62c29b54c1
Update cert
...
Now with a 10 year expriation
2016-05-15 22:11:10 -07:00
2c2c272e6a
Allow bitflags 0.7
2016-05-15 12:27:49 +02:00
dce59a63c5
Merge pull request #389 from cmsd2/master
...
expose rsa from raw private key and rsa sign and verify
2016-05-06 15:12:19 -07:00
f82a1c4f75
add rsa signature tests
2016-05-05 23:41:55 +01:00
78122a9d68
Release v0.7.11
2016-05-05 13:32:27 -07:00
a5ede6a851
add missing NIDs and use Nid as input to signing
2016-05-04 09:00:05 +01:00
49db4c84df
Add a new trait based Nid setup
2016-05-03 21:15:39 -07:00
356d4a0420
Remove AsRaw{Fd, Socket} impls
...
An SslStream can't really act as a raw socket since you'd skip the whole
TLS layer
2016-05-03 20:24:07 -07:00
f1846bce78
Remove silly internal error enum
2016-05-03 20:24:07 -07:00
00f517d2cd
Drop MaybeSslStream
...
It should be inlined into crates that depend on it.
2016-05-03 20:24:07 -07:00
085b2e6f03
Drop is_dtls methods on SslMethod
2016-05-03 20:24:07 -07:00
f09ca6fee2
Clean up SNI APIs
2016-05-03 20:24:07 -07:00
61f65cd8d6
Move SslContext::set_verify to a closure based API
2016-05-03 20:24:07 -07:00
696b1961ce
Rename getters in line with conventions
2016-05-03 20:24:07 -07:00
a0549c1606
Adjust set_ssl_context API
2016-05-03 20:24:07 -07:00
fa62232649
Error reform
2016-05-03 20:24:07 -07:00
58654bc491
Remove deprecated methods
2016-05-03 20:24:07 -07:00
de47d158c2
Remove NonblockingSslStream
2016-05-03 20:24:07 -07:00
6f410a25b2
take enum instead of ints from openssl header file
2016-05-03 22:17:07 +01:00
6bbb21779b
add constructor for private keys from bignums
2016-05-03 19:46:08 +01:00
b7de627eec
Update openssl version in CI
2016-05-03 08:47:28 -07:00
9b1eb6d94d
Add a version of Ssl::set_verify that doesn't set a callback
2016-05-01 20:45:49 -07:00
c7e68637bb
Merge pull request #388 from frewsxcv/lifetimes
...
Remove unnecessary explicit lifetimes.
2016-05-01 19:20:25 -07:00
487232b52d
Remove unnecessary explicit lifetime.
2016-05-01 21:28:51 -04:00
59c13aea84
Still check UTF validity in dnsname
2016-05-01 18:14:33 -07:00
2cfb25136f
Document SAN APIs and tweak accessor names
2016-05-01 09:09:51 -07:00
87782b22cf
Implement IntoIterator for &GeneralNames
2016-04-30 21:32:29 -07:00
bf7076b785
Implement `iter` method on `GeneralNames`.
2016-05-01 00:02:10 -04:00
7b73003b67
Add X509StoreContext::error_depth
2016-04-30 09:27:50 -07:00
62a7dd10e5
Add Ssl::set_verify
...
It also uses a better, closure based API than the existing callback
methods.
2016-04-30 08:09:12 -07:00
50024ce33b
Ignore default verify paths test on windows
2016-04-29 21:40:16 -07:00
8a5d3ea015
Merge pull request #385 from mbrubeck/bitflags-0.6
...
Upgrade to work with bitflags 0.5 and 0.6
2016-04-29 21:18:03 -07:00
a7bade104c
Merge pull request #381 from chaaz/master
...
Add 1DES symm ciphers (des-cbc, des-ecb, des-cfb, des-ofb)
2016-04-29 21:17:17 -07:00
32722e1850
Add accessors for x509 subject alt names
2016-04-29 21:15:32 -07:00
ee12087743
Upgrade to work with bitflags 0.5 and 0.6
2016-04-29 13:19:39 -07:00
caf9272c85
Start on GeneralName
2016-04-28 22:16:29 -07:00
5682c04469
Remove des_cfb and des_ofb, since they appear on limit platforms
2016-04-19 17:28:19 -06:00
54fc1df712
Release v0.7.10
2016-04-16 20:57:12 -07:00
c60e831cc4
Add docs for set_default_verify_paths
2016-04-16 20:49:46 -07:00
c2e72f6641
Add SslContext::set_default_verify_paths
2016-04-16 20:47:32 -07:00
2062d48dd2
Add 1DES symm ciphers (des-cbc, des-ecb, des-cfb, des-ofb)
...
1DES is well and truly dead for actual sensitive information, (its
keysize is too small for modern purposes), but it can still find use in
backwards compatiblity or educational applications.
2016-04-14 03:44:43 -06:00
b94ea8598c
Update for nightly changes
2016-04-13 19:30:08 -07:00
c48dcde568
Update lazy_static
2016-04-13 19:28:04 -07:00
9511a9bc19
Merge pull request #380 from Yoric/master
...
Resolves #378 - Module version with the version information
2016-04-13 14:45:49 -07:00
0c48f9a0e0
Resolves #378 - Module version with the version information
2016-04-13 23:29:25 +02:00
00282de2a5
Add ability to set session ID context on an SSL context
...
This is necessary to make authentication with client certificates work
without session restarts.
2016-04-13 21:38:23 +02:00
fa5537de81
copy PKey using DER encode and decode
...
test that fields of cloned private and public keys can be accessed
2016-04-10 00:16:31 -04:00
d143203f88
Release v0.7.9
2016-04-06 21:34:20 -07:00
4016edd4de
add EVP_PKEY_copy_parameters to FFI
...
copy EVP_PKEY params in PKey::clone
test that PKey::clone creates a copy
2016-04-06 19:39:50 -04:00
c4b7b85d99
Add safe wrapper BioMethod for ffi::BIO_METHOD
...
Adds a wrapper for ffi::BIO_METHOD located at ssl::bio::BioMethod. This
enables SslStream to be Send without doing an unsafe impl on the ffi
struct.
2016-04-04 16:08:38 -07:00
02f114faae
Cleanup
2016-03-27 13:37:00 -07:00
c4187638a8
Update for nightly changes
2016-03-27 13:29:24 -07:00
6d4bfaa490
Cast correctly c_char raw pointers (fixes build on ARM #363 )
...
Fix error caused by mismatched types while building crate
openssl for Raspberry Pi 2 and other ARM devices.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
2016-03-22 00:16:56 +02:00
e0412850ec
Release v0.7.8
2016-03-18 08:54:12 -07:00
6d043b3700
Allow Rust to infer the type of the argument to SSL_CIPHER_description.
...
This allows the code to compile on Android, where an unsigned char is
expected.
2016-03-18 15:44:47 +01:00
ade90bf004
Clean up BIO name
2016-03-17 22:27:16 -07:00
a9a18cf337
Simplify panic safety logic for new nightly
2016-03-17 22:23:51 -07:00
a569df29f4
Release v0.7.7
2016-03-17 09:04:23 -07:00
3467cf343f
Fix nightly warnings about zero-sized fn pointers
2016-03-11 12:57:56 -08:00
23fd427900
Merge pull request #353 from bluejekyll/master
...
adding functionality to directly get and set RSA public key material
2016-03-05 13:57:53 -08:00
3e5b65b7fa
making from_raw() unsafe
2016-03-05 13:43:14 -08:00
2fe3e48487
Stop testing sslv2 feature on Travis
...
OpenSSL removed support for this entirely in the most recent release.
2016-03-01 11:05:41 -08:00
90ce50730b
Update source URL for new OpenSSL release
2016-03-01 10:02:34 -08:00
1f5800fe2c
Merge pull request #356 from erikjohnston/conninfo
...
Add support for SSL_CIPHER
2016-03-01 09:20:36 -08:00
80ac6e54ac
Make SSLCipher.bits() return a struct.
2016-02-29 21:23:34 +00:00
04cbf049c0
Add SSL_get_version
2016-02-29 20:14:48 +00:00
3fb2c48c98
added public key material to the constructor
2016-02-28 22:05:19 -08:00
b37bbba78f
Bump bitflags to 0.4
2016-02-28 08:28:25 +04:00
6ebe581308
review fixes, keep raw RSA initiallization private
2016-02-23 20:49:21 -08:00
ef95223d26
adding functionality to directly get and set RSA key material
2016-02-17 23:18:42 -08:00
1e9667ea89
Add support for SSL_CIPHER
2016-02-17 22:38:32 +00:00
3df4c479c9
Release v0.7.6
2016-02-10 09:36:00 -08:00
643a4a58c9
More deprecated function cleanup
2016-02-08 23:20:19 -08:00
e3e4aa4472
Stop using deprecated method
2016-02-08 23:12:54 -08:00
fe0f8ea1d8
Rename Nid uid/UID to prevent breakage
2016-02-02 14:32:57 -08:00
4940ca7e92
Fix Nid::UID value
...
Nid::UID (userId) previously held the value of Nid::uid
(uniqueIdentifier).
2016-02-02 09:25:52 -08:00
627f394d59
Revert "Revert "impl Clone for PKey and X509 by using their 'references' member""
2016-01-31 20:38:36 +00:00
4e58fd10de
Fix PKey RSA constructors
...
`set1` functions bump the object's refcount so we were previously
leaking the RSA object. Split the decode from PEM part out to a method
on RSA and use that in the PKey constructors.
Also make RSA a pointer and actually free it.
2016-01-30 13:12:06 -08:00
8ab4b54541
Revert "impl Clone for PKey and X509 by using their 'references' member"
2016-01-28 23:37:27 -08:00
274715fad0
Merge pull request #343 from jimmycuadra/ordered-extensions
...
Preserve X.509 extension insertion order
2016-01-28 22:37:48 -08:00
87f94c832f
Bump openssl version to test with
2016-01-28 22:21:10 -08:00
5e0830286e
Preserve X.509 extension insertion order.
...
Ensures that extensions that are order-dependent are inserted in the
same order when calling out to OpenSSL during certificate signing.
Fixes #327 .
2016-01-28 20:02:44 -08:00
7610804c9d
Remove unwraps from rsa accessors
2016-01-22 19:10:22 -08:00
18e7e2455c
Merge pull request #330 from esclear/master
...
Add a interface to RSA structs
2016-01-22 19:07:38 -08:00
d25858cb57
Exclude test directory from package
2016-01-22 16:34:31 -08:00
2ece5b1039
Release v0.7.5
2016-01-22 15:57:21 -08:00
b7d3357f37
Fix connect and accept error reporting
...
We were previously trying to create an error twice so the second
wouldn't be correct.
2016-01-22 15:34:31 -08:00
3ee2bf9310
Fix up RSA integration
2016-01-20 20:29:06 +00:00
74db7db560
Merge branch 'master' of https://github.com/sfackler/rust-openssl
2016-01-20 19:59:41 +00:00
95a83c477c
Merge pull request #334 from jmesmon/ssl-context
...
ssl: fix refcounting of SslContext when set_ssl_context is used
2016-01-19 20:04:44 -08:00
36a667be49
x509: impl Clone using references & CRYPTO_add()
2016-01-19 22:04:51 -05:00
3c51f159a7
crypto/pkey: impl Clone for PKey using openssl's ref counting
2016-01-19 22:04:51 -05:00
d1825c7a86
openssl/ssl/context: test that we are refcounting correctly
...
Not a perfect test, on failure it _might_ exit with this output:
Process didn't exit successfully:
`/home/cody/g/rust-openssl/openssl/target/debug/openssl-8e712036e3aac4fe`
(signal: 11)
But unclear if we can do any better.
2016-01-18 16:40:14 -05:00
dacde211c3
ssl: fix refcounting of SslContext when set_ssl_context is used
...
Additionally impl Clone for SslContext to both allow us to use it &
allow external users to take advantage of SslContext's internal
refcount.
Maintain the existing signature for set_ssl_context(), but
add inline comments recommending changing it.
Fixes #333
2016-01-18 15:37:13 -05:00
1f45723b39
Fix incorrect unsafe declaration
2016-01-12 20:57:01 +00:00
7e8df9febd
Adhere to rust conventions
2016-01-12 18:15:07 +00:00
86e2f81f43
Fix should_panic check
2016-01-11 23:45:12 -08:00
1865dd7374
Test nightly on travis
2016-01-11 22:38:06 -08:00
fd6454f625
Add stream panic propagation behind a nightly feature gate
2016-01-11 22:36:58 -08:00
1238405637
Make the BigNum generation from a native pointer unsafe
2016-01-09 22:09:38 +00:00
b32a50797c
Merge pull request #328 from Cyberunner23/PemRSA
...
Add support for RSA PEM files.
2016-01-09 13:08:00 -08:00
c0b9a4c8ec
Added tests for private_rsa_key_from_pem() and public_rsa_key_from_pem()
2016-01-09 14:36:01 -05:00
89e88727ff
Mark PKey as `Send` and `Sync`
...
Provided that the locking function is set, the underlying `ffi::EVP_KEY`
type should be safe to use across threads.
2016-01-07 06:33:25 +01:00
1d3277fbee
Added private_rsa_key_from_pem and public_rsa_key_from_pem.
2016-01-05 13:22:56 -05:00
578fac7e80
Add public interface to access BigNums from RSA keys
2016-01-01 19:46:03 +00:00
5e5d24ee25
Implement the possibility to create BigNums from their ffi counterpart
2016-01-01 19:36:29 +00:00
5813ca371d
Add RSA structs
2016-01-01 19:33:49 +00:00
926c8167be
Release v0.7.4
2015-12-18 22:41:46 -08:00
11129aa521
Rustfmt
2015-12-18 22:34:30 -08:00
a31acdbb93
Fix deprecation location
2015-12-18 22:21:23 -08:00
e85b49d375
Work around the worst of clone bogusness
...
SslStream::{clone,try_clone} are inherently broken since the Ssl object
shared by both streams is only going to be talking to one stream. Stuff
like hyper depends on try_clone, so we'll leave it here for now but
minimize the brokenness to "no worse than what it used to be like".
They'll be removed in 0.8.
cc #325
2015-12-18 21:20:47 -08:00
5fa46d428d
Release v0.7.3
2015-12-17 21:25:48 -08:00
e077ed0b4d
Disable cross compilation for now
2015-12-17 21:13:44 -08:00
053c924d5a
Fix nonblocking behavior
...
A new nonblocking socket may not have finished connecting yet, so reads
and writes can return ENOTCONNECTED which we should reinterpret into a
WantRead or WantWrite
Closes #323
2015-12-17 16:54:11 -08:00
ccab187f5a
Travis fixes
2015-12-16 23:51:19 -08:00
2cf65fc68d
Stop using manifest-path for now
...
Some ssl tests depend on the working directory being openssl
2015-12-16 23:39:29 -08:00
e7744874f4
Try cross compiling
2015-12-16 23:25:19 -08:00
2531ac9a45
Test overhaul + add an arm cross compile build
...
The ARM build doesn't do anything yet
2015-12-16 22:52:30 -08:00
02d2230a76
Fix regression of c_char type mismatches on ARM
2015-12-16 11:11:14 +01:00
157e6aa961
Rustfmt
2015-12-15 21:51:20 -08:00
edfb318e0b
Fix bounds on ssl_read and ssl_write
2015-12-15 20:06:07 -08:00
13f7cfd9d8
Release v0.7.2
2015-12-15 19:41:57 -08:00
6d559bf1da
Cleanup SNI stuff
2015-12-15 19:39:24 -08:00
3a0e64dca5
Cleanup
2015-12-15 19:33:36 -08:00
167008d247
Merge pull request #320 from uasi/add-variations-of-pbkdf2
...
Add PBKDF2-HMAC-SHA256 and -SHA512 functions
2015-12-15 19:30:57 -08:00
514c5ec415
Merge pull request #309 from Geal/master
...
Add support for Server Name indication (SNI) on the server's side
2015-12-15 19:22:39 -08:00
f2fae1f83f
Document unused variant
...
No reason to hide it
2015-12-14 23:44:28 -08:00
b8c8b770e3
Yet more AsRawSocket fixes
2015-12-12 18:01:21 -08:00
ddedda1d03
More AsRawSocket fixes
2015-12-12 16:47:03 -08:00
63a45ac622
Fix AsRawSocket impls
2015-12-12 16:33:58 -08:00
d6ce9afdf3
Have NonblockingSslStream delegate to SslStream
2015-12-12 15:46:17 -08:00
1df131ff81
Build out a new error type
2015-12-12 15:01:16 -08:00
aa37dba0bc
Make error handling more reliable
2015-12-10 21:58:22 -08:00
b6647cc610
Put pbkdf2_hmac_{256,512}() behind feature gate
...
PKCS5_PBKDF2_HMAC is not available with openssl-0.9.8 on os x
2015-12-10 23:00:49 +09:00
e9b8627af2
Add PBKDF2-HMAC-SHA256 and -SHA512 functions
2015-12-10 20:29:52 +09:00
91f8c542f7
Replace SslStream implementation!
2015-12-09 23:30:29 -08:00
8f56897043
Implement read and write
2015-12-09 22:02:02 -08:00
9ee6f1c578
IT LIVES
2015-12-09 21:43:02 -08:00
4d883d488e
Custom BIO infrastructure
2015-12-08 23:02:38 -08:00
8cc69267fd
Bump openssl version for travis
2015-12-07 19:03:29 -08:00
6850c810d3
Increment SSL_CTX's reference count in Ssl::get_ssl_context()
...
Without this, whenever the returned SslContext is released,
the refcount of the underlying SSL_CTX will decrease and it
will be freed too soon
2015-12-03 12:26:55 +01:00
f54af75eb7
Cast correctly c_char raw pointers (fixes build on ARM #314 )
2015-11-30 21:06:54 +01:00
fce7cf4d36
Release v0.7.1
2015-11-28 16:14:58 -08:00
7835ea1c90
Make shims for SSL_CTX_ctrl and SSL_CTX_callback_ctrl macro wrappers
2015-11-25 08:10:36 +01:00
e486944320
fix memory management
2015-11-25 07:51:22 +01:00
667e3f44b9
Avoid freeing the SSL object when Ssl is dropped
2015-11-24 17:15:52 +01:00
dba3a0ced2
implement get/set ssl context
2015-11-24 17:11:00 +01:00
cb4263f91e
test SNI support
2015-11-24 17:11:00 +01:00
6bb3d8f1b5
Implement try_clone for MaybeSslStream
...
Closes #308
2015-11-20 21:33:36 -08:00
38b3b4a11e
Fixed a typo in a comment.
2015-11-19 19:52:26 -05:00
Steven Fackler