8830bd5daf
Add a couple of FIXMEs
2017-11-05 10:47:05 -08:00
a1a3219483
Handle local retries
...
OpenSSL can return SSL_ERROR_WANT_READ even on blocking sockets after
renegotiation or heartbeats. Heartbeats ignore the flag that normally
makes these things handled internally anyway on 1.0.2. To handle this
more properly, we now have a special error type we use to signal this
event. The `Read` and `Write` implementation automatically retry in this
situation since that's what you normally want. People can use `ssl_read`
and `ssl_write` if they want the lower level control.
Closes #760
2017-11-04 13:32:18 -07:00
d5299a8d2b
Fixed a typo in an error message, WANT_WRITE -> WANT_READ
2017-10-17 20:06:35 -05:00
ff8f54812c
Merge pull request #752 from chrisvittal/libressl262
...
Add support for LibreSSL 2.6.2
2017-10-03 22:11:29 -07:00
1308cb2b52
Fix cfgs for libressl262
2017-10-04 00:53:09 -04:00
b5bb8de4f2
Convert try! usage to ?
2017-10-03 17:44:02 -04:00
5091830379
openssl: libressl 2.6.1 dropped suuport for npn
...
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2017-09-17 19:46:05 +02:00
c2164a4864
Add peer_cert_chain
2017-07-29 10:34:10 -07:00
374ad206d5
Use foreign-type's Opaque
2017-07-15 21:53:49 -07:00
bcd0dcafcb
Rustfmt
2017-07-15 21:46:11 -07:00
5c2410c38a
Init before creating ex indexes
2017-07-15 18:58:24 -07:00
fd52bbe85c
Add an API to install extra data
2017-07-15 16:50:36 -07:00
e3c7a2785c
Move callbacks to a submodule
2017-07-15 16:50:36 -07:00
279bffccf5
Merge pull request #641 from luser/psk
...
Expose PSK via a SslContextBuilder::set_psk_callback method
2017-07-04 18:19:17 -10:00
240eb9731f
Properly reexport ConnectConfiguration
2017-06-14 19:54:09 -07:00
4de58596d9
Make some changes for review comments
2017-06-02 08:20:03 -04:00
3028958bf6
Little docs fix
2017-05-29 21:11:49 -07:00
c89af1d5f8
Add a fixme
2017-05-29 18:04:32 -07:00
16183f41f6
Expose PSK via a SslContextBuilder::set_psk_callback method
2017-05-26 14:51:04 -04:00
27728f6fd9
Update bitflags 0.8 -> 0.9
2017-05-22 12:44:22 +03:00
c8d1698f27
Logic to support client-side session reuse
2017-03-25 19:30:01 -07:00
618cc70d19
Add a fixme to drop const prefixes
2017-02-19 14:24:05 -08:00
710a30bb40
Tweaks
2017-02-18 21:58:38 -08:00
88740c1374
add Ok to result
2017-02-16 19:59:02 -08:00
323a646383
only forget in non-error condition
2017-02-16 19:50:58 -08:00
eef5b5d2ac
review fixes: reorder forget()
2017-02-16 19:49:14 -08:00
d080c10910
fix cfg options for v102 and v110
2017-02-16 19:49:14 -08:00
f8298882a4
add set_verify_cert_store() to ssl ctx
2017-02-16 19:49:14 -08:00
f2c69ae7e9
Merge remote-tracking branch 'origin/master' into x509-builder
2017-02-11 10:13:00 -08:00
12ae31ad47
Switch to foreign_types
2017-02-03 23:03:35 -08:00
722bdb6a4c
Merge pull request #550 from Keruspe/master
...
LibreSSL support improvements
2017-01-22 18:39:34 +00:00
920ab0d6fb
OCSP functionality
2017-01-14 21:09:38 -08:00
1942977408
Add methods to construct SslAcceptorBuilder without key and cert
...
This will allow, in particular, initialization directly from files
rather than having to load and parse them manually.
2017-01-08 10:57:04 -08:00
0978f87095
libressl: make set_ecdh_auto available
...
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2017-01-05 20:47:01 +01:00
404e0341d8
Provide master key access
2017-01-04 22:01:30 -08:00
0b1bfee46d
session is nullable
2017-01-04 21:15:09 -08:00
5d53405597
Provide access to the session ID
2017-01-04 21:11:06 -08:00
88a7032f4b
Types and accessor for SslSession
2017-01-04 20:59:46 -08:00
7e035a7fd1
Merge pull request #538 from semarie/libressl
...
Add LibreSSL support
2016-12-22 11:59:19 -05:00
b3526cbd2b
Add LibreSSL 2.5.0 support
2016-12-21 09:27:12 +01:00
8e01f8d250
Handle zero-length reads/writes
...
This commit adds some short-circuits for zero-length reads/writes to
`SslStream`. Because OpenSSL returns 0 on error, then we could mistakenly
confuse a 0-length success as an actual error, so we avoid writing or reading 0
bytes by returning quickly with a success.
2016-12-20 15:52:18 -08:00
234f126d7d
Cleanup
2016-11-27 21:00:59 -08:00
6794a45d60
Rename ec_key to ec
2016-11-14 22:37:01 +01:00
96d24c8957
Add SslRef::set_{tmp_dh,tmp_ecdh,ecdh_auto}
2016-11-12 13:45:54 +00:00
780c46e0e7
Add SslRef::set_tmp_{ec,}dh_calback
2016-11-12 12:56:58 +00:00
563754fb08
Add SslContextBuilder::set_tmp_{ec,}dh_callback
2016-11-12 12:43:44 +00:00
26a3358a2b
Add basic X509_STORE access
...
There's more to do here, but this enabled addition of trusted CAs from
X509 objects.
Closes #394
2016-11-12 00:24:12 +00:00
898e7f02df
Fix EOF detection
...
See https://github.com/openssl/openssl/issues/1903 for details
2016-11-11 15:10:30 +00:00
597d05b8f8
Add stack creation and push
2016-11-06 23:46:42 -08:00
1edb6f682e
Support client CA advertisement
2016-11-06 12:17:14 -08:00
a4e0581e4f
Fix build on 1.0.1
2016-11-06 11:57:50 -08:00
bcb7b3f5dc
Add accessors for cert and private key
...
Closes #340
2016-11-06 10:46:38 -08:00
79e2004eef
Fixes
2016-11-05 19:28:17 -07:00
01ae978db0
Get rid of Ref
...
There's unfortunately a rustdoc bug that causes all methods implemented
for any Ref<T> to be inlined in the deref methods section :(
2016-11-04 17:16:59 -07:00
6fe7dd3024
Remove an enum
2016-11-03 22:45:54 -07:00
cd7fa9fca2
Update x509
2016-10-31 20:54:34 -07:00
ff12d37aef
Update ssl
2016-10-31 20:32:55 -07:00
16e398e005
Update verify
2016-10-31 20:19:59 -07:00
f640613863
Update PKey
2016-10-31 20:12:55 -07:00
d6579ab058
Update EcKey
2016-10-31 20:06:06 -07:00
28f375974a
Convert Dh
2016-10-31 20:02:24 -07:00
006da59285
Return an SslRef
2016-10-30 22:42:32 -07:00
558124b755
Expose SSL_MODEs
2016-10-30 22:02:26 -07:00
e0211dac30
Rename set_CA_file
2016-10-30 21:39:26 -07:00
5b0fc9a185
Impl Sync and Send for SslContextBuilder
2016-10-30 20:34:35 -07:00
add8e4023e
Rename connectors
2016-10-30 19:39:18 -07:00
bd457dba18
Move HandshakeError to submodule
2016-10-30 17:23:03 -07:00
f75f82e466
Rustfmt
2016-10-30 16:37:45 -07:00
7d13176cd1
Rename nwe to mozilla_intermediate
2016-10-30 14:34:05 -07:00
43b430e5b0
Pass SslMethod into constructors
2016-10-30 14:26:28 -07:00
677718f8da
Configure ECDH parameters in connector
2016-10-30 13:38:09 -07:00
23fe1e85e9
Pull Curl's CA list for Windows tests
2016-10-29 18:17:46 -07:00
761dd780c1
Add module level docs
2016-10-29 18:04:38 -07:00
e72533c058
Docs for connectors
2016-10-29 15:00:46 -07:00
57d10ebbc3
Add PKeyRef
2016-10-29 14:19:09 -07:00
4c7a5a418e
Implement client and server connectors
2016-10-29 14:02:26 -07:00
dafb46fc51
Camel case DH
2016-10-27 20:26:18 -07:00
781417d50f
Add a macro definition
2016-10-27 19:12:55 -07:00
8e129af256
Fix description
2016-10-26 22:15:41 -07:00
63b1ec1a12
Stop returning an Option from cipher description
2016-10-26 22:13:10 -07:00
ebc4c56c34
Add SslMethod::from_ptr
2016-10-26 20:43:43 -07:00
f4b7006771
Don't allow mutation of SslContexts
...
SslContext is reference counted and the various setter methods don't
take out locks where necessary. Fix this by adding a builder for the
context.
2016-10-25 23:12:56 -07:00
39279455c8
Add a shutdown method
2016-10-25 20:40:18 -07:00
eb655bddbc
Fix ordering
2016-10-25 20:01:28 -07:00
938fdd7137
Add into_error
2016-10-23 21:54:49 -07:00
ca71e00878
Fix Send + Sync-ness of SslStream
2016-10-23 20:55:31 -07:00
98b7f2f935
Flatten crypto module
2016-10-22 09:16:38 -07:00
9be0aab9ac
Borrow compression string
2016-10-21 21:46:32 -07:00
f1c68e3544
Rename SslContextOptions
2016-10-21 21:22:05 -07:00
8ec53eb0e1
Fix X509StoreContext
2016-10-21 20:59:07 -07:00
02b4385c5d
Convert X509VerifyParamRef
2016-10-21 19:58:06 -07:00
f0cde38929
Borrowed servername
2016-10-21 19:54:30 -07:00
fcb86b8394
Convert SslCipherRef
2016-10-21 19:45:46 -07:00
2bbeddd14a
Convert SslRef
2016-10-21 19:33:56 -07:00
fe98a90719
Convert SslContextRef
2016-10-21 19:15:09 -07:00
bd0c0c60bd
Store a MidHandshakeSslStream in fatal errors
...
This in particular allows the X509 verification error to be retrieved,
as well as the stream itself.
2016-10-20 20:57:53 -07:00
8f3511c0cd
Redo SslStream construction
...
SslStream is now constructed via methods on Ssl. You realistically want
to create an Ssl for SNI and hostname verification so making it harder
to construct a stream directly from an SslContext is a good thing.
2016-10-20 19:59:09 -07:00
5ab037f056
Allow the X509 verify error to be read from an SslRef
2016-10-18 22:21:06 -07:00
c4459c37d9
Callback cleanup
2016-10-18 21:13:13 -07:00
f7e6d7fce6
Don't ignore errors in NPN/ALPN logic
...
Closes #479
2016-10-18 21:12:55 -07:00
Steven Fackler