7eee39f1ec
Rustfmt
2019-02-22 10:14:15 -07:00
22231d7547
Support the client hello callback
2018-09-15 13:29:18 -07:00
bc4e47a321
Fix lookup errors with SNI callback.
...
The job of an SNI callback is typically to swap out the context
associated with an SSL depending on the domain the client is trying to
talk to. Typically, only the callbacks associated with the current
context are used, but this is not the case for the SNI callback.
If SNI is run for a second time on a connection (i.e. in a
renegotiation) and the context was replaced with one that didn't itself
register an SNI callback, the old callback would run but wouldn't be
able to find its state in the context's ex data. To work around this, we
pass the pointer to the callback data directly to the callback to make
sure it's always available. It still lives in ex data to handle the
lifetime management.
Closes #979
2018-08-31 20:23:55 -07:00
ef7721092d
SRTP cleanup
2018-08-19 18:50:11 -07:00
59c578cf04
Add methods for DTLS/SRTP key handshake
2018-08-14 16:04:33 +02:00
1396143c66
Add get_shutdown and set_shutdown
2018-08-08 13:19:55 -07:00
71ee9439ca
Support builds of OpenSSL from vendored source (take 2)
...
This is a revival of #684 to see if I can help push it across the finish line!
Closes #580
2018-07-30 15:15:24 -07:00
6440ee04ef
Merge pull request #943 from lolzballs/master
...
Add wrapper for SSL_CTX_set_psk_server_callback
2018-06-17 15:47:00 -07:00
bf86580bec
Disable TLSv1.3 for psk_ciphers test
2018-06-17 17:00:22 -04:00
0745d66927
Update to 1.1.1-pre7
...
The initial session ticket is now sent as part of SSL_accept, so some
tests need to write a single byte through the stream to make sure that
both ends have fully completed to avoid test flakes.
TLSv1.3 cipher suite control has been extracted from the normal cipher
list into a separate method: SslContextBuilder::set_ciphersuites.
2018-06-02 13:58:56 -07:00
88c61d252f
Ensure psk test callbacks are called
2018-06-02 15:50:24 -04:00
bcc4ca0285
Change psk test cipher to PSK-AES128-CBC-SHA
...
Hopefully it works on CI servers now
2018-06-02 13:59:04 -04:00
5d8a44612d
add test for psk; deprecated set_psk_callback
2018-06-02 13:47:52 -04:00
a774c0c5f2
Rename X509Ref::fingerprint to X509Ref::digest and avoid allocating
2018-05-24 21:07:36 -07:00
4c1fdf1d81
Support ALPN on libressl
...
Closes #690
2018-05-20 12:52:49 -07:00
a6fcef01c0
Overhaul openssl cfgs
...
Also expose hostname verification on libressl
2018-05-20 12:33:02 -07:00
d991566f2b
Support min/max version in LibreSSL
...
Their implementations of the accessors don't behave expected with no
bounds, so we ignore those bits of the tests.
2018-05-19 19:57:12 -07:00
5cfbe7ac6a
Disable tests that talk to Google on LibreSSL 2.5.0
...
They're flickering, and I'm assuming it's just because that version is
so old.
2018-05-12 13:59:22 +01:00
7a1b59d605
Fix base version for min/max proto accessors
...
Closes #911
2018-05-09 20:04:43 +01:00
aa619c81c0
Some misc cleanup
2018-04-27 15:41:12 -07:00
f99c101559
Add test for stateless connection
2018-03-28 18:14:48 -07:00
7c33346960
Remove version-specific features
...
Closes #852
2018-03-19 00:41:33 -07:00
e02dbde2f7
Generic custom extension add fn return type
2018-03-10 22:30:54 -08:00
b0bc1c770e
High-level API for OpenSSL 1.1.1 custom extension support
2018-03-09 20:33:49 -08:00
b7ba577339
Add min/max protocol version support
2018-02-25 23:20:10 -08:00
f72f35e9bd
Add RFC 5705 support
2018-02-23 22:04:57 -08:00
4dffa0c33f
SSL session callbacks have always been around
2018-02-16 21:31:09 -08:00
a9d8bea33c
Add more session cache support
2018-02-15 21:30:20 -08:00
f4ddd66b03
Tweak features
...
We should keep the version features totally separate for now.
2018-02-14 22:11:24 -08:00
e8fd63bae3
Fix tests for TLS 1.3
...
Google yells at you when using TLS 1.3 without SNI by sending a bogus
self-signed cert!
2018-02-14 19:36:11 -08:00
2765775535
OpenSSL 1.1.1 support
2018-02-13 22:31:37 -08:00
81f7d17822
tests: if server failed to start, print exit code instead of timing out
...
```
% cargo +stable test --lib ssl::test::test_connect_with_alpn_successful_single_match --features=v102
Finished dev [unoptimized + debuginfo] target(s) in 0.0 secs
Running /Users/nga/devel/left/rust-openssl/target/debug/deps/openssl-a38e12a3527f6932
running 1 test
test ssl::test::test_connect_with_alpn_successful_single_match ... FAILED
failures:
---- ssl::test::test_connect_with_alpn_successful_single_match stdout ----
thread 'ssl::test::test_connect_with_alpn_successful_single_match' panicked at 'server exited: exit code: 1', src/ssl/test.rs:91:24
note: Run with `RUST_BACKTRACE=1` for a backtrace.
failures:
ssl::test::test_connect_with_alpn_successful_single_match
test result: FAILED. 0 passed; 1 failed; 0 ignored; 0 measured; 159 filtered out
```
2018-01-24 00:27:13 -08:00
3c19702299
Rename key serialization/deserialization methods
...
Also document their specific formats.
Closes #502
2018-01-06 13:27:44 -08:00
9043cf9aa7
Move X509Filetype to SslFiletype
...
These constants have the same values, but X509_FILETYPE_DEFAULT doesn't
work in the Ssl methods and using the SSL_* names is a bit less
confusing.
2018-01-01 11:50:07 -08:00
23bab6336e
Add a parameter to servername
2017-12-28 10:18:23 -08:00
7fbda61609
Overhaul ALPN
...
There was previously a lot of behind the scenes magic. We now bind much
more directly to the relevant functions.
Also remove APN support. That protocol is supersceded by ALPN - let's
see if anyone actually needs to use it.
2017-12-27 16:24:01 -07:00
52a06adc08
Overhaul ssl error
2017-12-26 21:03:49 -07:00
Steven Fackler