8461129456
Changes as per PR feedback
2018-03-08 17:42:15 +00:00
9e2755abae
Get curves for OpenSSL tests itself
2018-03-08 17:10:09 +00:00
0a38b5a9ef
Try out another curve
2018-03-08 16:56:40 +00:00
4b4d312018
Another try at using the correct curve
2018-03-08 16:46:31 +00:00
dcbb45cc9d
Implement AES-{128,256}-CCM bindings
2018-03-08 17:24:55 +01:00
d4de2a408f
Use examples listed in OpenSSL docs for testing
2018-03-08 16:12:35 +00:00
a5ba1a0007
Adds `RsaPssSaltlen` enum to encode the special values
2018-03-08 16:17:32 +01:00
b0ea53184d
Switches to newtype wrapper for Oid
2018-03-08 12:24:37 +01:00
1a0b085377
Extends the test to verify the certificate two times
2018-03-08 12:10:29 +01:00
810ddeb4ca
Moves `cleanup` into its own function
2018-03-08 12:08:39 +01:00
2d6cd9eb16
Exposed some of ECDSA functions
2018-03-08 09:44:05 +00:00
724dd6f830
Adds more functions to `Verifier`/`Signer` for RSA keys
2018-03-07 20:43:28 +01:00
84a5ce7607
Adds RSA PKCS1 PSS padding
2018-03-07 20:43:12 +01:00
9a8a1c752b
Adds `PKeyRef::get_id` to get the OID of a key
2018-03-07 18:42:13 +01:00
888f4ccaab
Fixes the implementation of `X509StoreContextRef::verify_cert`
...
The certificate, the store and the certificates chain does not need to be
consumed by `verify_cert` and instead are taken as references. We also call
`X509_STORE_CTX_cleanup`, after the verification succeeded.
2018-03-07 16:07:57 +01:00
53adf0e6a4
delay return until after forgets
2018-03-07 13:54:35 +01:00
6abac82f13
cleanup and add negative test
2018-03-07 13:54:35 +01:00
a1cfde765a
add cleanup ffi to store context
2018-03-07 13:54:15 +01:00
3187366cc5
restructure to self contained function
2018-03-07 13:53:29 +01:00
2251a6f2b6
Little tweaks
2018-03-07 13:51:58 +01:00
d8a11973e2
convert to raw pass-through methods
2018-03-07 13:51:58 +01:00
910386027d
add comment about consuming self in verify_cert
2018-03-07 13:50:12 +01:00
35cad33d51
fix error check
2018-03-07 13:50:12 +01:00
847fac25f8
properly version library functions
2018-03-07 13:48:09 +01:00
3595ff9e51
Fix memory mgmt
2018-03-07 13:42:39 +01:00
eb6296e892
add verify_cert and store_context_builder
2018-03-07 13:41:44 +01:00
f645165ee2
Remove the x509 module-level example
...
The example generated a bogus certificate that was missing a serial
number, a validity range, etc.
Generating a correct x509 certificate is complex enough that doing it
correctly is too long to be a reasonable doc example. There's already
a more complete example in the examples directory that handles things
more correctly.
Closes #859
2018-03-05 19:25:01 -08:00
f92de22b8d
Add SslOptions::ENABLE_MIDDLEBOX_COMPAT
2018-03-03 14:57:38 -08:00
b6985c7e8d
Release openssl v0.10.5
2018-02-28 14:33:04 -08:00
aa9addf532
Release openssl-sys 0.9.27
2018-02-28 14:31:23 -08:00
85d8db21d2
Always include something in ErrorStack's Display
...
The error stack can be empty after a some kinds of errors (AEAD
validation failure in Crypter is one example), and we don't want to
display as an empty string in that case.
2018-02-27 15:56:23 -08:00
b7ba577339
Add min/max protocol version support
2018-02-25 23:20:10 -08:00
d5dd6575c1
Restore error stack in cookie callback
2018-02-25 22:11:08 -08:00
e04dbfa3ee
Expose cookie generate/verify callback setters
2018-02-25 20:05:15 -08:00
cebfbd9a25
Merge pull request #850 from sfackler/put-error
...
Add the ability to push errors back onto the error stack.
2018-02-24 20:58:07 -08:00
5fd23d38d5
Add the ability to push errors back onto the error stack.
2018-02-24 20:46:03 -08:00
f72f35e9bd
Add RFC 5705 support
2018-02-23 22:04:57 -08:00
7e0591a377
Actually add version stuff
2018-02-21 23:25:28 -08:00
950c39c2e6
Merge pull request #840 from olehermanse/master
...
Add des_ede3_cbc cipher and more tests/examples
2018-02-21 23:03:33 -08:00
15048f4c02
Inline connector constants
2018-02-21 19:41:06 -08:00
6977e9e89f
Don't special case 1.0.1
...
It appears that 1.0.1's defaults are actually okay.
2018-02-21 18:44:04 -08:00
7e02c09861
Added example/test in symm.rs for encrypting a private key with a symmetric cipher
...
Signed-off-by: Ole Herman Schumacher Elgesem <oleherman93@gmail.com>
2018-02-21 13:16:04 +01:00
7192a5291f
Update SslConnector cipher list
...
Based off of python/cpython#3532 , we use OpenSSL's default cipher list
and turn of things we don't like. This can't be used with 1.0.1,
however, which had a poor default set. There, we use the old defaults,
with the bits that aren't implemented in 1.0.1 removed (namely TLSv1.3
suites and ChaCha).
2018-02-20 22:27:54 -08:00
69a91815b8
Release openssl v0.10.4
2018-02-18 10:50:13 -08:00
2daaf3fdea
Add some debugging-related bindings
2018-02-17 17:49:49 -08:00
90d5f85511
Add SSL_version binding
2018-02-17 13:44:21 -08:00
3f5e3f095e
Fix session cloning
2018-02-17 10:12:47 -08:00
e5123d266b
Bind remove and get session callbacks
2018-02-16 22:24:34 -08:00
4dffa0c33f
SSL session callbacks have always been around
2018-02-16 21:31:09 -08:00
8abc51c2b3
Fix symm decrypt documentation example
2018-02-16 11:59:47 +01:00
af4832e145
Doc tweak
2018-02-15 21:33:39 -08:00
a9d8bea33c
Add more session cache support
2018-02-15 21:30:20 -08:00
cc34a7149e
Add des_ede3_cbc cipher
...
Signed-off-by: Ole Herman Schumacher Elgesem <oleherman93@gmail.com>
2018-02-15 17:44:44 +01:00
f4ddd66b03
Tweak features
...
We should keep the version features totally separate for now.
2018-02-14 22:11:24 -08:00
e8fd63bae3
Fix tests for TLS 1.3
...
Google yells at you when using TLS 1.3 without SNI by sending a bogus
self-signed cert!
2018-02-14 19:36:11 -08:00
eb24a2157a
More tests for pem_pkcs1 methods
...
Signed-off-by: Ole Herman Schumacher Elgesem <oleherman93@gmail.com>
2018-02-15 03:02:58 +01:00
2765775535
OpenSSL 1.1.1 support
2018-02-13 22:31:37 -08:00
041d473c0a
Added binding for PEM_read_bio_RSAPublicKey
...
Signed-off-by: Ole Herman Schumacher Elgesem <oleherman93@gmail.com>
2018-02-14 02:08:01 +01:00
9f35b74c1d
Release openssl 0.10.3 and openssl-sys 0.9.25
2018-02-12 10:56:06 -08:00
b1ab0ec473
Don't leak X509s
2018-02-12 09:32:26 -08:00
2fd79b525e
Merge pull request #831 from apeduru/rsa-docs
...
Add RSA docs
2018-02-11 20:56:37 -08:00
a686ed7891
Use Padding constant in RSA docs example
2018-02-10 23:36:05 -05:00
fda5e50638
Merge pull request #833 from CmdrMoozy/des_ede3
...
Support EVP_des_ede3.
2018-02-04 17:36:31 -08:00
404bbeddfd
Support EVP_des_ede3.
...
This cipher is used, for example, for DES challenges for authenticating
against a Yubikey, so supporting it in rust-openssl is generally useful.
2018-02-04 13:17:09 -08:00
c9fed802b3
Add RSA docs
2018-01-25 14:46:45 -05:00
a6499d44bb
Merge pull request #824 from apeduru/pkey-docs
...
Add PKey docs
2018-01-24 11:00:07 -08:00
d3169a565e
Add HMAC to Pkey docs
2018-01-24 09:53:28 -05:00
81f7d17822
tests: if server failed to start, print exit code instead of timing out
...
```
% cargo +stable test --lib ssl::test::test_connect_with_alpn_successful_single_match --features=v102
Finished dev [unoptimized + debuginfo] target(s) in 0.0 secs
Running /Users/nga/devel/left/rust-openssl/target/debug/deps/openssl-a38e12a3527f6932
running 1 test
test ssl::test::test_connect_with_alpn_successful_single_match ... FAILED
failures:
---- ssl::test::test_connect_with_alpn_successful_single_match stdout ----
thread 'ssl::test::test_connect_with_alpn_successful_single_match' panicked at 'server exited: exit code: 1', src/ssl/test.rs:91:24
note: Run with `RUST_BACKTRACE=1` for a backtrace.
failures:
ssl::test::test_connect_with_alpn_successful_single_match
test result: FAILED. 0 passed; 1 failed; 0 ignored; 0 measured; 159 filtered out
```
2018-01-24 00:27:13 -08:00
6552a9cbfd
Print the public key in PKey example
2018-01-23 22:43:53 -05:00
60337266ab
add support for rfc822Name (email) and uniformResourceIdentifier (uri) to GeneralName
2018-01-15 11:22:29 -06:00
9943bb6869
Release openssl v0.10.2
2018-01-11 17:34:25 -08:00
692562470b
Add setters to ConnectConfiguration
2018-01-11 17:24:38 -08:00
be50654564
Release openssl v0.10.1
2018-01-10 22:30:08 -08:00
be1e787ce6
Add from conversion
...
This is needed for tokio-openssl
2018-01-10 22:26:32 -08:00
d85e2a2937
Release openssl 0.10.0
2018-01-10 22:08:11 -08:00
9a27bb2c03
Release openssl-sys v0.9.24
2018-01-10 22:06:55 -08:00
b9eace6569
Fix import in pkey docs
2018-01-07 14:17:03 -05:00
33ec3a5784
Missing colon
2018-01-07 14:15:17 -05:00
15420eb44a
Add Pkey docs
2018-01-07 14:13:17 -05:00
af7aa52364
Adjust the SNI callback
...
Brings it more in line with how the raw callback is structured.
2018-01-06 22:20:20 -08:00
f50dd20cb6
Fix docs
2018-01-06 21:42:37 -08:00
91e120ca95
Rename and document RSA accessors
2018-01-06 17:44:24 -08:00
05c5c422fd
Merge pull request #820 from sfackler/key-constructor-docs
...
Rename key serialization/deserialization methods
2018-01-06 17:14:51 -08:00
3c19702299
Rename key serialization/deserialization methods
...
Also document their specific formats.
Closes #502
2018-01-06 13:27:44 -08:00
45c15a65ad
FIPS mode support
...
Closes #818
2018-01-06 08:51:20 -08:00
753a7d07b1
Merge pull request #811 from apeduru/x509-docs
...
Add documentation for x509 module
2018-01-04 16:48:01 -08:00
c4620a30c6
Fix links in x509 module
2018-01-01 16:16:41 -05:00
c2430b87f7
Merge branch 'master' into x509-docs
2018-01-01 15:40:02 -05:00
1553447385
Misc cleanup
2018-01-01 12:23:41 -08:00
9043cf9aa7
Move X509Filetype to SslFiletype
...
These constants have the same values, but X509_FILETYPE_DEFAULT doesn't
work in the Ssl methods and using the SSL_* names is a bit less
confusing.
2018-01-01 11:50:07 -08:00
a4c9dd4af3
Fix x509 doc examples
2018-01-01 11:48:55 -05:00
bb5ab2b43f
Bump hex to 0.3
...
The `to_hex` method has been removed and `hex::encode` should be used
instead.
2018-01-01 17:38:38 +01:00
1a40795886
Add documentation for x509 module
2017-12-31 22:39:28 -05:00
d207897458
Parameterize keys over what they contain
...
Closes #790
2017-12-30 21:53:39 -08:00
89dd50b3ce
Add issuer name access.
...
Closes #808
2017-12-29 10:50:49 -08:00
1085e79447
Remove `SslRef::compression`
...
TLS compression is extremely deprecated, so no-one should be messing
with this in the first place.
2017-12-28 20:22:05 -08:00
23bab6336e
Add a parameter to servername
2017-12-28 10:18:23 -08:00
7fbda61609
Overhaul ALPN
...
There was previously a lot of behind the scenes magic. We now bind much
more directly to the relevant functions.
Also remove APN support. That protocol is supersceded by ALPN - let's
see if anyone actually needs to use it.
2017-12-27 16:24:01 -07:00
52a06adc08
Overhaul ssl error
2017-12-26 21:03:49 -07:00
f9866cd44f
Split X509StoreContextRef::ssl up
2017-12-26 14:53:35 -07:00
129b6b9d84
Overhaul verify error type
...
Also set the error in the hostname verification callback for 1.0.1
2017-12-26 14:43:10 -07:00
19dc6ce1eb
Adjust SslConnector and SslAcceptor construction
2017-12-26 10:39:21 -07:00
ce0641f093
Drop Any bounds
2017-12-26 08:55:12 -07:00
2adf2cf12b
Remove deprecated APIs
2017-12-25 22:09:27 -07:00
3744e31e16
Fix a bunch of FIXMEs
2017-12-25 21:44:41 -07:00
7cc6c9b2f2
Tweak default ssl options
2017-12-25 21:18:49 -07:00
7d0c6c9442
Fix tests
2017-12-25 20:32:06 -07:00
77448362ce
Rename X509FileType to X509Filetype
2017-12-25 19:57:02 -07:00
3eab162dc2
Move to associated consts
2017-12-25 19:56:27 -07:00
bbae793eb3
Upgrade bitflags to 1.0
...
Closes #756
2017-12-25 19:38:11 -07:00
2aaba8bd7a
Make Nid values associated constants
2017-12-25 19:19:47 -07:00
34d700309c
Clean up 1.0.1 hostname verification
2017-12-23 19:32:33 -07:00
196a855d2a
Allow SNI and hostname verification to be configured separately
...
Closes #728
2017-12-23 12:47:38 -08:00
43753698da
Impl Send + Sync for x509 stuff
2017-12-13 11:35:04 -05:00
4b732dad19
Fix link
2017-12-09 15:50:23 -08:00
48db60aca0
Release v0.9.23
2017-12-05 21:58:24 -08:00
3207e57a09
Finish documentation for the ssl module
...
Closes #727
2017-12-04 22:15:56 -08:00
bf70d3dd71
Docs for the ssl module.
...
cc #727
2017-12-03 23:10:56 -08:00
4a10c31219
Impl deref for acceptor/connector builders
2017-12-03 19:24:11 -08:00
531ca4a0fa
Documentation for the `sign` module.
...
Closes #720
2017-12-03 17:01:12 -08:00
1c4b933faf
Rename Signer::finish to sign_to_vec
2017-12-03 15:58:37 -08:00
3cd486d956
Clean up tests
2017-12-03 15:30:22 -08:00
13a13727e8
Merge pull request #785 from P-E-Meunier/split-signer-finish
...
Splitting the sign::Signer::finish function, to avoid allocations
2017-12-03 15:08:51 -08:00
9732264b51
Simplifying finish_into
2017-12-03 23:37:58 +01:00
905d3f716b
Splitting the sign::Signer::finish function, to avoid allocations
2017-12-03 12:10:21 +01:00
fccb2eab4e
Adding dp(), dq() and qi() methods to RSA, to get the CRT parameters back
2017-12-02 12:30:50 +01:00
fc08ffa1fe
bump lazy_static to 1
2017-11-30 17:41:58 +01:00
78ffe0a89c
Release openssl 0.9.22
2017-11-29 09:38:28 -08:00
e9ad9f1afd
Upgrade foreign-types
...
foreign-types 0.3 and 0.2 now share the same types and traits, so this
is backwards compatible.
2017-11-26 17:07:24 -07:00
de987f20c8
Revert "Update foreign-types to 0.3"
2017-11-21 08:51:37 -08:00
93be1c4f2f
Update foreign-types to 0.3
2017-11-21 09:17:39 +01:00
e221b76e28
Release v0.9.21
2017-11-17 09:11:06 -08:00
55bf390dbe
Adjust libressl version detection
...
The 2.5.3+ and 2.6.3+ series are ABI-stable, so we don't need to
whitelist individual releases in those ranges.
2017-11-13 21:51:55 -08:00
6257835757
Add support for LibreSSL 2.6.3
2017-11-13 09:51:17 -05:00
0bae121e12
Added a macro that wraps foreign type, and impl Send and Sync for both,
...
the borrowed type and the owned one.
Replaced all invocation of `foreign_type` by `foreign_type_and_impl_send_sync`.
2017-11-10 10:05:52 -05:00
5eea31676e
Add an example of making a CA and certs and verifying.
2017-11-06 23:14:56 -06:00
8830bd5daf
Add a couple of FIXMEs
2017-11-05 10:47:05 -08:00
6bb54e0171
Merge pull request #764 from AndyGauge/doc-error
...
Doc error
2017-11-05 10:24:59 -08:00
a1a3219483
Handle local retries
...
OpenSSL can return SSL_ERROR_WANT_READ even on blocking sockets after
renegotiation or heartbeats. Heartbeats ignore the flag that normally
makes these things handled internally anyway on 1.0.2. To handle this
more properly, we now have a special error type we use to signal this
event. The `Read` and `Write` implementation automatically retry in this
situation since that's what you normally want. People can use `ssl_read`
and `ssl_write` if they want the lower level control.
Closes #760
2017-11-04 13:32:18 -07:00
829c805543
fixed broken example and syntax error in module level documentation
2017-11-04 12:24:24 -07:00
27c3b01ad8
Merge pull request #747 from BrianOn99/symm
...
Symm documentation
2017-11-04 11:51:05 -07:00
f79d92dd67
Merge pull request #761 from AndyGauge/doc-ec
...
Doc ec module
2017-11-04 11:50:22 -07:00
a5c582a7df
Update data-encoding major version
2017-11-04 18:33:00 +01:00
556f371689
Error documentation improvement
2017-10-27 16:59:36 -07:00
cda2662cbc
Merge branch 'master' into doc-ec
2017-10-24 16:44:21 -07:00
df10bcf960
Update documentation for EC module
2017-10-24 16:43:01 -07:00
d5299a8d2b
Fixed a typo in an error message, WANT_WRITE -> WANT_READ
2017-10-17 20:06:35 -05:00
09f2a3e9db
Release v0.9.20
2017-10-14 14:36:55 -07:00
f4f00d4613
Merge pull request #755 from AndyGauge/doc-dsa
...
Documentation for DSA module
2017-10-14 13:08:17 -07:00
80efaf72e6
DSA size returns maximum size of signature
2017-10-11 13:06:52 -07:00
a62069cef9
Began EC documenation
2017-10-11 13:04:53 -07:00
2c7f0e7604
Merge branch 'master' of https://github.com/sfackler/rust-openssl
2017-10-09 12:10:04 -07:00
39f918ff3d
Documentation improvements for DSA module
2017-10-09 12:06:46 -07:00
75e6db6f00
Move doc details into another paragraph
2017-10-09 11:14:27 +08:00
44a000f3a6
Merge pull request #753 from zsck/issue719
...
Added module-level documentation for the `sha` module.
2017-10-08 16:54:13 -07:00
79d6172571
Merge pull request #749 from johnthagen/conf
...
Document conf module
2017-10-08 16:52:30 -07:00
407f330d7b
Move OpenSSL implementation details into a normal comment
2017-10-07 18:29:53 -04:00
a33efaa349
Include the hex crate and ToHex import to the second example
2017-10-07 17:07:53 -04:00
f206eb6a4b
Added module-level documentation for the `sha` module.
...
The documentation included describes what the SHA family of hash functions is,
what hash functions are for, and a little bit about why one may want to use the
SHA family of hash functions. I have also included a couple of examples demonstrating
how to create a hasher and update it, as well as how to hash bytes directly.
2017-10-07 16:49:09 -04:00
9d43fc6e02
Merge pull request #744 from AndyGauge/doc-bn
...
Doc BigNum
2017-10-07 13:44:54 -07:00
0058478392
Merge pull request #748 from AndyGauge/doc-cms
...
CMS module documentation
2017-10-07 13:08:32 -07:00
040287dbb5
Module level documentaiton rewrite
2017-10-04 08:22:40 -07:00
a989e414f4
Describe return values of groups.
2017-10-04 08:17:14 -07:00
de18ccf5fe
Begun DSA documentation
2017-10-04 08:01:35 -07:00
ff8f54812c
Merge pull request #752 from chrisvittal/libressl262
...
Add support for LibreSSL 2.6.2
2017-10-03 22:11:29 -07:00
1308cb2b52
Fix cfgs for libressl262
2017-10-04 00:53:09 -04:00
e0efd1d438
Add support for LibreSSL 2.6.2
2017-10-03 23:59:33 -04:00
b5bb8de4f2
Convert try! usage to ?
2017-10-03 17:44:02 -04:00
4f8195c472
Document conf module
2017-10-03 17:32:49 -04:00
4e59fab753
CMS module documentation
2017-10-03 11:07:35 -07:00
7c40c5269c
Finished BigNum documentation
2017-10-03 09:52:14 -07:00
ff53750cab
Additional notes on Crypter
2017-10-04 00:28:32 +08:00
76ecc13cec
Copy example to module level
2017-10-04 00:05:30 +08:00
79a8ebb631
Add examples and more documentation to symm
2017-10-03 23:59:16 +08:00
7159215e45
Merge pull request #743 from AndyGauge/doc-asn1
...
Doc asn1 module
2017-09-30 21:14:12 -07:00
219f13eb35
Deprecate crypto module
2017-09-30 21:29:57 -04:00
b078c67dbb
Hide deprecated crypto module from docs
2017-09-30 12:06:09 -04:00
feb3eb3f01
removed deny missing docs
2017-09-29 16:23:16 -07:00
1e161e924f
WIP BigNum function documentation
2017-09-29 16:00:34 -07:00
9a63044175
Merge branch 'master' into doc-bn
2017-09-29 09:40:30 -07:00
38f0e8d9ee
Changed Asn1Object documentation to include references to Nid
2017-09-29 09:37:46 -07:00
b44d37acaf
Began bn module documenation
2017-09-29 09:18:44 -07:00
1766c1d327
Merge pull request #736 from johnthagen/hide-ec-key
...
Hide ec_key module in docs
2017-09-28 23:56:19 -04:00
c3fc494427
Merge pull request #737 from johnthagen/rand
...
Document rand module
2017-09-28 23:56:03 -04:00
7c0965e66d
Merge pull request #740 from johnthagen/memcmp
...
Document memcmp module
2017-09-28 23:51:38 -04:00
2c7a19013c
documented and example for ASN1 module
2017-09-28 16:27:00 -07:00
b65540709f
Document nid module
2017-09-28 14:25:39 -04:00
c5aef19d05
Add instructions for adding OpenSSL DLLs to PATH if needed during install
2017-09-28 13:34:49 -04:00
1e3b8183bb
Moved details about function and reworded block requirements
2017-09-28 08:04:10 -07:00
a02b07fe76
WIP ASN.1 documentation
2017-09-28 08:00:23 -07:00
c4b044b6ba
Fix doc test and move external documentation link to rand_bytes function
2017-09-28 10:36:53 -04:00
26fa22fe04
Fix typos
2017-09-28 09:52:46 -04:00
220c707fd9
Document rand module
2017-09-28 09:49:03 -04:00
0f0ab2e425
Hide ec_key module in docs because it is deprecated
2017-09-28 09:28:08 -04:00
f759f8dd4a
Preface with links to conventional AES
2017-09-27 08:46:13 -07:00
ad879ad7de
AES (IGE) encryption documentation
2017-09-26 16:51:37 -07:00
afde5a84b1
AES Module level docs and example
2017-09-26 16:34:06 -07:00
b07b0e7fb7
WIP: document AES
2017-09-25 17:01:08 -07:00
cd558d99e7
Release v0.9.18
2017-09-20 10:21:37 -04:00
dc92a514ef
Properly handle IPs in hostname verification
2017-09-20 10:04:09 -04:00
f0db1dbc95
Merge pull request #695 from Keruspe/master
...
openssl-sys: support libressl 2.6.1
2017-09-17 13:57:18 -07:00
b73548da18
openssl: ecdh_tmp_callback doesn't work with libressl 2.6.1
...
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2017-09-17 19:55:47 +02:00
5091830379
openssl: libressl 2.6.1 dropped suuport for npn
...
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2017-09-17 19:46:05 +02:00
7d41009a9c
Update default client cipher list
2017-09-16 13:10:55 -04:00
9bd64edc08
Fix indentation
2017-09-15 22:31:03 -04:00
68a30c29c9
Set SSL_MODE_RELEASE_BUFFERS by default
...
Closes #696
2017-09-14 19:15:00 -07:00
ca40c2e6a3
Symlink README in place
...
Allows crates.io to render it properly
2017-08-21 04:00:25 -07:00
1a6edc409f
Rename function, removing `get_`
...
Fix per PR comment, should have been like this from the start :).
2017-08-22 07:44:27 +10:00
f599df124b
Add ability to get affine coordinates from EcPoint
...
The initial usecase here is creating JWK representations as defined
within RFC 7517 from an EcKey created via a PEM source.
2017-08-21 15:08:48 +10:00
9143516037
Add SHA384 and SHA512
2017-08-16 21:03:46 -07:00
673bcfaf5a
Add SHA1 an SHA224 hashers
2017-08-16 20:26:16 -07:00
c175ac639d
Release v0.9.17
2017-08-14 17:13:36 -07:00
1d92ff290e
Add a stateful SHA256 hasher
2017-08-14 17:07:44 -07:00
ea6edb133e
Release v0.9.16
2017-08-10 22:17:50 -07:00
4c3b3476f4
Merge pull request #675 from sdemos/master
...
added cms decryption
2017-08-09 14:20:51 -07:00
caf7b8ecbc
added cms decryption
2017-08-09 12:26:45 -07:00
be1b573f6b
Delete DTLS tests
2017-08-08 22:01:58 -07:00
c966583877
Refine sig for set_public_key_affine_coordinates
...
This functions signature was originally defined to require mutable
references for `x` / `y` as the underpinning OpenSSL C API
was not `const`.
However the actual OpenSSL implementation makes no changes. This being
the case we've chosen to reflect non mutability at the Rust level.
2017-08-09 14:20:22 +10:00
16e8fbc31e
Fix EC_KEY_set_public_key_affine_coordinates
...
Previous definition incorrectly used `const` pointers but the
underpinning library definition (unfortunately) does not.
2017-08-09 13:34:08 +10:00
d9e0321851
Set the private key within EcKeyBuilder
...
The initial usecase here is creating EcKey instances from JWK
representations, that hold private keys, as defined within RFC 7517.
2017-08-09 12:44:54 +10:00
cfb4ea31d5
Support for EcKey creation from affine coordinates
...
Sets the public key for an EcKey based on its affine co-ordinates,
i.e. it constructs an EC_POINT object based on the supplied x and y
values and sets the public key to be this EC_POINT.
The initial usecase here is creating EcKey instances from JWK
representations as defined within RFC 7517.
2017-08-09 12:21:54 +10:00
f34af83653
Init in bn_ctx constructor
2017-07-30 13:24:36 -07:00
d1a42598d7
Init in Dh constructors
2017-07-30 13:23:19 -07:00
c2164a4864
Add peer_cert_chain
2017-07-29 10:34:10 -07:00
a132834132
Ignore dtls tests
...
They're way too flaky.
Closes #525
2017-07-29 09:54:04 -07:00
8fa9b58743
Tweak formatting on cipher list
2017-07-26 20:49:24 -07:00
01927c19ac
Initialize OpenSSL in DSA constructor
...
This fixes the double unlock errors that were popping up on circle
2017-07-25 21:59:52 -07:00
bf6dc28f0c
Release v0.9.15
2017-07-19 19:35:28 -07:00
7de1499c65
Fix X509::clone impl
...
Closes #667
2017-07-19 19:23:47 -07:00
9c9a0efafc
Remove unused import
2017-07-16 14:31:27 -07:00
3a7ca9c2ff
Switch over Linux tests to CircleCI
2017-07-16 14:15:09 -07:00
605b8af445
Tell docs.rs to build with all features
2017-07-15 22:08:52 -07:00
374ad206d5
Use foreign-type's Opaque
2017-07-15 21:53:49 -07:00
bcd0dcafcb
Rustfmt
2017-07-15 21:46:11 -07:00
5c2410c38a
Init before creating ex indexes
2017-07-15 18:58:24 -07:00
dbbf446a9e
Fix build
2017-07-15 17:25:02 -07:00
c68db708ee
Don't overwrite the configured verify mode
...
We can leverage the new extra data API to configure the verification
mode up front so users can reconfigure it as they like.
2017-07-15 16:50:36 -07:00
fd52bbe85c
Add an API to install extra data
2017-07-15 16:50:36 -07:00
e3c7a2785c
Move callbacks to a submodule
2017-07-15 16:50:36 -07:00
9290ed97c2
Merge pull request #657 from sfackler/rsa-pkcs1
...
Support PKCS#1 RSA public keys
2017-07-06 14:11:27 -10:00
279bffccf5
Merge pull request #641 from luser/psk
...
Expose PSK via a SslContextBuilder::set_psk_callback method
2017-07-04 18:19:17 -10:00
51a226eb4b
Support PKCS#1 RSA public keys
...
Closes #656
2017-07-04 20:57:00 -07:00
575e682da3
Add PKey::private_key_from_der
2017-06-23 21:04:13 -07:00
223e8e3689
Release v0.9.14
2017-06-14 19:59:45 -07:00
240eb9731f
Properly reexport ConnectConfiguration
2017-06-14 19:54:09 -07:00
d7135c88ac
Fix documentation typo
2017-06-10 18:40:57 -04:00
98d343dd32
Fix for changes in OpenSSL 1.1.0f
2017-06-06 18:45:54 -04:00
4de58596d9
Make some changes for review comments
2017-06-02 08:20:03 -04:00
3028958bf6
Little docs fix
2017-05-29 21:11:49 -07:00
c89af1d5f8
Add a fixme
2017-05-29 18:04:32 -07:00
cba475b9ae
Release v0.9.13
2017-05-29 17:46:07 -07:00
16183f41f6
Expose PSK via a SslContextBuilder::set_psk_callback method
2017-05-26 14:51:04 -04:00
27728f6fd9
Update bitflags 0.8 -> 0.9
2017-05-22 12:44:22 +03:00
4336d1d38c
Release v0.9.12
2017-05-12 11:47:46 -07:00
1fa7397b88
Set LD_LIBRARY_PATH when using custom build
2017-05-06 18:50:44 -07:00
67b5fd1c97
Support public key decode from DER
...
Closes #629
2017-05-06 16:40:33 -07:00
0efef98848
Add a note to rename variant
2017-05-06 16:35:55 -07:00
dd3896fdc5
Clarify use of ssl::HandshakeError::Interrupted
2017-05-03 12:03:18 -07:00
7e8a0a0dad
Expose the lower level SHA functions
...
These don't allocate so they're both infallible and significantly
faster.
2017-04-14 23:03:17 -07:00
429f7c869e
Release v0.9.11
2017-04-14 16:56:21 -07:00
fd6a1f70bd
Merge pull request #616 from sfackler/no-alloc
...
Don't force allocation for message digests
2017-04-13 19:37:11 -07:00
4cf9f6c4c0
Don't force allocation for message digests
2017-04-13 19:02:31 -07:00
b21046375a
(issues-600) Avoid compiling ec2m code against no-ec2m openssl
...
This commit avoids defining code that leads to undefined references when
compiling against an openssl built with no-ec2m.
2017-04-11 15:42:05 -07:00
e6a6ebb87d
Add new EC/PKEY methods to permit deriving shared secrets.
2017-04-10 15:40:36 -04:00
fc1bcecfc1
Don't exclude test data from package
...
Closes #612
2017-04-04 09:06:32 -07:00
af25627fdf
bump bitflags to 0.8
2017-04-03 23:04:23 +02:00
42ad50ae67
Release v0.9.10
2017-03-26 10:49:04 -07:00
ba2460d38d
Merge pull request #606 from cjcole/master
...
Fix order of arguments to BN_rand_range and BN_pseudo_rand_range
2017-03-26 05:01:29 +01:00
c8d1698f27
Logic to support client-side session reuse
2017-03-25 19:30:01 -07:00
d239e04c70
Fix order of arguments to BN_rand_range and BN_pseudo_rand_range
2017-03-25 12:29:18 -04:00
bf63f35dfb
Release v0.9.9
2017-03-14 12:55:36 -07:00
06b10a5753
Release v0.9.8
2017-03-09 20:33:17 +11:00
efe96396ad
Merge pull request #592 from Byron/master
...
Fix for len() == isize::max() for stacks that are unallocated
2017-03-09 20:28:42 +11:00
463db85110
Don't allow Stacks to be allocated with a null-ptr
...
The latter must be seen as undefined behaviour, as it will cause
the `sk_num` function to return -1 to indicate the error, which
causes all kinds of issues.
Thus there now is a panic to abort the program if stacks are initialized
with a null-ptr, and special handling of that case when decoding
a Pkcs file.
2017-03-07 07:39:25 +01:00
97536a9b82
Merge pull request #585 from bluejekyll/master
...
some helpful documentation and example on set_subject_name()
2017-03-07 13:19:52 +11:00
ec2685347c
Fix for empty stacks
...
The culprit is that `sk_num(stack)` can return -1
as c_int if there is no stack allocated.
Previously, thanks to unsafe casts, this would result in
a isize::max() for len() and iteration size if there was no stack.
Now this case is handled specifically, which fixes the issue.
2017-03-06 10:14:39 +01:00
f92ac2477b
Add test to run into issue with stack.len()
2017-03-06 09:59:00 +01:00
bf21ff5f80
Fix Shr trait impl for BigNum: was using shl
2017-03-01 11:24:11 -05:00
b431896057
mention the common fields
2017-02-22 22:05:39 -08:00
81362a4e79
scrypt support
...
Closes #586
2017-02-21 21:15:52 -08:00
9b24698aee
some helpful documentation and example.
2017-02-20 14:48:49 -08:00
268288337b
Expose more error information
2017-02-19 16:05:58 -08:00
618cc70d19
Add a fixme to drop const prefixes
2017-02-19 14:24:05 -08:00
710a30bb40
Tweaks
2017-02-18 21:58:38 -08:00
88740c1374
add Ok to result
2017-02-16 19:59:02 -08:00
323a646383
only forget in non-error condition
2017-02-16 19:50:58 -08:00
eef5b5d2ac
review fixes: reorder forget()
2017-02-16 19:49:14 -08:00
d080c10910
fix cfg options for v102 and v110
2017-02-16 19:49:14 -08:00
f8298882a4
add set_verify_cert_store() to ssl ctx
2017-02-16 19:49:14 -08:00
19f3b8a11a
Support PKCS#8 private key deserialization
...
Closes #581
2017-02-14 19:37:25 -08:00
06065ddcee
Release v0.9.7
2017-02-11 14:34:37 -08:00
129a3cff08
Update deprecation version
2017-02-11 10:27:09 -08:00
89cd1d3ea7
Use published foreign_types
2017-02-11 10:16:14 -08:00
16d5632983
Remove X509Req setters
2017-02-11 10:14:16 -08:00
f2c69ae7e9
Merge remote-tracking branch 'origin/master' into x509-builder
2017-02-11 10:13:00 -08:00
5ad4af70ae
Re-add reexport
2017-02-11 09:17:39 -08:00
1c25336520
Merge branch 'master' into x509_req_version_subject
2017-02-11 09:11:25 -08:00
03fe3015dc
X509 signature algorithm access
2017-02-10 21:37:33 -08:00
8e5735d84c
X509 signature access
2017-02-10 19:59:11 -08:00
a1d7956f82
Add Asn1BitString
2017-02-10 19:38:51 -08:00
8ae424235e
Make it compile again.
...
Make self mut in set_subject_name.
Add assert to prevent a null pointer in subject_name.
2017-02-07 21:49:07 +01:00
30a634c877
Merge branch 'master' into x509_req_version_subject
2017-02-07 20:41:27 +01:00
12ae31ad47
Switch to foreign_types
2017-02-03 23:03:35 -08:00
4900d3fe5d
Fixed constant names from openssl/rsa.h
...
Fixed PKeyCtxRef method that didn't need to be mutable.
Added non-mutable accessors for PKeyCtxRef for Signer and Verifier.
2017-01-31 11:59:59 -08:00
302ee77d32
Adding suggestions from review.
2017-01-30 16:51:10 -08:00
72a10f3e65
Fixing typo
2017-01-30 15:04:44 -08:00
ef61b814ff
Small amount of docs.
2017-01-30 15:04:44 -08:00
e1fc5b2b7e
Simplify protocol based on the semantics defined by openssl.
2017-01-30 15:04:44 -08:00
20eed1e762
Simplify code, so that openssl-sys really doesn't contain anything aside
...
from bindings
2017-01-30 15:04:44 -08:00
588fd33552
Testing first version that works with signer.
2017-01-30 15:04:44 -08:00
f5149eac5a
Add setters to new getter-functions in X509ReqRef
2017-01-27 20:55:40 +01:00
6a8f6f425f
Style changes according to review
2017-01-27 19:13:36 +01:00
557b936e27
Added X509ReqRef.subject_name and X509ReqRef.version
2017-01-26 21:05:33 +01:00
15b1b348b2
Pkcs12Builder tweaks
2017-01-25 11:37:26 +00:00
591022a7fa
fix multi-version compat
2017-01-23 22:12:11 -08:00
225552b823
Merge branch 'master' of github.com:sfackler/rust-openssl
2017-01-22 22:24:45 -08:00
fbfecd63ae
add some documentation
2017-01-22 22:23:21 -08:00
52c7868bb6
add pkcs12_create and to_der funcs
2017-01-22 21:27:31 -08:00
722bdb6a4c
Merge pull request #550 from Keruspe/master
...
LibreSSL support improvements
2017-01-22 18:39:34 +00:00
54900976bb
Support EC_GROUP_set_asn1_flag
...
Closes #561
2017-01-22 10:44:59 +00:00
1ffdf8a1ab
Fix test warnings
2017-01-21 14:43:43 +00:00
26e159a5f0
Support chacha20 and chacha20_poly1305
2017-01-21 11:12:02 +00:00
d353b36681
Support AES IGE
...
This is a special snowflake used only by Telegram apparently.
Closes #523
2017-01-21 09:41:13 +00:00
a1122197f8
Add categories
...
Closes #557
2017-01-20 16:35:43 +00:00
920ab0d6fb
OCSP functionality
2017-01-14 21:09:38 -08:00
9942643ab6
Release v0.9.6
2017-01-09 20:52:20 -08:00
1fbe8f8d71
Fix typo
2017-01-08 11:04:47 -08:00
1942977408
Add methods to construct SslAcceptorBuilder without key and cert
...
This will allow, in particular, initialization directly from files
rather than having to load and parse them manually.
2017-01-08 10:57:04 -08:00
0978f87095
libressl: make set_ecdh_auto available
...
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2017-01-05 20:47:01 +01:00
404e0341d8
Provide master key access
2017-01-04 22:01:30 -08:00
a2c118bf82
Add basic session tests
2017-01-04 21:18:13 -08:00
0b1bfee46d
session is nullable
2017-01-04 21:15:09 -08:00
5d53405597
Provide access to the session ID
2017-01-04 21:11:06 -08:00
88a7032f4b
Types and accessor for SslSession
2017-01-04 20:59:46 -08:00
cdf388e3f4
Release v0.9.5
2017-01-03 16:09:24 -08:00
dbd6134fd6
Clean up EcKey example a bit
2017-01-03 15:33:45 -08:00
0897c196e1
Merge pull request #547 from sfackler/x509-stack
...
Add X509::stack_from_pem
2017-01-03 15:31:03 -08:00
da817c952d
Merge pull request #541 from bluejekyll/master
...
add EcKey creation from EcPoint, public_key
2017-01-03 15:27:14 -08:00
6291407b17
Add X509::stack_from_pem
...
Implementation is a clone of SSL_CTX_use_certificate_chain_file
2017-01-03 14:56:00 -08:00
e2f1569500
Tweak layout a little bit
2017-01-03 12:35:52 -08:00
1767cd5464
Pointer from PKey docs to sign module.
...
Could even add a link, but I don't know how.
Someone who wants to use OpenSSL to compute an HMAC won't find a "hmac" module and won't find HMACs in the "hash" module. Unless the person knows that HMACs are used to "sign" messages (the usual term in this context would be "authenticate"), they will probably use the search function and look for "hmac", then they'll find this method. So it's helpful to include a pointer to the right API to use. Without such a pointer, the API user is left with a seemingly useless Pkey instance.
Similar pointers could be helpful from the other creator methods in this file. And/or from the top-level documentation or the hash documentation towards the sign module. Another idea would be a trivial `hmac` module with a few helper functions that internally just use Pkey. If many users who just want a simple HMAC value can use that API, there are fewer dependencies on `Pkey` and `sign`, which is probably a good thing.
2017-01-03 14:48:46 +01:00
cfb2539ed4
Typo
2017-01-02 09:37:31 -08:00
0483ea767c
Little cleanup
2017-01-01 11:05:54 -08:00
0e0bee50a5
Clean up bio
2017-01-01 10:18:43 -08:00
7e75c76bb4
Stick tag description on the right function
2017-01-01 10:13:34 -08:00
cdabc1b3e3
Fix docs
2017-01-01 10:07:32 -08:00
85a6e8acca
Fix doc reference
2017-01-01 09:53:08 -08:00
444c00955a
add EcKey creation from EcPoint, public_key
2016-12-31 10:40:56 -08:00
5c49b58a88
Indicate that memcmp::eq should be used for HMACs
2016-12-31 09:44:57 -08:00
762510a5fa
Release v0.9.4
2016-12-23 13:38:52 -05:00
7e035a7fd1
Merge pull request #538 from semarie/libressl
...
Add LibreSSL support
2016-12-22 11:59:19 -05:00
a70e27ae64
Add Travis build against LibreSSL
2016-12-21 09:27:21 +01:00
b3526cbd2b
Add LibreSSL 2.5.0 support
2016-12-21 09:27:12 +01:00
8e01f8d250
Handle zero-length reads/writes
...
This commit adds some short-circuits for zero-length reads/writes to
`SslStream`. Because OpenSSL returns 0 on error, then we could mistakenly
confuse a 0-length success as an actual error, so we avoid writing or reading 0
bytes by returning quickly with a success.
2016-12-20 15:52:18 -08:00
791f2c8f4d
Release v0.9.3
2016-12-09 21:54:06 -08:00
26cefe7d97
Switch to docs.rs for docs
2016-12-09 21:52:43 -08:00
152d788998
Fix ErrorStack display
2016-12-09 21:32:41 -08:00
5340895249
Add Blowfish tests
2016-12-09 21:31:26 +00:00
0850f605b1
Use EVP_bf_cfb64 instead of EVP_bf_cfb
2016-12-09 18:42:10 +00:00
0081665339
Add Blowfish support
2016-12-09 17:06:15 +00:00
0602712bf4
Release v0.9.2
2016-11-27 22:23:32 -08:00
146512099b
Implement Clone for SslConnector and SslAcceptor
2016-11-27 21:35:35 -08:00
234f126d7d
Cleanup
2016-11-27 21:00:59 -08:00
8b60d4a3c2
Return Option from group
2016-11-16 15:45:15 -08:00
e58dda8990
Remove EcGroup constructors
...
You also need a generator and possibly other stuff. Let's hold off on
construction until someone has a concrete requirement for them.
2016-11-16 13:53:03 +01:00
7515510125
Test elliptic curve signatures
2016-11-15 22:06:20 +01:00
ec0fa36714
Add a test for mul_generator
2016-11-15 21:24:34 +01:00
b914f779e8
Turns out yet another variant of EC_POINT_mul is allowed!
2016-11-15 21:20:06 +01:00
6794a45d60
Rename ec_key to ec
2016-11-14 22:37:01 +01:00
90acfaea51
Split EcKey::mul
2016-11-14 22:08:04 +01:00
e929e09216
Add EcPoint::invert
2016-11-14 22:02:47 +01:00
4c60aa005d
Fix non-static EcGroup method locations
2016-11-14 19:20:08 +01:00
82eb3c4f51
Add EcKey::check_key
2016-11-13 22:10:52 +00:00
35f11d555e
More functionality
2016-11-13 22:06:18 +00:00
1a52649516
More functionality
2016-11-13 20:46:01 +00:00
3d31539ba9
Public keys are not always present
2016-11-13 20:31:44 +00:00
0d0b5080e2
Rename new_by_curve_name to from_curve_name
2016-11-13 20:21:44 +00:00
b2de36049a
Add Some more elliptic curve functionality
2016-11-13 20:19:38 +00:00
7dbef567e6
Remove some stray manual impls
2016-11-13 18:00:42 +00:00
ccef9e339d
Macroise from_pem
2016-11-13 17:56:48 +00:00
df9666c334
Macroise to_pem
2016-11-13 17:42:45 +00:00
48c0009418
Macroise from_der
2016-11-13 17:06:50 +00:00
b0415f466c
Macroise to_der
2016-11-13 16:52:19 +00:00
ed9f600e28
Make password callback return a Result
2016-11-13 16:18:52 +00:00
387e78257b
Support serialization of encrypted private keys
...
Switch to PEM_write_bio_PKCS8PrivateKey since the other function outputs
nonstandard PEM when encrypting.
2016-11-13 16:09:52 +00:00
7d411c7975
Add private_key_from_pem_passphrase
2016-11-13 15:27:39 +00:00
2a8923c050
Macro-implement private_key_to_pem
2016-11-13 15:12:50 +00:00
08e0c4ca90
Some serialization support for EcKey
2016-11-13 15:02:38 +00:00
85c1474ce6
No need to use a raw string anymore
2016-11-13 12:19:31 +00:00
64e9932ac9
Use ffdhe2048 in mozilla_intermediate
2016-11-12 17:52:58 +00:00
2f8301fc63
Be a bit more emphatic about the danger
2016-11-12 16:51:26 +00:00
6b3599d319
Add a connect method that does not perform hostname verification
...
The method name is intentionally painful to type to discourage its use
2016-11-12 16:45:18 +00:00
7cdb58bc47
Simplify test logic a bit
2016-11-12 14:42:48 +00:00
157034d995
Add a missing init
2016-11-12 14:30:53 +00:00
796d7b4deb
Add constructors for various standard primes
2016-11-12 14:20:43 +00:00
96d24c8957
Add SslRef::set_{tmp_dh,tmp_ecdh,ecdh_auto}
2016-11-12 13:45:54 +00:00
2a1d7b2bcb
Pick different cipher lists on 1.0.1 and 1.0.2
2016-11-12 13:36:03 +00:00
93253ba599
Adjust cipher lists to work on older versions
2016-11-12 13:09:12 +00:00
780c46e0e7
Add SslRef::set_tmp_{ec,}dh_calback
2016-11-12 12:56:58 +00:00
563754fb08
Add SslContextBuilder::set_tmp_{ec,}dh_callback
2016-11-12 12:43:44 +00:00
Rohit Aggarwal