f92de22b8d
Add SslOptions::ENABLE_MIDDLEBOX_COMPAT
2018-03-03 14:57:38 -08:00
b7ba577339
Add min/max protocol version support
2018-02-25 23:20:10 -08:00
d5dd6575c1
Restore error stack in cookie callback
2018-02-25 22:11:08 -08:00
e04dbfa3ee
Expose cookie generate/verify callback setters
2018-02-25 20:05:15 -08:00
cebfbd9a25
Merge pull request #850 from sfackler/put-error
...
Add the ability to push errors back onto the error stack.
2018-02-24 20:58:07 -08:00
5fd23d38d5
Add the ability to push errors back onto the error stack.
2018-02-24 20:46:03 -08:00
f72f35e9bd
Add RFC 5705 support
2018-02-23 22:04:57 -08:00
7e0591a377
Actually add version stuff
2018-02-21 23:25:28 -08:00
15048f4c02
Inline connector constants
2018-02-21 19:41:06 -08:00
6977e9e89f
Don't special case 1.0.1
...
It appears that 1.0.1's defaults are actually okay.
2018-02-21 18:44:04 -08:00
7192a5291f
Update SslConnector cipher list
...
Based off of python/cpython#3532 , we use OpenSSL's default cipher list
and turn of things we don't like. This can't be used with 1.0.1,
however, which had a poor default set. There, we use the old defaults,
with the bits that aren't implemented in 1.0.1 removed (namely TLSv1.3
suites and ChaCha).
2018-02-20 22:27:54 -08:00
2daaf3fdea
Add some debugging-related bindings
2018-02-17 17:49:49 -08:00
90d5f85511
Add SSL_version binding
2018-02-17 13:44:21 -08:00
3f5e3f095e
Fix session cloning
2018-02-17 10:12:47 -08:00
e5123d266b
Bind remove and get session callbacks
2018-02-16 22:24:34 -08:00
4dffa0c33f
SSL session callbacks have always been around
2018-02-16 21:31:09 -08:00
af4832e145
Doc tweak
2018-02-15 21:33:39 -08:00
a9d8bea33c
Add more session cache support
2018-02-15 21:30:20 -08:00
f4ddd66b03
Tweak features
...
We should keep the version features totally separate for now.
2018-02-14 22:11:24 -08:00
e8fd63bae3
Fix tests for TLS 1.3
...
Google yells at you when using TLS 1.3 without SNI by sending a bogus
self-signed cert!
2018-02-14 19:36:11 -08:00
2765775535
OpenSSL 1.1.1 support
2018-02-13 22:31:37 -08:00
81f7d17822
tests: if server failed to start, print exit code instead of timing out
...
```
% cargo +stable test --lib ssl::test::test_connect_with_alpn_successful_single_match --features=v102
Finished dev [unoptimized + debuginfo] target(s) in 0.0 secs
Running /Users/nga/devel/left/rust-openssl/target/debug/deps/openssl-a38e12a3527f6932
running 1 test
test ssl::test::test_connect_with_alpn_successful_single_match ... FAILED
failures:
---- ssl::test::test_connect_with_alpn_successful_single_match stdout ----
thread 'ssl::test::test_connect_with_alpn_successful_single_match' panicked at 'server exited: exit code: 1', src/ssl/test.rs:91:24
note: Run with `RUST_BACKTRACE=1` for a backtrace.
failures:
ssl::test::test_connect_with_alpn_successful_single_match
test result: FAILED. 0 passed; 1 failed; 0 ignored; 0 measured; 159 filtered out
```
2018-01-24 00:27:13 -08:00
692562470b
Add setters to ConnectConfiguration
2018-01-11 17:24:38 -08:00
be1e787ce6
Add from conversion
...
This is needed for tokio-openssl
2018-01-10 22:26:32 -08:00
af7aa52364
Adjust the SNI callback
...
Brings it more in line with how the raw callback is structured.
2018-01-06 22:20:20 -08:00
f50dd20cb6
Fix docs
2018-01-06 21:42:37 -08:00
3c19702299
Rename key serialization/deserialization methods
...
Also document their specific formats.
Closes #502
2018-01-06 13:27:44 -08:00
1553447385
Misc cleanup
2018-01-01 12:23:41 -08:00
9043cf9aa7
Move X509Filetype to SslFiletype
...
These constants have the same values, but X509_FILETYPE_DEFAULT doesn't
work in the Ssl methods and using the SSL_* names is a bit less
confusing.
2018-01-01 11:50:07 -08:00
d207897458
Parameterize keys over what they contain
...
Closes #790
2017-12-30 21:53:39 -08:00
1085e79447
Remove `SslRef::compression`
...
TLS compression is extremely deprecated, so no-one should be messing
with this in the first place.
2017-12-28 20:22:05 -08:00
23bab6336e
Add a parameter to servername
2017-12-28 10:18:23 -08:00
7fbda61609
Overhaul ALPN
...
There was previously a lot of behind the scenes magic. We now bind much
more directly to the relevant functions.
Also remove APN support. That protocol is supersceded by ALPN - let's
see if anyone actually needs to use it.
2017-12-27 16:24:01 -07:00
52a06adc08
Overhaul ssl error
2017-12-26 21:03:49 -07:00
f9866cd44f
Split X509StoreContextRef::ssl up
2017-12-26 14:53:35 -07:00
129b6b9d84
Overhaul verify error type
...
Also set the error in the hostname verification callback for 1.0.1
2017-12-26 14:43:10 -07:00
19dc6ce1eb
Adjust SslConnector and SslAcceptor construction
2017-12-26 10:39:21 -07:00
ce0641f093
Drop Any bounds
2017-12-26 08:55:12 -07:00
2adf2cf12b
Remove deprecated APIs
2017-12-25 22:09:27 -07:00
3744e31e16
Fix a bunch of FIXMEs
2017-12-25 21:44:41 -07:00
7cc6c9b2f2
Tweak default ssl options
2017-12-25 21:18:49 -07:00
7d0c6c9442
Fix tests
2017-12-25 20:32:06 -07:00
77448362ce
Rename X509FileType to X509Filetype
2017-12-25 19:57:02 -07:00
3eab162dc2
Move to associated consts
2017-12-25 19:56:27 -07:00
bbae793eb3
Upgrade bitflags to 1.0
...
Closes #756
2017-12-25 19:38:11 -07:00
34d700309c
Clean up 1.0.1 hostname verification
2017-12-23 19:32:33 -07:00
196a855d2a
Allow SNI and hostname verification to be configured separately
...
Closes #728
2017-12-23 12:47:38 -08:00
4b732dad19
Fix link
2017-12-09 15:50:23 -08:00
3207e57a09
Finish documentation for the ssl module
...
Closes #727
2017-12-04 22:15:56 -08:00
bf70d3dd71
Docs for the ssl module.
...
cc #727
2017-12-03 23:10:56 -08:00
Benjamin Saunders