4a10c31219
Impl deref for acceptor/connector builders
2017-12-03 19:24:11 -08:00
e9ad9f1afd
Upgrade foreign-types
...
foreign-types 0.3 and 0.2 now share the same types and traits, so this
is backwards compatible.
2017-11-26 17:07:24 -07:00
de987f20c8
Revert "Update foreign-types to 0.3"
2017-11-21 08:51:37 -08:00
93be1c4f2f
Update foreign-types to 0.3
2017-11-21 09:17:39 +01:00
55bf390dbe
Adjust libressl version detection
...
The 2.5.3+ and 2.6.3+ series are ABI-stable, so we don't need to
whitelist individual releases in those ranges.
2017-11-13 21:51:55 -08:00
6257835757
Add support for LibreSSL 2.6.3
2017-11-13 09:51:17 -05:00
8830bd5daf
Add a couple of FIXMEs
2017-11-05 10:47:05 -08:00
a1a3219483
Handle local retries
...
OpenSSL can return SSL_ERROR_WANT_READ even on blocking sockets after
renegotiation or heartbeats. Heartbeats ignore the flag that normally
makes these things handled internally anyway on 1.0.2. To handle this
more properly, we now have a special error type we use to signal this
event. The `Read` and `Write` implementation automatically retry in this
situation since that's what you normally want. People can use `ssl_read`
and `ssl_write` if they want the lower level control.
Closes #760
2017-11-04 13:32:18 -07:00
d5299a8d2b
Fixed a typo in an error message, WANT_WRITE -> WANT_READ
2017-10-17 20:06:35 -05:00
ff8f54812c
Merge pull request #752 from chrisvittal/libressl262
...
Add support for LibreSSL 2.6.2
2017-10-03 22:11:29 -07:00
1308cb2b52
Fix cfgs for libressl262
2017-10-04 00:53:09 -04:00
e0efd1d438
Add support for LibreSSL 2.6.2
2017-10-03 23:59:33 -04:00
b5bb8de4f2
Convert try! usage to ?
2017-10-03 17:44:02 -04:00
dc92a514ef
Properly handle IPs in hostname verification
2017-09-20 10:04:09 -04:00
f0db1dbc95
Merge pull request #695 from Keruspe/master
...
openssl-sys: support libressl 2.6.1
2017-09-17 13:57:18 -07:00
b73548da18
openssl: ecdh_tmp_callback doesn't work with libressl 2.6.1
...
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2017-09-17 19:55:47 +02:00
5091830379
openssl: libressl 2.6.1 dropped suuport for npn
...
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2017-09-17 19:46:05 +02:00
7d41009a9c
Update default client cipher list
2017-09-16 13:10:55 -04:00
9bd64edc08
Fix indentation
2017-09-15 22:31:03 -04:00
68a30c29c9
Set SSL_MODE_RELEASE_BUFFERS by default
...
Closes #696
2017-09-14 19:15:00 -07:00
be1b573f6b
Delete DTLS tests
2017-08-08 22:01:58 -07:00
c2164a4864
Add peer_cert_chain
2017-07-29 10:34:10 -07:00
a132834132
Ignore dtls tests
...
They're way too flaky.
Closes #525
2017-07-29 09:54:04 -07:00
8fa9b58743
Tweak formatting on cipher list
2017-07-26 20:49:24 -07:00
374ad206d5
Use foreign-type's Opaque
2017-07-15 21:53:49 -07:00
bcd0dcafcb
Rustfmt
2017-07-15 21:46:11 -07:00
5c2410c38a
Init before creating ex indexes
2017-07-15 18:58:24 -07:00
dbbf446a9e
Fix build
2017-07-15 17:25:02 -07:00
c68db708ee
Don't overwrite the configured verify mode
...
We can leverage the new extra data API to configure the verification
mode up front so users can reconfigure it as they like.
2017-07-15 16:50:36 -07:00
fd52bbe85c
Add an API to install extra data
2017-07-15 16:50:36 -07:00
e3c7a2785c
Move callbacks to a submodule
2017-07-15 16:50:36 -07:00
279bffccf5
Merge pull request #641 from luser/psk
...
Expose PSK via a SslContextBuilder::set_psk_callback method
2017-07-04 18:19:17 -10:00
240eb9731f
Properly reexport ConnectConfiguration
2017-06-14 19:54:09 -07:00
98d343dd32
Fix for changes in OpenSSL 1.1.0f
2017-06-06 18:45:54 -04:00
4de58596d9
Make some changes for review comments
2017-06-02 08:20:03 -04:00
3028958bf6
Little docs fix
2017-05-29 21:11:49 -07:00
c89af1d5f8
Add a fixme
2017-05-29 18:04:32 -07:00
16183f41f6
Expose PSK via a SslContextBuilder::set_psk_callback method
2017-05-26 14:51:04 -04:00
27728f6fd9
Update bitflags 0.8 -> 0.9
2017-05-22 12:44:22 +03:00
0efef98848
Add a note to rename variant
2017-05-06 16:35:55 -07:00
dd3896fdc5
Clarify use of ssl::HandshakeError::Interrupted
2017-05-03 12:03:18 -07:00
c8d1698f27
Logic to support client-side session reuse
2017-03-25 19:30:01 -07:00
618cc70d19
Add a fixme to drop const prefixes
2017-02-19 14:24:05 -08:00
710a30bb40
Tweaks
2017-02-18 21:58:38 -08:00
88740c1374
add Ok to result
2017-02-16 19:59:02 -08:00
323a646383
only forget in non-error condition
2017-02-16 19:50:58 -08:00
eef5b5d2ac
review fixes: reorder forget()
2017-02-16 19:49:14 -08:00
d080c10910
fix cfg options for v102 and v110
2017-02-16 19:49:14 -08:00
f8298882a4
add set_verify_cert_store() to ssl ctx
2017-02-16 19:49:14 -08:00
f2c69ae7e9
Merge remote-tracking branch 'origin/master' into x509-builder
2017-02-11 10:13:00 -08:00
12ae31ad47
Switch to foreign_types
2017-02-03 23:03:35 -08:00
722bdb6a4c
Merge pull request #550 from Keruspe/master
...
LibreSSL support improvements
2017-01-22 18:39:34 +00:00
1ffdf8a1ab
Fix test warnings
2017-01-21 14:43:43 +00:00
920ab0d6fb
OCSP functionality
2017-01-14 21:09:38 -08:00
1fbe8f8d71
Fix typo
2017-01-08 11:04:47 -08:00
1942977408
Add methods to construct SslAcceptorBuilder without key and cert
...
This will allow, in particular, initialization directly from files
rather than having to load and parse them manually.
2017-01-08 10:57:04 -08:00
0978f87095
libressl: make set_ecdh_auto available
...
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2017-01-05 20:47:01 +01:00
404e0341d8
Provide master key access
2017-01-04 22:01:30 -08:00
a2c118bf82
Add basic session tests
2017-01-04 21:18:13 -08:00
0b1bfee46d
session is nullable
2017-01-04 21:15:09 -08:00
5d53405597
Provide access to the session ID
2017-01-04 21:11:06 -08:00
88a7032f4b
Types and accessor for SslSession
2017-01-04 20:59:46 -08:00
cfb2539ed4
Typo
2017-01-02 09:37:31 -08:00
0e0bee50a5
Clean up bio
2017-01-01 10:18:43 -08:00
7e035a7fd1
Merge pull request #538 from semarie/libressl
...
Add LibreSSL support
2016-12-22 11:59:19 -05:00
b3526cbd2b
Add LibreSSL 2.5.0 support
2016-12-21 09:27:12 +01:00
8e01f8d250
Handle zero-length reads/writes
...
This commit adds some short-circuits for zero-length reads/writes to
`SslStream`. Because OpenSSL returns 0 on error, then we could mistakenly
confuse a 0-length success as an actual error, so we avoid writing or reading 0
bytes by returning quickly with a success.
2016-12-20 15:52:18 -08:00
146512099b
Implement Clone for SslConnector and SslAcceptor
2016-11-27 21:35:35 -08:00
234f126d7d
Cleanup
2016-11-27 21:00:59 -08:00
6794a45d60
Rename ec_key to ec
2016-11-14 22:37:01 +01:00
0d0b5080e2
Rename new_by_curve_name to from_curve_name
2016-11-13 20:21:44 +00:00
85c1474ce6
No need to use a raw string anymore
2016-11-13 12:19:31 +00:00
64e9932ac9
Use ffdhe2048 in mozilla_intermediate
2016-11-12 17:52:58 +00:00
2f8301fc63
Be a bit more emphatic about the danger
2016-11-12 16:51:26 +00:00
6b3599d319
Add a connect method that does not perform hostname verification
...
The method name is intentionally painful to type to discourage its use
2016-11-12 16:45:18 +00:00
7cdb58bc47
Simplify test logic a bit
2016-11-12 14:42:48 +00:00
96d24c8957
Add SslRef::set_{tmp_dh,tmp_ecdh,ecdh_auto}
2016-11-12 13:45:54 +00:00
2a1d7b2bcb
Pick different cipher lists on 1.0.1 and 1.0.2
2016-11-12 13:36:03 +00:00
93253ba599
Adjust cipher lists to work on older versions
2016-11-12 13:09:12 +00:00
780c46e0e7
Add SslRef::set_tmp_{ec,}dh_calback
2016-11-12 12:56:58 +00:00
563754fb08
Add SslContextBuilder::set_tmp_{ec,}dh_callback
2016-11-12 12:43:44 +00:00
26a3358a2b
Add basic X509_STORE access
...
There's more to do here, but this enabled addition of trusted CAs from
X509 objects.
Closes #394
2016-11-12 00:24:12 +00:00
898e7f02df
Fix EOF detection
...
See https://github.com/openssl/openssl/issues/1903 for details
2016-11-11 15:10:30 +00:00
a42c6e8713
Drop rustc-serialize dependency
2016-11-09 20:35:23 +00:00
aa7c27536a
Make sure to override SslContext verify callback always
...
The 1.0.1 code has to override this to setup hostname validation, and
don't want behavior to silently change depending on the OpenSSL version
you're building against.
2016-11-08 22:38:48 +00:00
597d05b8f8
Add stack creation and push
2016-11-06 23:46:42 -08:00
1edb6f682e
Support client CA advertisement
2016-11-06 12:17:14 -08:00
a4e0581e4f
Fix build on 1.0.1
2016-11-06 11:57:50 -08:00
bcb7b3f5dc
Add accessors for cert and private key
...
Closes #340
2016-11-06 10:46:38 -08:00
79e2004eef
Fixes
2016-11-05 19:28:17 -07:00
f15c817c2d
Rustfmt
2016-11-05 10:54:17 -07:00
99b41a0050
Rename accessors
2016-11-05 10:15:40 -07:00
01ae978db0
Get rid of Ref
...
There's unfortunately a rustdoc bug that causes all methods implemented
for any Ref<T> to be inlined in the deref methods section :(
2016-11-04 17:16:59 -07:00
6fe7dd3024
Remove an enum
2016-11-03 22:45:54 -07:00
aa0040125b
Use built in DH parameters when available
...
Fall back to a hardcoded PEM blob on 1.0.1, but serialized from
DH_get_2048_256.
2016-11-01 22:50:22 -07:00
36bf0bb387
Replace GeneralNames by the new Stack API
2016-11-01 21:23:18 +01:00
f71395c600
Little cfg cleanup
2016-10-31 22:45:51 -07:00
dc4098bdd8
Clean up x509 name entries
2016-10-31 22:43:05 -07:00
cd7fa9fca2
Update x509
2016-10-31 20:54:34 -07:00
ff12d37aef
Update ssl
2016-10-31 20:32:55 -07:00
Steven Fackler