
DH cleanup
2016-08-07 21:19:40 -07:00
4d3c6868e7
pkcs5 reform
2016-08-07 20:57:44 -07:00
7855f428aa
PKey reform
...
This deletes the vast majority of PKey's API, since it was weirdly tied
to RSA and super broken.
2016-08-07 20:38:46 -07:00
7515272692
Fix RSA::verify
...
It never returns -1 - all errors are indicated by 0
2016-08-07 18:03:13 -07:00
6091c674c9
Fix bn tests on 32 bit
2016-08-07 17:52:13 -07:00
b56908a392
Take a c_ulong directly in BN construction
...
Closes #416
2016-08-07 17:48:18 -07:00
7ca5ccf064
Hash reform
...
Closes #430
2016-08-07 16:29:36 -07:00
05089bacb3
Refactor BigNum
2016-08-07 14:33:18 -07:00
5af01a5dbd
Clean up asn1time
2016-08-06 22:23:03 -07:00
bc97d088b0
get_handle -> handle
2016-08-05 21:07:17 -07:00
fe47e93f2f
Fix pkey method safety
2016-08-05 21:04:40 -07:00
b4145c6fa5
Clean up x509
2016-08-05 20:55:05 -07:00
4e911e7972
Make x509 constructors unsafe
2016-08-05 19:51:59 -07:00
c47be8b14b
Move SSL_CTX_set_ecdh_auto to -sys
2016-08-04 22:52:40 -07:00
ee67ea8ea0
Mvoe SSL_CTX_add_extra_chain_cert to -sys
2016-08-04 22:46:47 -07:00
378b86326c
Move SSL_CTX_set_tmp_dh to -sys
2016-08-04 22:43:24 -07:00
7fb7f4671d
Move SSL_CTX_set_read_ahead to -sys
2016-08-04 22:40:01 -07:00
77dbab2cad
Move SSL_CTX_set_tlsext_servername_callback to -sys
2016-08-04 22:37:39 -07:00
c2a7c5b7f0
Move SSL_set_tlsext_host_name to -sys
2016-08-04 22:28:33 -07:00
b29ea62491
Move BIO macros into -sys
2016-08-04 22:22:55 -07:00
dd16f64f89
Stop once-ing init wrapper
...
The underlying function already once-s itself
2016-08-04 22:15:50 -07:00
17474520bc
Support basic SSL options without C shims
2016-08-04 22:14:18 -07:00
abacc8bb18
Define SSL_CTX_set_mode in openssl-sys
2016-08-02 22:14:44 -07:00
Steven Fackler