23bab6336e
Add a parameter to servername
2017-12-28 10:18:23 -08:00
7fbda61609
Overhaul ALPN
...
There was previously a lot of behind the scenes magic. We now bind much
more directly to the relevant functions.
Also remove APN support. That protocol is supersceded by ALPN - let's
see if anyone actually needs to use it.
2017-12-27 16:24:01 -07:00
52a06adc08
Overhaul ssl error
2017-12-26 21:03:49 -07:00
129b6b9d84
Overhaul verify error type
...
Also set the error in the hostname verification callback for 1.0.1
2017-12-26 14:43:10 -07:00
19dc6ce1eb
Adjust SslConnector and SslAcceptor construction
2017-12-26 10:39:21 -07:00
ce0641f093
Drop Any bounds
2017-12-26 08:55:12 -07:00
3744e31e16
Fix a bunch of FIXMEs
2017-12-25 21:44:41 -07:00
7d0c6c9442
Fix tests
2017-12-25 20:32:06 -07:00
77448362ce
Rename X509FileType to X509Filetype
2017-12-25 19:57:02 -07:00
3eab162dc2
Move to associated consts
2017-12-25 19:56:27 -07:00
bbae793eb3
Upgrade bitflags to 1.0
...
Closes #756
2017-12-25 19:38:11 -07:00
4b732dad19
Fix link
2017-12-09 15:50:23 -08:00
3207e57a09
Finish documentation for the ssl module
...
Closes #727
2017-12-04 22:15:56 -08:00
bf70d3dd71
Docs for the ssl module.
...
cc #727
2017-12-03 23:10:56 -08:00
e9ad9f1afd
Upgrade foreign-types
...
foreign-types 0.3 and 0.2 now share the same types and traits, so this
is backwards compatible.
2017-11-26 17:07:24 -07:00
de987f20c8
Revert "Update foreign-types to 0.3"
2017-11-21 08:51:37 -08:00
93be1c4f2f
Update foreign-types to 0.3
2017-11-21 09:17:39 +01:00
55bf390dbe
Adjust libressl version detection
...
The 2.5.3+ and 2.6.3+ series are ABI-stable, so we don't need to
whitelist individual releases in those ranges.
2017-11-13 21:51:55 -08:00
6257835757
Add support for LibreSSL 2.6.3
2017-11-13 09:51:17 -05:00
8830bd5daf
Add a couple of FIXMEs
2017-11-05 10:47:05 -08:00
a1a3219483
Handle local retries
...
OpenSSL can return SSL_ERROR_WANT_READ even on blocking sockets after
renegotiation or heartbeats. Heartbeats ignore the flag that normally
makes these things handled internally anyway on 1.0.2. To handle this
more properly, we now have a special error type we use to signal this
event. The `Read` and `Write` implementation automatically retry in this
situation since that's what you normally want. People can use `ssl_read`
and `ssl_write` if they want the lower level control.
Closes #760
2017-11-04 13:32:18 -07:00
d5299a8d2b
Fixed a typo in an error message, WANT_WRITE -> WANT_READ
2017-10-17 20:06:35 -05:00
ff8f54812c
Merge pull request #752 from chrisvittal/libressl262
...
Add support for LibreSSL 2.6.2
2017-10-03 22:11:29 -07:00
1308cb2b52
Fix cfgs for libressl262
2017-10-04 00:53:09 -04:00
b5bb8de4f2
Convert try! usage to ?
2017-10-03 17:44:02 -04:00
5091830379
openssl: libressl 2.6.1 dropped suuport for npn
...
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2017-09-17 19:46:05 +02:00
c2164a4864
Add peer_cert_chain
2017-07-29 10:34:10 -07:00
374ad206d5
Use foreign-type's Opaque
2017-07-15 21:53:49 -07:00
bcd0dcafcb
Rustfmt
2017-07-15 21:46:11 -07:00
5c2410c38a
Init before creating ex indexes
2017-07-15 18:58:24 -07:00
fd52bbe85c
Add an API to install extra data
2017-07-15 16:50:36 -07:00
e3c7a2785c
Move callbacks to a submodule
2017-07-15 16:50:36 -07:00
279bffccf5
Merge pull request #641 from luser/psk
...
Expose PSK via a SslContextBuilder::set_psk_callback method
2017-07-04 18:19:17 -10:00
240eb9731f
Properly reexport ConnectConfiguration
2017-06-14 19:54:09 -07:00
4de58596d9
Make some changes for review comments
2017-06-02 08:20:03 -04:00
3028958bf6
Little docs fix
2017-05-29 21:11:49 -07:00
c89af1d5f8
Add a fixme
2017-05-29 18:04:32 -07:00
16183f41f6
Expose PSK via a SslContextBuilder::set_psk_callback method
2017-05-26 14:51:04 -04:00
27728f6fd9
Update bitflags 0.8 -> 0.9
2017-05-22 12:44:22 +03:00
c8d1698f27
Logic to support client-side session reuse
2017-03-25 19:30:01 -07:00
618cc70d19
Add a fixme to drop const prefixes
2017-02-19 14:24:05 -08:00
710a30bb40
Tweaks
2017-02-18 21:58:38 -08:00
88740c1374
add Ok to result
2017-02-16 19:59:02 -08:00
323a646383
only forget in non-error condition
2017-02-16 19:50:58 -08:00
eef5b5d2ac
review fixes: reorder forget()
2017-02-16 19:49:14 -08:00
d080c10910
fix cfg options for v102 and v110
2017-02-16 19:49:14 -08:00
f8298882a4
add set_verify_cert_store() to ssl ctx
2017-02-16 19:49:14 -08:00
f2c69ae7e9
Merge remote-tracking branch 'origin/master' into x509-builder
2017-02-11 10:13:00 -08:00
12ae31ad47
Switch to foreign_types
2017-02-03 23:03:35 -08:00
722bdb6a4c
Merge pull request #550 from Keruspe/master
...
LibreSSL support improvements
2017-01-22 18:39:34 +00:00
920ab0d6fb
OCSP functionality
2017-01-14 21:09:38 -08:00
1942977408
Add methods to construct SslAcceptorBuilder without key and cert
...
This will allow, in particular, initialization directly from files
rather than having to load and parse them manually.
2017-01-08 10:57:04 -08:00
0978f87095
libressl: make set_ecdh_auto available
...
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2017-01-05 20:47:01 +01:00
404e0341d8
Provide master key access
2017-01-04 22:01:30 -08:00
0b1bfee46d
session is nullable
2017-01-04 21:15:09 -08:00
5d53405597
Provide access to the session ID
2017-01-04 21:11:06 -08:00
88a7032f4b
Types and accessor for SslSession
2017-01-04 20:59:46 -08:00
7e035a7fd1
Merge pull request #538 from semarie/libressl
...
Add LibreSSL support
2016-12-22 11:59:19 -05:00
b3526cbd2b
Add LibreSSL 2.5.0 support
2016-12-21 09:27:12 +01:00
8e01f8d250
Handle zero-length reads/writes
...
This commit adds some short-circuits for zero-length reads/writes to
`SslStream`. Because OpenSSL returns 0 on error, then we could mistakenly
confuse a 0-length success as an actual error, so we avoid writing or reading 0
bytes by returning quickly with a success.
2016-12-20 15:52:18 -08:00
234f126d7d
Cleanup
2016-11-27 21:00:59 -08:00
6794a45d60
Rename ec_key to ec
2016-11-14 22:37:01 +01:00
96d24c8957
Add SslRef::set_{tmp_dh,tmp_ecdh,ecdh_auto}
2016-11-12 13:45:54 +00:00
780c46e0e7
Add SslRef::set_tmp_{ec,}dh_calback
2016-11-12 12:56:58 +00:00
563754fb08
Add SslContextBuilder::set_tmp_{ec,}dh_callback
2016-11-12 12:43:44 +00:00
26a3358a2b
Add basic X509_STORE access
...
There's more to do here, but this enabled addition of trusted CAs from
X509 objects.
Closes #394
2016-11-12 00:24:12 +00:00
898e7f02df
Fix EOF detection
...
See https://github.com/openssl/openssl/issues/1903 for details
2016-11-11 15:10:30 +00:00
597d05b8f8
Add stack creation and push
2016-11-06 23:46:42 -08:00
1edb6f682e
Support client CA advertisement
2016-11-06 12:17:14 -08:00
a4e0581e4f
Fix build on 1.0.1
2016-11-06 11:57:50 -08:00
bcb7b3f5dc
Add accessors for cert and private key
...
Closes #340
2016-11-06 10:46:38 -08:00
79e2004eef
Fixes
2016-11-05 19:28:17 -07:00
01ae978db0
Get rid of Ref
...
There's unfortunately a rustdoc bug that causes all methods implemented
for any Ref<T> to be inlined in the deref methods section :(
2016-11-04 17:16:59 -07:00
6fe7dd3024
Remove an enum
2016-11-03 22:45:54 -07:00
cd7fa9fca2
Update x509
2016-10-31 20:54:34 -07:00
ff12d37aef
Update ssl
2016-10-31 20:32:55 -07:00
16e398e005
Update verify
2016-10-31 20:19:59 -07:00
f640613863
Update PKey
2016-10-31 20:12:55 -07:00
d6579ab058
Update EcKey
2016-10-31 20:06:06 -07:00
28f375974a
Convert Dh
2016-10-31 20:02:24 -07:00
006da59285
Return an SslRef
2016-10-30 22:42:32 -07:00
558124b755
Expose SSL_MODEs
2016-10-30 22:02:26 -07:00
e0211dac30
Rename set_CA_file
2016-10-30 21:39:26 -07:00
5b0fc9a185
Impl Sync and Send for SslContextBuilder
2016-10-30 20:34:35 -07:00
add8e4023e
Rename connectors
2016-10-30 19:39:18 -07:00
bd457dba18
Move HandshakeError to submodule
2016-10-30 17:23:03 -07:00
f75f82e466
Rustfmt
2016-10-30 16:37:45 -07:00
7d13176cd1
Rename nwe to mozilla_intermediate
2016-10-30 14:34:05 -07:00
43b430e5b0
Pass SslMethod into constructors
2016-10-30 14:26:28 -07:00
677718f8da
Configure ECDH parameters in connector
2016-10-30 13:38:09 -07:00
23fe1e85e9
Pull Curl's CA list for Windows tests
2016-10-29 18:17:46 -07:00
761dd780c1
Add module level docs
2016-10-29 18:04:38 -07:00
e72533c058
Docs for connectors
2016-10-29 15:00:46 -07:00
57d10ebbc3
Add PKeyRef
2016-10-29 14:19:09 -07:00
4c7a5a418e
Implement client and server connectors
2016-10-29 14:02:26 -07:00
dafb46fc51
Camel case DH
2016-10-27 20:26:18 -07:00
781417d50f
Add a macro definition
2016-10-27 19:12:55 -07:00
8e129af256
Fix description
2016-10-26 22:15:41 -07:00
63b1ec1a12
Stop returning an Option from cipher description
2016-10-26 22:13:10 -07:00
ebc4c56c34
Add SslMethod::from_ptr
2016-10-26 20:43:43 -07:00
f4b7006771
Don't allow mutation of SslContexts
...
SslContext is reference counted and the various setter methods don't
take out locks where necessary. Fix this by adding a builder for the
context.
2016-10-25 23:12:56 -07:00
39279455c8
Add a shutdown method
2016-10-25 20:40:18 -07:00
eb655bddbc
Fix ordering
2016-10-25 20:01:28 -07:00
938fdd7137
Add into_error
2016-10-23 21:54:49 -07:00
ca71e00878
Fix Send + Sync-ness of SslStream
2016-10-23 20:55:31 -07:00
98b7f2f935
Flatten crypto module
2016-10-22 09:16:38 -07:00
9be0aab9ac
Borrow compression string
2016-10-21 21:46:32 -07:00
f1c68e3544
Rename SslContextOptions
2016-10-21 21:22:05 -07:00
8ec53eb0e1
Fix X509StoreContext
2016-10-21 20:59:07 -07:00
02b4385c5d
Convert X509VerifyParamRef
2016-10-21 19:58:06 -07:00
f0cde38929
Borrowed servername
2016-10-21 19:54:30 -07:00
fcb86b8394
Convert SslCipherRef
2016-10-21 19:45:46 -07:00
2bbeddd14a
Convert SslRef
2016-10-21 19:33:56 -07:00
fe98a90719
Convert SslContextRef
2016-10-21 19:15:09 -07:00
bd0c0c60bd
Store a MidHandshakeSslStream in fatal errors
...
This in particular allows the X509 verification error to be retrieved,
as well as the stream itself.
2016-10-20 20:57:53 -07:00
8f3511c0cd
Redo SslStream construction
...
SslStream is now constructed via methods on Ssl. You realistically want
to create an Ssl for SNI and hostname verification so making it harder
to construct a stream directly from an SslContext is a good thing.
2016-10-20 19:59:09 -07:00
5ab037f056
Allow the X509 verify error to be read from an SslRef
2016-10-18 22:21:06 -07:00
c4459c37d9
Callback cleanup
2016-10-18 21:13:13 -07:00
f7e6d7fce6
Don't ignore errors in NPN/ALPN logic
...
Closes #479
2016-10-18 21:12:55 -07:00
194298a057
Implement new feature setup
...
The basic idea here is that there is a feature for each supported
OpenSSL version. Enabling multiple features represents support for
multiple OpenSSL versions, but it's then up to you to check which
version you link against (probably by depending on openssl-sys and
making a build script similar to what openssl does).
2016-10-17 21:57:54 -07:00
b7400d56e8
Fix algorithm field
2016-10-16 23:22:00 -07:00
78daed2d58
ssl error handling cleanup
2016-10-16 20:14:04 -07:00
6ea551dc82
Fix set_read_ahead signature
2016-10-15 16:53:10 -07:00
ee18988584
De-enumify SslMethod
2016-10-15 16:10:03 -07:00
f520aa2860
Handle OPENSSL_NO_COMP
...
Closes #459
2016-10-14 20:50:45 -07:00
d976b8f595
Enable hostname verification on 1.0.2
2016-10-14 18:56:15 -07:00
af51b263b1
Support hostname verification
...
Closes #206
2016-10-14 17:39:31 -07:00
f44cff29e6
Cleanup
2016-10-13 22:34:39 -07:00
edfc50f37d
Clean up features
2016-10-13 19:46:13 -07:00
b610e01793
Flag off dtls and mask ssl_ops
...
Also un-feature gate npn as it ships with 1.0.1
2016-10-13 19:06:53 -07:00
af3e06d3e8
Add remaining SSL_OP constants
2016-10-12 22:50:08 -07:00
43c951f743
Add support for OpenSSL 1.1.0
...
This commit is relatively major refactoring of the `openssl-sys` crate as well
as the `openssl` crate itself. The end goal here was to support OpenSSL 1.1.0,
and lots of other various tweaks happened along the way. The major new features
are:
* OpenSSL 1.1.0 is supported
* OpenSSL 0.9.8 is no longer supported (aka all OSX users by default)
* All FFI bindings are verified with the `ctest` crate (same way as the `libc`
crate)
* CI matrixes are vastly expanded to include 32/64 of all platforms, more
OpenSSL version coverage, as well as ARM coverage on Linux
* The `c_helpers` module is completely removed along with the `gcc` dependency.
* The `openssl-sys` build script was completely rewritten
* Now uses `OPENSSL_DIR` to find the installation, not include/lib env vars.
* Better error messages for mismatched versions.
* Better error messages for failing to find OpenSSL on a platform (more can be
done here)
* Probing of OpenSSL build-time configuration to inform the API of the `*-sys`
crate.
* Many Cargo features have been removed as they're now enabled by default.
As this is a breaking change to both the `openssl` and `openssl-sys` crates this
will necessitate a major version bump of both. There's still a few more API
questions remaining but let's hash that out on a PR!
Closes #452
2016-10-12 22:49:55 -07:00
cd69343d67
Fix SslContext::add_extra_chain_cert
...
SSL_CTX_add_extra_chain_cert assumes ownership of the certificate, so
the method really needs to take an X509 by value. Work around this by
manually cloning the cert.
This method has been around for over a year but I'm guessing nobody
actually used it since it produces a nice double free into segfault!
2016-08-17 19:30:57 -07:00
6b12a0cdde
PKCS #12 support
2016-08-14 11:11:26 -07:00
5042d3d170
Mangle c helper functions
...
We want to make sure that multiple openssl versions can coexist in the
same dependency tree.
Closes #438
2016-08-13 12:05:29 -07:00
0359afb99e
Little tweaks
2016-08-10 22:02:36 -07:00
59fe901357
Method renames
2016-08-10 21:28:17 -07:00
5e6b8e68fd
More API cleanup
2016-08-10 21:07:41 -07:00
0854632ff5
Make c_helpers optional
2016-08-09 22:02:49 -07:00
2f46c793e5
Remove rust_SSL_clone
2016-08-09 21:23:54 -07:00
25752280ae
Move init to crate root
2016-08-07 22:09:19 -07:00
5af01a5dbd
Clean up asn1time
2016-08-06 22:23:03 -07:00
fe47e93f2f
Fix pkey method safety
2016-08-05 21:04:40 -07:00
b4145c6fa5
Clean up x509
2016-08-05 20:55:05 -07:00
c47be8b14b
Move SSL_CTX_set_ecdh_auto to -sys
2016-08-04 22:52:40 -07:00
ee67ea8ea0
Mvoe SSL_CTX_add_extra_chain_cert to -sys
2016-08-04 22:46:47 -07:00
378b86326c
Move SSL_CTX_set_tmp_dh to -sys
2016-08-04 22:43:24 -07:00
7fb7f4671d
Move SSL_CTX_set_read_ahead to -sys
2016-08-04 22:40:01 -07:00
77dbab2cad
Move SSL_CTX_set_tlsext_servername_callback to -sys
2016-08-04 22:37:39 -07:00
c2a7c5b7f0
Move SSL_set_tlsext_host_name to -sys
2016-08-04 22:28:33 -07:00
Steven Fackler