4ee7e0d3a9
Tweak verify_cert's signature
...
The call can fail either due to an invalid cert or an internal error,
and we should distinguish between the two.
2018-03-11 14:08:34 -07:00
d7a7c379a8
Changes `init` to take a closure which is called with the initialized context
...
After calling the closure, we automatically cleanup the context. This is
required, because otherwise we could have dangling references in the context.
2018-03-11 11:34:36 +01:00
a5d7f8a718
Moves store context init into its own function
2018-03-10 00:15:03 +01:00
1a0b085377
Extends the test to verify the certificate two times
2018-03-08 12:10:29 +01:00
888f4ccaab
Fixes the implementation of `X509StoreContextRef::verify_cert`
...
The certificate, the store and the certificates chain does not need to be
consumed by `verify_cert` and instead are taken as references. We also call
`X509_STORE_CTX_cleanup`, after the verification succeeded.
2018-03-07 16:07:57 +01:00
6abac82f13
cleanup and add negative test
2018-03-07 13:54:35 +01:00
a1cfde765a
add cleanup ffi to store context
2018-03-07 13:54:15 +01:00
3187366cc5
restructure to self contained function
2018-03-07 13:53:29 +01:00
d8a11973e2
convert to raw pass-through methods
2018-03-07 13:51:58 +01:00
35cad33d51
fix error check
2018-03-07 13:50:12 +01:00
847fac25f8
properly version library functions
2018-03-07 13:48:09 +01:00
3595ff9e51
Fix memory mgmt
2018-03-07 13:42:39 +01:00
eb6296e892
add verify_cert and store_context_builder
2018-03-07 13:41:44 +01:00
60337266ab
add support for rfc822Name (email) and uniformResourceIdentifier (uri) to GeneralName
2018-01-15 11:22:29 -06:00
bb5ab2b43f
Bump hex to 0.3
...
The `to_hex` method has been removed and `hex::encode` should be used
instead.
2018-01-01 17:38:38 +01:00
d207897458
Parameterize keys over what they contain
...
Closes #790
2017-12-30 21:53:39 -08:00
129b6b9d84
Overhaul verify error type
...
Also set the error in the hostname verification callback for 1.0.1
2017-12-26 14:43:10 -07:00
2adf2cf12b
Remove deprecated APIs
2017-12-25 22:09:27 -07:00
3eab162dc2
Move to associated consts
2017-12-25 19:56:27 -07:00
bbae793eb3
Upgrade bitflags to 1.0
...
Closes #756
2017-12-25 19:38:11 -07:00
7de1499c65
Fix X509::clone impl
...
Closes #667
2017-07-19 19:23:47 -07:00
bcd0dcafcb
Rustfmt
2017-07-15 21:46:11 -07:00
f2c69ae7e9
Merge remote-tracking branch 'origin/master' into x509-builder
2017-02-11 10:13:00 -08:00
1c25336520
Merge branch 'master' into x509_req_version_subject
2017-02-11 09:11:25 -08:00
03fe3015dc
X509 signature algorithm access
2017-02-10 21:37:33 -08:00
8e5735d84c
X509 signature access
2017-02-10 19:59:11 -08:00
557b936e27
Added X509ReqRef.subject_name and X509ReqRef.version
2017-01-26 21:05:33 +01:00
54900976bb
Support EC_GROUP_set_asn1_flag
...
Closes #561
2017-01-22 10:44:59 +00:00
920ab0d6fb
OCSP functionality
2017-01-14 21:09:38 -08:00
6291407b17
Add X509::stack_from_pem
...
Implementation is a clone of SSL_CTX_use_certificate_chain_file
2017-01-03 14:56:00 -08:00
a42c6e8713
Drop rustc-serialize dependency
2016-11-09 20:35:23 +00:00
d78acc729b
Add an X509ReqBuilder
2016-11-07 20:42:43 +00:00
8f7df7b205
Add SubjectAlternativeName
2016-11-06 23:19:58 -08:00
d17c3355ab
More extension progress
2016-11-06 22:52:53 -08:00
5f18ffa4b3
Start of extension support
2016-11-06 21:58:43 -08:00
b83edbad0d
Start on an X509Builder
2016-11-06 14:07:34 -08:00
36bf0bb387
Replace GeneralNames by the new Stack API
2016-11-01 21:23:18 +01:00
dc4098bdd8
Clean up x509 name entries
2016-10-31 22:43:05 -07:00
f75f82e466
Rustfmt
2016-10-30 16:37:45 -07:00
787cad3c82
Use constants rather than constructors for Nid
2016-10-22 15:58:06 -07:00
3c50c74444
Camel case Rsa
2016-10-22 10:21:16 -07:00
2fd201d9c3
De-enumify Nid
2016-10-22 10:08:32 -07:00
98b7f2f935
Flatten crypto module
2016-10-22 09:16:38 -07:00
c171be551a
De-enumify message digests
2016-10-15 15:23:29 -07:00
43c951f743
Add support for OpenSSL 1.1.0
...
This commit is relatively major refactoring of the `openssl-sys` crate as well
as the `openssl` crate itself. The end goal here was to support OpenSSL 1.1.0,
and lots of other various tweaks happened along the way. The major new features
are:
* OpenSSL 1.1.0 is supported
* OpenSSL 0.9.8 is no longer supported (aka all OSX users by default)
* All FFI bindings are verified with the `ctest` crate (same way as the `libc`
crate)
* CI matrixes are vastly expanded to include 32/64 of all platforms, more
OpenSSL version coverage, as well as ARM coverage on Linux
* The `c_helpers` module is completely removed along with the `gcc` dependency.
* The `openssl-sys` build script was completely rewritten
* Now uses `OPENSSL_DIR` to find the installation, not include/lib env vars.
* Better error messages for mismatched versions.
* Better error messages for failing to find OpenSSL on a platform (more can be
done here)
* Probing of OpenSSL build-time configuration to inform the API of the `*-sys`
crate.
* Many Cargo features have been removed as they're now enabled by default.
As this is a breaking change to both the `openssl` and `openssl-sys` crates this
will necessitate a major version bump of both. There's still a few more API
questions remaining but let's hash that out on a PR!
Closes #452
2016-10-12 22:49:55 -07:00
8fa4059b82
Add test for `"x509_validity"` feature
2016-08-17 01:23:54 -04:00
773a6f0735
Start on PKCS #12 support
2016-08-14 10:11:38 -07:00
1ac54b06e9
Move X509_get_extensions to openssl helpers
2016-08-09 22:15:16 -07:00
0854632ff5
Make c_helpers optional
2016-08-09 22:02:49 -07:00
6b1016c86e
Add PKey::from_rsa
2016-08-07 22:56:44 -07:00
Steven Fackler