boring2

Commit Graph

Author	SHA1	Message	Date
Steven Fackler	006da59285	Return an SslRef	2016-10-30 22:42:32 -07:00
Steven Fackler	558124b755	Expose SSL_MODEs	2016-10-30 22:02:26 -07:00
Steven Fackler	e0211dac30	Rename set_CA_file	2016-10-30 21:39:26 -07:00
Steven Fackler	5b0fc9a185	Impl Sync and Send for SslContextBuilder	2016-10-30 20:34:35 -07:00
Steven Fackler	add8e4023e	Rename connectors	2016-10-30 19:39:18 -07:00
Steven Fackler	997e92e052	Merge ssl option setup The client will ignore server-side options so we may as well stick them all in the same spot.	2016-10-30 18:49:29 -07:00
Steven Fackler	bd457dba18	Move HandshakeError to submodule	2016-10-30 17:23:03 -07:00
Steven Fackler	f75f82e466	Rustfmt	2016-10-30 16:37:45 -07:00
Steven Fackler	7869651407	Remove out of date comment	2016-10-30 16:34:50 -07:00
Steven Fackler	9abbf6f80e	Use Python's cipher list on the client side.	2016-10-30 16:29:33 -07:00
Steven Fackler	d1179f1ad2	Update docs	2016-10-30 15:14:29 -07:00
Steven Fackler	52f288e090	Add a mozilla modern profile	2016-10-30 14:57:22 -07:00
Steven Fackler	7d13176cd1	Rename nwe to mozilla_intermediate	2016-10-30 14:34:05 -07:00
Steven Fackler	43b430e5b0	Pass SslMethod into constructors	2016-10-30 14:26:28 -07:00
Steven Fackler	ee79db61c2	Enable single ECDH use	2016-10-30 13:41:24 -07:00
Steven Fackler	677718f8da	Configure ECDH parameters in connector	2016-10-30 13:38:09 -07:00
Steven Fackler	eb735f519a	Clean up generics a bit	2016-10-30 11:05:29 -07:00
Steven Fackler	23fe1e85e9	Pull Curl's CA list for Windows tests	2016-10-29 18:17:46 -07:00
Steven Fackler	761dd780c1	Add module level docs	2016-10-29 18:04:38 -07:00
Steven Fackler	e72533c058	Docs for connectors	2016-10-29 15:00:46 -07:00
Steven Fackler	57d10ebbc3	Add PKeyRef	2016-10-29 14:19:09 -07:00
Steven Fackler	4c7a5a418e	Implement client and server connectors	2016-10-29 14:02:26 -07:00
Steven Fackler	dafb46fc51	Camel case DH	2016-10-27 20:26:18 -07:00
Steven Fackler	781417d50f	Add a macro definition	2016-10-27 19:12:55 -07:00
Steven Fackler	8e129af256	Fix description	2016-10-26 22:15:41 -07:00
Steven Fackler	63b1ec1a12	Stop returning an Option from cipher description	2016-10-26 22:13:10 -07:00
Steven Fackler	ebc4c56c34	Add SslMethod::from_ptr	2016-10-26 20:43:43 -07:00
Steven Fackler	f4b7006771	Don't allow mutation of SslContexts SslContext is reference counted and the various setter methods don't take out locks where necessary. Fix this by adding a builder for the context.	2016-10-25 23:12:56 -07:00
Steven Fackler	39279455c8	Add a shutdown method	2016-10-25 20:40:18 -07:00
Steven Fackler	eb655bddbc	Fix ordering	2016-10-25 20:01:28 -07:00
Steven Fackler	938fdd7137	Add into_error	2016-10-23 21:54:49 -07:00
Steven Fackler	ca71e00878	Fix Send + Sync-ness of SslStream	2016-10-23 20:55:31 -07:00
Steven Fackler	98b7f2f935	Flatten crypto module	2016-10-22 09:16:38 -07:00
Steven Fackler	9be0aab9ac	Borrow compression string	2016-10-21 21:46:32 -07:00
Steven Fackler	f1c68e3544	Rename SslContextOptions	2016-10-21 21:22:05 -07:00
Steven Fackler	8ec53eb0e1	Fix X509StoreContext	2016-10-21 20:59:07 -07:00
Steven Fackler	02b4385c5d	Convert X509VerifyParamRef	2016-10-21 19:58:06 -07:00
Steven Fackler	f0cde38929	Borrowed servername	2016-10-21 19:54:30 -07:00
Steven Fackler	fcb86b8394	Convert SslCipherRef	2016-10-21 19:45:46 -07:00
Steven Fackler	2bbeddd14a	Convert SslRef	2016-10-21 19:33:56 -07:00
Steven Fackler	fe98a90719	Convert SslContextRef	2016-10-21 19:15:09 -07:00
Steven Fackler	bd0c0c60bd	Store a MidHandshakeSslStream in fatal errors This in particular allows the X509 verification error to be retrieved, as well as the stream itself.	2016-10-20 20:57:53 -07:00
Steven Fackler	8f3511c0cd	Redo SslStream construction SslStream is now constructed via methods on Ssl. You realistically want to create an Ssl for SNI and hostname verification so making it harder to construct a stream directly from an SslContext is a good thing.	2016-10-20 19:59:09 -07:00
Steven Fackler	5ab037f056	Allow the X509 verify error to be read from an SslRef	2016-10-18 22:21:06 -07:00
Steven Fackler	c4459c37d9	Callback cleanup	2016-10-18 21:13:13 -07:00
Steven Fackler	f7e6d7fce6	Don't ignore errors in NPN/ALPN logic Closes #479	2016-10-18 21:12:55 -07:00
Steven Fackler	194298a057	Implement new feature setup The basic idea here is that there is a feature for each supported OpenSSL version. Enabling multiple features represents support for multiple OpenSSL versions, but it's then up to you to check which version you link against (probably by depending on openssl-sys and making a build script similar to what openssl does).	2016-10-17 21:57:54 -07:00
Steven Fackler	b7400d56e8	Fix algorithm field	2016-10-16 23:22:00 -07:00
Steven Fackler	78daed2d58	ssl error handling cleanup	2016-10-16 20:14:04 -07:00
Steven Fackler	6ea551dc82	Fix set_read_ahead signature	2016-10-15 16:53:10 -07:00
Steven Fackler	ee18988584	De-enumify SslMethod	2016-10-15 16:10:03 -07:00
Steven Fackler	c171be551a	De-enumify message digests	2016-10-15 15:23:29 -07:00
Steven Fackler	64b8e5e553	Merge pull request #471 from sfackler/no-comp Handle OPENSSL_NO_COMP	2016-10-14 23:09:11 -07:00
Steven Fackler	7ac0599638	Fix test_alpn_server_select_none In OpenSSL 1.1, a failure to negotiate a protocol is a fatal error, so fork that test. This also popped up an issue where we assumed all errors had library, function, and reason strings which is not necessarily the case. While we're in here, adjust the Display impl to match what OpenSSL prints out. Closes #465	2016-10-14 22:01:21 -07:00
Steven Fackler	f520aa2860	Handle OPENSSL_NO_COMP Closes #459	2016-10-14 20:50:45 -07:00
Steven Fackler	d976b8f595	Enable hostname verification on 1.0.2	2016-10-14 18:56:15 -07:00
Steven Fackler	af51b263b1	Support hostname verification Closes #206	2016-10-14 17:39:31 -07:00
Alex Crichton	0908fddc74	Ignore DTLS tests on Windows/ARM for now cc #467	2016-10-14 11:15:22 -07:00
Steven Fackler	f44cff29e6	Cleanup	2016-10-13 22:34:39 -07:00
Steven Fackler	3d535f661f	Use stdlib logic for udp	2016-10-13 20:15:26 -07:00
Steven Fackler	a09f46266d	Fix windows for real	2016-10-13 20:09:43 -07:00
Steven Fackler	5b29fc9d69	Disable npn tests on < 1.0.2 s_client doesn't seem to support the required flag before then.	2016-10-13 20:03:02 -07:00
Steven Fackler	140ef1b988	Fix tests on windows	2016-10-13 20:01:31 -07:00
Steven Fackler	143556078b	Reenable dtls tests	2016-10-13 19:48:30 -07:00
Steven Fackler	edfc50f37d	Clean up features	2016-10-13 19:46:13 -07:00
Steven Fackler	b610e01793	Flag off dtls and mask ssl_ops Also un-feature gate npn as it ships with 1.0.1	2016-10-13 19:06:53 -07:00
Alex Crichton	715b700aff	Ignore a test on OpenSSL 1.1.0	2016-10-12 22:51:47 -07:00
Steven Fackler	af3e06d3e8	Add remaining SSL_OP constants	2016-10-12 22:50:08 -07:00
Alex Crichton	43c951f743	Add support for OpenSSL 1.1.0 This commit is relatively major refactoring of the `openssl-sys` crate as well as the `openssl` crate itself. The end goal here was to support OpenSSL 1.1.0, and lots of other various tweaks happened along the way. The major new features are: * OpenSSL 1.1.0 is supported * OpenSSL 0.9.8 is no longer supported (aka all OSX users by default) * All FFI bindings are verified with the `ctest` crate (same way as the `libc` crate) * CI matrixes are vastly expanded to include 32/64 of all platforms, more OpenSSL version coverage, as well as ARM coverage on Linux * The `c_helpers` module is completely removed along with the `gcc` dependency. * The `openssl-sys` build script was completely rewritten * Now uses `OPENSSL_DIR` to find the installation, not include/lib env vars. * Better error messages for mismatched versions. * Better error messages for failing to find OpenSSL on a platform (more can be done here) * Probing of OpenSSL build-time configuration to inform the API of the `-sys` crate. Many Cargo features have been removed as they're now enabled by default. As this is a breaking change to both the `openssl` and `openssl-sys` crates this will necessitate a major version bump of both. There's still a few more API questions remaining but let's hash that out on a PR! Closes #452	2016-10-12 22:49:55 -07:00
Steven Fackler	cd69343d67	Fix SslContext::add_extra_chain_cert SSL_CTX_add_extra_chain_cert assumes ownership of the certificate, so the method really needs to take an X509 by value. Work around this by manually cloning the cert. This method has been around for over a year but I'm guessing nobody actually used it since it produces a nice double free into segfault!	2016-08-17 19:30:57 -07:00
Steven Fackler	80ed1ef8ab	Ignore flickering test on windows	2016-08-16 22:41:36 -07:00
Steven Fackler	6b12a0cdde	PKCS #12 support	2016-08-14 11:11:26 -07:00
Steven Fackler	ad4a8cc140	More test fixes	2016-08-14 11:05:53 -07:00
Steven Fackler	3876332734	Fix tests	2016-08-14 10:29:55 -07:00
Steven Fackler	773a6f0735	Start on PKCS #12 support	2016-08-14 10:11:38 -07:00
Steven Fackler	5042d3d170	Mangle c helper functions We want to make sure that multiple openssl versions can coexist in the same dependency tree. Closes #438	2016-08-13 12:05:29 -07:00
Steven Fackler	b21805f541	Fix tests	2016-08-10 22:10:32 -07:00
Steven Fackler	0359afb99e	Little tweaks	2016-08-10 22:02:36 -07:00
Steven Fackler	59fe901357	Method renames	2016-08-10 21:28:17 -07:00
Steven Fackler	5e6b8e68fd	More API cleanup	2016-08-10 21:07:41 -07:00
Steven Fackler	0854632ff5	Make c_helpers optional	2016-08-09 22:02:49 -07:00
Steven Fackler	2f46c793e5	Remove rust_SSL_clone	2016-08-09 21:23:54 -07:00
Steven Fackler	25752280ae	Move init to crate root	2016-08-07 22:09:19 -07:00
Steven Fackler	79602b6af4	get_error -> error	2016-08-07 21:34:58 -07:00
Steven Fackler	5af01a5dbd	Clean up asn1time	2016-08-06 22:23:03 -07:00
Steven Fackler	fe47e93f2f	Fix pkey method safety	2016-08-05 21:04:40 -07:00
Steven Fackler	b4145c6fa5	Clean up x509	2016-08-05 20:55:05 -07:00
Steven Fackler	c47be8b14b	Move SSL_CTX_set_ecdh_auto to -sys	2016-08-04 22:52:40 -07:00
Steven Fackler	ee67ea8ea0	Mvoe SSL_CTX_add_extra_chain_cert to -sys	2016-08-04 22:46:47 -07:00
Steven Fackler	378b86326c	Move SSL_CTX_set_tmp_dh to -sys	2016-08-04 22:43:24 -07:00
Steven Fackler	7fb7f4671d	Move SSL_CTX_set_read_ahead to -sys	2016-08-04 22:40:01 -07:00
Steven Fackler	77dbab2cad	Move SSL_CTX_set_tlsext_servername_callback to -sys	2016-08-04 22:37:39 -07:00
Steven Fackler	c2a7c5b7f0	Move SSL_set_tlsext_host_name to -sys	2016-08-04 22:28:33 -07:00
Steven Fackler	b29ea62491	Move BIO macros into -sys	2016-08-04 22:22:55 -07:00
Steven Fackler	dd16f64f89	Stop once-ing init wrapper The underlying function already once-s itself	2016-08-04 22:15:50 -07:00
Steven Fackler	17474520bc	Support basic SSL options without C shims	2016-08-04 22:14:18 -07:00
Steven Fackler	abacc8bb18	Define SSL_CTX_set_mode in openssl-sys	2016-08-02 22:14:44 -07:00
Steven Fackler	08e27f31ed	Restructure PEM input/output methods Dealing with byte buffers directly avoids error handling weirdness and we were loading it all into memory before anyway.	2016-08-02 20:49:28 -07:00
Steven Fackler	2574bff52d	Merge pull request #432 from alexcrichton/mid-handshake Add MidHandshakeSslStream	2016-07-31 16:20:10 -07:00
Alex Crichton	3539be3366	Add MidHandshakeSslStream Allows recognizing when a stream is still in handshake mode and can gracefully transition when ready. The blocking usage of the API should still be the same, just helps nonblocking implementations!	2016-07-31 16:01:06 -07:00

1 2 3 4 5 ...

329 Commits