min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,535 Commits 2 Branches 0 Tags 16 MiB
Commit Graph

499 Commits

Author SHA1 Message Date
Steven Fackler f9866cd44f Split X509StoreContextRef::ssl up 2017-12-26 14:53:35 -07:00
Steven Fackler 129b6b9d84 Overhaul verify error type 
Also set the error in the hostname verification callback for 1.0.1
 2017-12-26 14:43:10 -07:00
Steven Fackler 19dc6ce1eb Adjust SslConnector and SslAcceptor construction 2017-12-26 10:39:21 -07:00
Steven Fackler ce0641f093 Drop Any bounds 2017-12-26 08:55:12 -07:00
Steven Fackler 2adf2cf12b Remove deprecated APIs 2017-12-25 22:09:27 -07:00
Steven Fackler 3744e31e16 Fix a bunch of FIXMEs 2017-12-25 21:44:41 -07:00
Steven Fackler 7cc6c9b2f2 Tweak default ssl options 2017-12-25 21:18:49 -07:00
Steven Fackler 7d0c6c9442 Fix tests 2017-12-25 20:32:06 -07:00
Steven Fackler 77448362ce Rename X509FileType to X509Filetype 2017-12-25 19:57:02 -07:00
Steven Fackler 3eab162dc2 Move to associated consts 2017-12-25 19:56:27 -07:00
Steven Fackler bbae793eb3 Upgrade bitflags to 1.0 
Closes #756
 2017-12-25 19:38:11 -07:00
Steven Fackler 34d700309c Clean up 1.0.1 hostname verification 2017-12-23 19:32:33 -07:00
Steven Fackler 196a855d2a Allow SNI and hostname verification to be configured separately 
Closes #728
 2017-12-23 12:47:38 -08:00
Steven Fackler 4b732dad19 Fix link 2017-12-09 15:50:23 -08:00
Steven Fackler 3207e57a09 Finish documentation for the ssl module 
Closes #727
 2017-12-04 22:15:56 -08:00
Steven Fackler bf70d3dd71 Docs for the ssl module. 
cc #727
 2017-12-03 23:10:56 -08:00
Steven Fackler 4a10c31219 Impl deref for acceptor/connector builders 2017-12-03 19:24:11 -08:00
Steven Fackler e9ad9f1afd Upgrade foreign-types 
foreign-types 0.3 and 0.2 now share the same types and traits, so this
is backwards compatible.
 2017-11-26 17:07:24 -07:00
Steven Fackler de987f20c8
Revert "Update foreign-types to 0.3" 2017-11-21 08:51:37 -08:00
Anthony Ramine 93be1c4f2f Update foreign-types to 0.3 2017-11-21 09:17:39 +01:00
Steven Fackler 55bf390dbe Adjust libressl version detection 
The 2.5.3+ and 2.6.3+ series are ABI-stable, so we don't need to
whitelist individual releases in those ranges.
 2017-11-13 21:51:55 -08:00
phoebe jenkins 6257835757 Add support for LibreSSL 2.6.3 2017-11-13 09:51:17 -05:00
Steven Fackler 8830bd5daf Add a couple of FIXMEs 2017-11-05 10:47:05 -08:00
Steven Fackler a1a3219483 Handle local retries 
OpenSSL can return SSL_ERROR_WANT_READ even on blocking sockets after
renegotiation or heartbeats. Heartbeats ignore the flag that normally
makes these things handled internally anyway on 1.0.2. To handle this
more properly, we now have a special error type we use to signal this
event. The `Read` and `Write` implementation automatically retry in this
situation since that's what you normally want. People can use `ssl_read`
and `ssl_write` if they want the lower level control.

Closes #760
 2017-11-04 13:32:18 -07:00
Brian Vincent d5299a8d2b Fixed a typo in an error message, WANT_WRITE -> WANT_READ 2017-10-17 20:06:35 -05:00
Steven Fackler ff8f54812c Merge pull request #752 from chrisvittal/libressl262 
Add support for LibreSSL 2.6.2
 2017-10-03 22:11:29 -07:00
Christopher Vittal 1308cb2b52 Fix cfgs for libressl262 2017-10-04 00:53:09 -04:00
Christopher Vittal e0efd1d438 Add support for LibreSSL 2.6.2 2017-10-03 23:59:33 -04:00
johnthagen b5bb8de4f2 Convert try! usage to ? 2017-10-03 17:44:02 -04:00
Steven Fackler dc92a514ef Properly handle IPs in hostname verification 2017-09-20 10:04:09 -04:00
Steven Fackler f0db1dbc95 Merge pull request #695 from Keruspe/master 
openssl-sys: support libressl 2.6.1
 2017-09-17 13:57:18 -07:00
Marc-Antoine Perennou b73548da18 openssl: ecdh_tmp_callback doesn't work with libressl 2.6.1 
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
 2017-09-17 19:55:47 +02:00
Marc-Antoine Perennou 5091830379 openssl: libressl 2.6.1 dropped suuport for npn 
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
 2017-09-17 19:46:05 +02:00
Steven Fackler 7d41009a9c Update default client cipher list 2017-09-16 13:10:55 -04:00
Steven Fackler 9bd64edc08 Fix indentation 2017-09-15 22:31:03 -04:00
Alex Crichton 68a30c29c9 Set SSL_MODE_RELEASE_BUFFERS by default 
Closes #696
 2017-09-14 19:15:00 -07:00
Steven Fackler be1b573f6b Delete DTLS tests 2017-08-08 22:01:58 -07:00
Steven Fackler c2164a4864 Add peer_cert_chain 2017-07-29 10:34:10 -07:00
Steven Fackler a132834132 Ignore dtls tests 
They're way too flaky.

Closes #525
 2017-07-29 09:54:04 -07:00
Steven Fackler 8fa9b58743 Tweak formatting on cipher list 2017-07-26 20:49:24 -07:00
Steven Fackler 374ad206d5 Use foreign-type's Opaque 2017-07-15 21:53:49 -07:00
Steven Fackler bcd0dcafcb Rustfmt 2017-07-15 21:46:11 -07:00
Steven Fackler 5c2410c38a Init before creating ex indexes 2017-07-15 18:58:24 -07:00
Steven Fackler dbbf446a9e Fix build 2017-07-15 17:25:02 -07:00
Steven Fackler c68db708ee Don't overwrite the configured verify mode 
We can leverage the new extra data API to configure the verification
mode up front so users can reconfigure it as they like.
 2017-07-15 16:50:36 -07:00
Steven Fackler fd52bbe85c Add an API to install extra data 2017-07-15 16:50:36 -07:00
Steven Fackler e3c7a2785c Move callbacks to a submodule 2017-07-15 16:50:36 -07:00
Steven Fackler 279bffccf5 Merge pull request #641 from luser/psk 
Expose PSK via a SslContextBuilder::set_psk_callback method
 2017-07-04 18:19:17 -10:00
Steven Fackler 240eb9731f Properly reexport ConnectConfiguration 2017-06-14 19:54:09 -07:00
Steven Fackler 98d343dd32 Fix for changes in OpenSSL 1.1.0f 2017-06-06 18:45:54 -04:00
Ted Mielczarek 4de58596d9 Make some changes for review comments 2017-06-02 08:20:03 -04:00
Steven Fackler 3028958bf6 Little docs fix 2017-05-29 21:11:49 -07:00
Steven Fackler c89af1d5f8 Add a fixme 2017-05-29 18:04:32 -07:00
Ted Mielczarek 16183f41f6 Expose PSK via a SslContextBuilder::set_psk_callback method 2017-05-26 14:51:04 -04:00
golem131 27728f6fd9 Update bitflags 0.8 -> 0.9 2017-05-22 12:44:22 +03:00
Steven Fackler 0efef98848 Add a note to rename variant 2017-05-06 16:35:55 -07:00
jethrogb dd3896fdc5 Clarify use of ssl::HandshakeError::Interrupted 2017-05-03 12:03:18 -07:00
Steven Fackler c8d1698f27 Logic to support client-side session reuse 2017-03-25 19:30:01 -07:00
Steven Fackler 618cc70d19 Add a fixme to drop const prefixes 2017-02-19 14:24:05 -08:00
Steven Fackler 710a30bb40 Tweaks 2017-02-18 21:58:38 -08:00
Benjamin Fry 88740c1374 add Ok to result 2017-02-16 19:59:02 -08:00
Benjamin Fry 323a646383 only forget in non-error condition 2017-02-16 19:50:58 -08:00
Benjamin Fry eef5b5d2ac review fixes: reorder forget() 2017-02-16 19:49:14 -08:00
Benjamin Fry d080c10910 fix cfg options for v102 and v110 2017-02-16 19:49:14 -08:00
Benjamin Fry f8298882a4 add set_verify_cert_store() to ssl ctx 2017-02-16 19:49:14 -08:00
Steven Fackler f2c69ae7e9 Merge remote-tracking branch 'origin/master' into x509-builder 2017-02-11 10:13:00 -08:00
Steven Fackler 12ae31ad47 Switch to foreign_types 2017-02-03 23:03:35 -08:00
Steven Fackler 722bdb6a4c Merge pull request #550 from Keruspe/master 
LibreSSL support improvements
 2017-01-22 18:39:34 +00:00
Steven Fackler 1ffdf8a1ab Fix test warnings 2017-01-21 14:43:43 +00:00
Steven Fackler 920ab0d6fb OCSP functionality 2017-01-14 21:09:38 -08:00
Steven Fackler 1fbe8f8d71 Fix typo 2017-01-08 11:04:47 -08:00
Steven Fackler 1942977408 Add methods to construct SslAcceptorBuilder without key and cert 
This will allow, in particular, initialization directly from files
rather than having to load and parse them manually.
 2017-01-08 10:57:04 -08:00
Marc-Antoine Perennou 0978f87095 libressl: make set_ecdh_auto available 
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
 2017-01-05 20:47:01 +01:00
Steven Fackler 404e0341d8 Provide master key access 2017-01-04 22:01:30 -08:00
Steven Fackler a2c118bf82 Add basic session tests 2017-01-04 21:18:13 -08:00
Steven Fackler 0b1bfee46d session is nullable 2017-01-04 21:15:09 -08:00
Steven Fackler 5d53405597 Provide access to the session ID 2017-01-04 21:11:06 -08:00
Steven Fackler 88a7032f4b Types and accessor for SslSession 2017-01-04 20:59:46 -08:00
Steven Fackler cfb2539ed4 Typo 2017-01-02 09:37:31 -08:00
Steven Fackler 0e0bee50a5 Clean up bio 2017-01-01 10:18:43 -08:00
Steven Fackler 7e035a7fd1 Merge pull request #538 from semarie/libressl 
Add LibreSSL support
 2016-12-22 11:59:19 -05:00
Sébastien Marie b3526cbd2b Add LibreSSL 2.5.0 support 2016-12-21 09:27:12 +01:00
Alex Crichton 8e01f8d250 Handle zero-length reads/writes 
This commit adds some short-circuits for zero-length reads/writes to
`SslStream`. Because OpenSSL returns 0 on error, then we could mistakenly
confuse a 0-length success as an actual error, so we avoid writing or reading 0
bytes by returning quickly with a success.
 2016-12-20 15:52:18 -08:00
Steven Fackler 146512099b Implement Clone for SslConnector and SslAcceptor 2016-11-27 21:35:35 -08:00
Steven Fackler 234f126d7d Cleanup 2016-11-27 21:00:59 -08:00
Steven Fackler 6794a45d60 Rename ec_key to ec 2016-11-14 22:37:01 +01:00
Steven Fackler 0d0b5080e2 Rename new_by_curve_name to from_curve_name 2016-11-13 20:21:44 +00:00
Steven Fackler 85c1474ce6 No need to use a raw string anymore 2016-11-13 12:19:31 +00:00
Steven Fackler 64e9932ac9 Use ffdhe2048 in mozilla_intermediate 2016-11-12 17:52:58 +00:00
Steven Fackler 2f8301fc63 Be a bit more emphatic about the danger 2016-11-12 16:51:26 +00:00
Steven Fackler 6b3599d319 Add a connect method that does not perform hostname verification 
The method name is intentionally painful to type to discourage its use
 2016-11-12 16:45:18 +00:00
Steven Fackler 7cdb58bc47 Simplify test logic a bit 2016-11-12 14:42:48 +00:00
Steven Fackler 96d24c8957 Add SslRef::set_{tmp_dh,tmp_ecdh,ecdh_auto} 2016-11-12 13:45:54 +00:00
Steven Fackler 2a1d7b2bcb Pick different cipher lists on 1.0.1 and 1.0.2 2016-11-12 13:36:03 +00:00
Steven Fackler 93253ba599 Adjust cipher lists to work on older versions 2016-11-12 13:09:12 +00:00
Steven Fackler 780c46e0e7 Add SslRef::set_tmp_{ec,}dh_calback 2016-11-12 12:56:58 +00:00
Steven Fackler 563754fb08 Add SslContextBuilder::set_tmp_{ec,}dh_callback 2016-11-12 12:43:44 +00:00
Steven Fackler 26a3358a2b Add basic X509_STORE access 
There's more to do here, but this enabled addition of trusted CAs from
X509 objects.

Closes #394
 2016-11-12 00:24:12 +00:00
Steven Fackler 898e7f02df Fix EOF detection 
See https://github.com/openssl/openssl/issues/1903 for details
 2016-11-11 15:10:30 +00:00
Steven Fackler a42c6e8713 Drop rustc-serialize dependency 2016-11-09 20:35:23 +00:00
Steven Fackler aa7c27536a Make sure to override SslContext verify callback always 
The 1.0.1 code has to override this to setup hostname validation, and
don't want behavior to silently change depending on the OpenSSL version
you're building against.
 2016-11-08 22:38:48 +00:00
Steven Fackler 597d05b8f8 Add stack creation and push 2016-11-06 23:46:42 -08:00
Steven Fackler 1edb6f682e Support client CA advertisement 2016-11-06 12:17:14 -08:00
Steven Fackler a4e0581e4f Fix build on 1.0.1 2016-11-06 11:57:50 -08:00
Steven Fackler bcb7b3f5dc Add accessors for cert and private key 
Closes #340
 2016-11-06 10:46:38 -08:00
Steven Fackler 79e2004eef Fixes 2016-11-05 19:28:17 -07:00
Steven Fackler f15c817c2d Rustfmt 2016-11-05 10:54:17 -07:00
Steven Fackler 99b41a0050 Rename accessors 2016-11-05 10:15:40 -07:00
Steven Fackler 01ae978db0 Get rid of Ref 
There's unfortunately a rustdoc bug that causes all methods implemented
for any Ref<T> to be inlined in the deref methods section :(
 2016-11-04 17:16:59 -07:00
Steven Fackler 6fe7dd3024 Remove an enum 2016-11-03 22:45:54 -07:00
Steven Fackler aa0040125b Use built in DH parameters when available 
Fall back to a hardcoded PEM blob on 1.0.1, but serialized from
DH_get_2048_256.
 2016-11-01 22:50:22 -07:00
Lionel Flandrin 36bf0bb387 Replace GeneralNames by the new Stack API 2016-11-01 21:23:18 +01:00
Steven Fackler f71395c600 Little cfg cleanup 2016-10-31 22:45:51 -07:00
Steven Fackler dc4098bdd8 Clean up x509 name entries 2016-10-31 22:43:05 -07:00
Steven Fackler cd7fa9fca2 Update x509 2016-10-31 20:54:34 -07:00
Steven Fackler ff12d37aef Update ssl 2016-10-31 20:32:55 -07:00
Steven Fackler 16e398e005 Update verify 2016-10-31 20:19:59 -07:00
Steven Fackler f640613863 Update PKey 2016-10-31 20:12:55 -07:00
Steven Fackler d6579ab058 Update EcKey 2016-10-31 20:06:06 -07:00
Steven Fackler 28f375974a Convert Dh 2016-10-31 20:02:24 -07:00
Steven Fackler 006da59285 Return an SslRef 2016-10-30 22:42:32 -07:00
Steven Fackler 558124b755 Expose SSL_MODEs 2016-10-30 22:02:26 -07:00
Steven Fackler e0211dac30 Rename set_CA_file 2016-10-30 21:39:26 -07:00
Steven Fackler 5b0fc9a185 Impl Sync and Send for SslContextBuilder 2016-10-30 20:34:35 -07:00
Steven Fackler add8e4023e Rename connectors 2016-10-30 19:39:18 -07:00
Steven Fackler 997e92e052 Merge ssl option setup 
The client will ignore server-side options so we may as well stick them
all in the same spot.
 2016-10-30 18:49:29 -07:00
Steven Fackler bd457dba18 Move HandshakeError to submodule 2016-10-30 17:23:03 -07:00
Steven Fackler f75f82e466 Rustfmt 2016-10-30 16:37:45 -07:00
Steven Fackler 7869651407 Remove out of date comment 2016-10-30 16:34:50 -07:00
Steven Fackler 9abbf6f80e Use Python's cipher list on the client side. 2016-10-30 16:29:33 -07:00
Steven Fackler d1179f1ad2 Update docs 2016-10-30 15:14:29 -07:00
Steven Fackler 52f288e090 Add a mozilla modern profile 2016-10-30 14:57:22 -07:00
Steven Fackler 7d13176cd1 Rename nwe to mozilla_intermediate 2016-10-30 14:34:05 -07:00
Steven Fackler 43b430e5b0 Pass SslMethod into constructors 2016-10-30 14:26:28 -07:00
Steven Fackler ee79db61c2 Enable single ECDH use 2016-10-30 13:41:24 -07:00
Steven Fackler 677718f8da Configure ECDH parameters in connector 2016-10-30 13:38:09 -07:00
Steven Fackler eb735f519a Clean up generics a bit 2016-10-30 11:05:29 -07:00
Steven Fackler 23fe1e85e9 Pull Curl's CA list for Windows tests 2016-10-29 18:17:46 -07:00
Steven Fackler 761dd780c1 Add module level docs 2016-10-29 18:04:38 -07:00
Steven Fackler e72533c058 Docs for connectors 2016-10-29 15:00:46 -07:00
Steven Fackler 57d10ebbc3 Add PKeyRef 2016-10-29 14:19:09 -07:00
Steven Fackler 4c7a5a418e Implement client and server connectors 2016-10-29 14:02:26 -07:00
Steven Fackler dafb46fc51 Camel case DH 2016-10-27 20:26:18 -07:00
Steven Fackler 781417d50f Add a macro definition 2016-10-27 19:12:55 -07:00
Steven Fackler 8e129af256 Fix description 2016-10-26 22:15:41 -07:00
Steven Fackler 63b1ec1a12 Stop returning an Option from cipher description 2016-10-26 22:13:10 -07:00
Steven Fackler ebc4c56c34 Add SslMethod::from_ptr 2016-10-26 20:43:43 -07:00
Steven Fackler f4b7006771 Don't allow mutation of SslContexts 
SslContext is reference counted and the various setter methods don't
take out locks where necessary. Fix this by adding a builder for the
context.
 2016-10-25 23:12:56 -07:00
Steven Fackler 39279455c8 Add a shutdown method 2016-10-25 20:40:18 -07:00
Steven Fackler eb655bddbc Fix ordering 2016-10-25 20:01:28 -07:00