7b0b70bd13
Release v0.6.5
2015-08-31 19:10:27 -07:00
9add4e1001
Add support for set_tmp_dh() and RFC5114 DH parameters for forward secrecy.
...
rust-openssl didn't support forward secrecy at all.
This adds support for DHE, by exposing set_tmp_dh() as well as the RFC5114
parameters, which are conveniently exposed since OpenSSL 1.0.2.
With OpenSSL >= 1.0.2, and the rfc5114 feature gate, enabling DHE is as simple
as (here for 2048-bit MODP group with 256-bit prime order subgroup):
use openssl::dh::DH;
let dh = DH::get_2048_256().unwrap();
ctx.set_tmp_dh(dh).unwrap();
With OpenSSL < 1.0.2, DH::from_params() can be used to manually specify the
DH parameters (here for 2048-bit MODP group with 256-bit prime order subgroup):
use openssl::bn::BigNum;
use openssl::dh::DH;
let p = BigNum::from_hex_str("87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F25D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA3016C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0EF13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D967E144E5140564251CCACB83E6B486F6B3CA3F7971506026C0B857F689962856DED4010ABD0BE621C3A3960A54E710C375F26375D7014103A4B54330C198AF126116D2276E11715F693877FAD7EF09CADB094AE91E1A1597").unwrap();
let g = BigNum::from_hex_str("3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF205407F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC831D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6184B523D1DB246C32F63078490F00EF8D647D148D47954515E2327CFEF98C582664B4C0F6CC41659").unwrap();
let q = BigNum::from_hex_str("8CF83642A709A097B447997640129DA299B1A47D1EB3750BA308B0FE64F5FBD3").unwrap();
let dh = DH::from_params(p, g, q).unwrap();
ctx.set_tmp_dh(dh).unwrap();
2015-08-31 23:12:57 +02:00
dc8cba4822
Merge pull request #251 from ebarnard/evp_bytestokey
...
Expose EVP_BytesToKey
2015-08-23 13:37:55 -04:00
8067565707
Expose EVP_BytesToKey
...
This is based on work by pyrho.
Closes #88
2015-08-23 17:08:18 +07:00
4cb68efd99
Merge pull request #253 from manuels/master
...
Add get_state_string()
2015-08-19 02:31:15 -04:00
3fe3d57976
Add get_state_string()
2015-08-17 19:01:43 +02:00
769b8312d8
Merge pull request #240 from jethrogb/topic/x509_req_extension
...
Implement certificate extensions for certificate requests
2015-08-15 16:04:42 -04:00
a10604e15d
Merge pull request #243 from manuels/master
...
Fix probelms with DTLS when no packets are pending.
2015-08-02 22:27:19 -04:00
02dc3eda2f
Merge pull request #242 from awelkie/master
...
Added AES CTR-mode under feature flag.
2015-08-02 22:25:09 -04:00
ab7bfad225
Add function to write RSA public key as PEM
2015-07-23 22:30:07 -07:00
a43011d77c
Fix probelms with DTLS when no packets are pending.
...
When using DTLS you might run into the situation where no packets
are pending, so SSL_read returns len=0. On a TLS connection this
means that the connection was closed, but on DTLS it does not
(a DTLS connection cannot be closed in the usual sense).
This commit fixes a bug introduced by c8d23f3
2015-07-18 13:00:34 +02:00
b478c29151
Added AES CTR-mode under feature flag.
2015-07-15 20:45:18 -04:00
90dd54b541
Implement certificate extensions for certificate requests
2015-07-08 13:37:35 -07:00
0cb4368ef8
Merge pull request #221 from jethrogb/topic/ssl_options
...
Several SSL option fixes
2015-07-08 10:20:33 -07:00
3229296105
Merge pull request #233 from jethrogb/topic/x509_extension
...
Allow setting of arbitrary X509 extensions
2015-07-08 03:10:40 -04:00
cc497b4768
Release v0.6.4
2015-07-06 11:09:03 -07:00
6a725acf4d
Remove #ifs for same-value shimmed SSL options. Depend on compiler optimization instead.
2015-07-01 21:49:27 -07:00
aeefa364b7
Decouple C SSL Option bit flags from Rust version
...
The OpenSSL "SSL_OP_*" flags are in constant flux between different OpenSSL
versions. To avoid having to change the Rust definitions, we implement our
own numbering system in Rust, and use an automatically-generated C shim to
convert the bitflags at runtime.
2015-07-01 21:49:11 -07:00
b46574b635
Add arbitrary X509 extensions by OID string
2015-07-01 00:18:45 -07:00
01e01e3747
ssl: support ALPN
...
Heavily based on the existing NPN wrapping code. Naming of public
functions is identical to the NPN ones with `s/npn/alpn/` applied to
prevent devs from needing to remember 2 names (and to let my copy the
npn tests and perform the subistution to generate the apln tests).
It might make sense to (at some point) use macros or a trait to cut down
the duplication.
2015-06-29 10:58:45 -04:00
6e43f5c0d4
Modernize cargo directives
2015-06-28 19:41:52 -07:00
d465f6c5bb
Don't use pkg-config on windows
2015-06-28 19:28:28 -07:00
0cff370f1d
Reduce SslStream constructor duplication
2015-06-27 21:40:00 -07:00
9d0acfe615
Fix set_hostname
...
It was previously failing to null terminate the hostname string (was
anyone actually using this?). Also move the macro expansion to the C
shim.
2015-06-27 19:37:45 -07:00
cb7248d8cb
Import shim'd HMAC stuff with the original name
2015-06-27 15:23:19 -07:00
d0b769c93c
Move macro replicas into C shim
2015-06-27 15:11:11 -07:00
524c1e63aa
Release v0.6.3
2015-06-25 23:22:04 -07:00
c8d23f37a4
Fix EOF handling in retry wrapper
2015-06-25 22:47:53 -07:00
27b0e4d7af
Don't ignore environment variables if building with mingw
2015-06-15 19:13:30 +03:00
c532c1992e
Added support for building on Windows with MinGW
2015-06-10 03:37:01 +03:00
c1232f3035
Implement limited X509_REQ functionality
2015-05-28 00:22:14 -07:00
3727c4cefb
Merge pull request #211 from bozaro/redefine_libs
...
Add ability to redefine library list via OPENSSL_LIBS environment variable
2015-05-17 14:28:27 -04:00
2a5bc20b78
Remove MSYSTEM environment variable check
2015-05-15 09:50:57 +03:00
d723481f77
Fix doc root
2015-05-13 16:31:27 -07:00
59c8a88839
Add ability to redefine library list via OPENSSL_LIBS environment variable.
...
It's usefull for compiling with MinGW-w64 installed via MSYS2 (https://wiki.qt.io/MSYS2 ).
2015-05-07 16:57:07 +03:00
8a9aa0c657
Merge pull request #210 from manuels/pending
...
Add SslStream.pending()
2015-05-05 22:57:14 -04:00
fb2822d5c7
Merge pull request #201 from manuels/pkey_cmp
...
Add comparison for PKeys
2015-05-04 10:19:13 -07:00
d044d87c1b
Release v0.6.2
2015-05-01 10:43:54 -07:00
c8fae312ad
Add SslStream.pending()
2015-04-30 20:00:30 +02:00
bce84a6d53
Release v0.6.1
2015-04-22 15:08:56 -07:00
c55d410829
Fixes for Native Client.
2015-04-18 23:03:11 -05:00
123d400277
Add comparison for PKeys
2015-04-16 17:14:21 +02:00
1aab7b3c54
Merge pull request #199 from CarlColglazier/patch-1
...
Fix documentation URL for openssl-sys.
2015-04-15 23:37:08 -04:00
7db00b97ba
Add X509::public_key()
2015-04-15 22:59:07 +02:00
f006356d1d
Fix documentation URL for openssl-sys.
2015-04-15 08:42:46 -04:00
912cacf4bc
Fix rebase errors
2015-04-06 12:26:10 +02:00
dbef985e32
Move connected_socket to its own crate and fix SSL_CTX_set_read_ahead()
2015-04-06 12:23:11 +02:00
664600eadf
Add DTLSv1 and DTLSv1.2 support
2015-04-06 12:22:50 +02:00
5408b641dd
Add connect() support for UDP sockets
2015-04-06 12:14:36 +02:00
51dd12934a
Release v0.6.0
2015-04-05 16:50:37 -07:00
36f264551a
Merge pull request #186 from manuels/set_raw_key
...
Use raw keys and certs in SslContext
2015-04-05 16:45:24 -07:00
ed97463346
Release v0.5.5
2015-04-03 08:44:34 -07:00
b6c5c113f5
Add SslContext::add_extra_chain_cert()
2015-04-03 14:34:24 +02:00
632d8398cf
Add ability to load private keys from files and use raw keys and certificates for SslContext
2015-04-03 14:34:24 +02:00
b42202b858
Change SslVerifyMode to bitflags and add SSL_VERIFY_FAIL_IF_NO_PEER_CERT
...
SslVerifyMode was changed to bitflags to allow for bitwise operations
like (SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT).
2015-04-03 14:34:24 +02:00
293f1ce5b1
Fixup for beta
...
Add derive(Clone) and don't negate unsigned numbers
2015-04-02 18:14:51 -07:00
368c0a18ee
Release v0.5.4
2015-04-02 11:17:31 -07:00
19a24b80e9
Fix doctest errors
2015-04-02 11:15:59 -07:00
24b876521b
rustup: changes to io::Error
2015-04-02 11:12:18 -07:00
a2199e0132
Release v0.5.3
2015-03-29 10:22:09 -07:00
73a5276d47
Release v0.5.2
2015-03-25 11:38:04 -07:00
5a80cc8aae
Update to rust master
2015-03-25 10:51:28 -07:00
f09cfdfdd5
openssl-sys: Add TLS extension constants
2015-03-23 08:14:47 +01:00
b96bbf6961
openssl-sys: Add NPN functions and constants
2015-03-23 08:14:47 +01:00
2560ccb330
Remove usage of unstable features in openssl-sys
2015-03-16 11:05:29 -07:00
a65b03c89e
Fix warnings
2015-03-10 19:38:44 -07:00
8b8736fb46
Merge pull request #172 from reaperhulk/add-ssl-ctx-set-get-options
...
add support for SSL_CTX_set_options and SSL_CTX_get_options
2015-03-07 08:43:30 -08:00
1c9b8a029b
Cut down on unstable features in openssl-sys
...
* Move from `old_path` to `path` (leveraging the `fs` feature as well)
* Move from `StaticMutex` to `Mutex<()>` as they're dynamically initialized
2015-03-04 14:14:05 -08:00
5154581c32
Release v0.5.0
2015-02-27 19:49:01 -08:00
1b4a2eef0e
Switch to cargo liblibc
2015-02-24 21:47:30 -08:00
8940bd767b
add support for SSL_CTX_clear_options and use bitflags
2015-02-23 19:39:23 -06:00
06ba41ad47
add support for SSL_CTX_set_options and SSL_CTX_get_options
...
fixes #168
2015-02-22 15:45:00 -06:00
ebd9062933
Use new path API in buildscript
2015-02-22 11:14:20 -08:00
81c057b7b9
Relase v0.4.3
2015-02-20 13:47:02 -08:00
19488f711d
Fix warning
2015-02-19 09:15:18 -08:00
9ca965231c
Release v0.4.2
2015-02-19 09:14:25 -08:00
6bfc4d986b
Fix warnings
2015-02-19 09:13:22 -08:00
bb2fe87d03
Fix debuginfo ICE for now
2015-02-19 07:39:40 -08:00
d3e48fa131
Release v0.4.1
2015-02-16 23:29:42 -08:00
4350298a52
Release v0.4.0
2015-02-13 23:36:34 -08:00
2fa1571e2e
Remove deprecated functions from openssl-sys
2015-02-13 23:31:00 -08:00
c424931c75
Don't use pkg-config if any overrides are passed
2015-02-13 23:02:08 -08:00
c4f8427bfd
Stop hardcoding things in openssl-sys build.rs
...
This more properly handles Windows builds as well as cross compiles.
2015-02-13 22:33:31 -08:00
15ff737b8c
Ask openssl what version it is
2015-02-13 21:39:41 -08:00
9cb3b44e9a
Oops, pass include dirs through for 1.0.0 versions too
2015-02-13 10:52:14 -08:00
94d7c1ff88
Fix shim builds
...
gcc-rs adds the proper link commands for us
2015-02-13 10:29:22 -08:00
d4c5bafa19
Pass include directories to gcc
2015-02-12 18:41:51 -08:00
24b4df49d0
Make it safer
2015-02-13 06:22:48 +08:00
40f5227064
Fix Windows build
2015-02-13 05:50:21 +08:00
a87decff0e
Release v0.3.6
2015-02-12 13:23:13 -08:00
d20bdfe551
Fix for upstream change
2015-02-12 13:21:53 -08:00
12d30628fe
Merge pull request #160 from globin/fix/rustup
...
rustup to current master
2015-02-12 13:20:32 -08:00
fabc1da31e
rustup to current master
2015-02-12 18:25:45 +01:00
9d0b3d1574
Move BSD special case after pkg-config lookups
...
Also give a better error message if we couldn't find anything
2015-02-12 09:23:46 -08:00
64287197a2
Release v0.3.5
2015-02-11 21:31:52 -08:00
4bdfe473c3
Merge pull request #159 from wg/master
...
Fix build on *BSD
2015-02-12 00:30:09 -05:00
dd261e4305
Add clarifying comment for BSD special case
2015-02-12 13:32:39 +09:00
5fdde8bda3
Fix build on *BSD
2015-02-12 13:05:46 +09:00
af0835a8fd
Releaes v0.3.4
2015-02-11 19:59:23 -08:00
e11bfa6f0c
Fix a bad fix :)
2015-02-11 21:29:07 +01:00
Steven Fackler