ee5215bd31
SslSessionRef methods return static strings
...
Closes #961
2018-07-19 20:22:57 -07:00
321c076ab3
Fix build with openssl 1.1.1 and no-psk
...
I used this as build flags for openssl 1.1.1:
```
/usr/bin/perl ./Configure linux-x86_64 no-shared no-zlib no-psk no-srp no-weak-ssl-ciphers no-idea
```
rust-openssl crashed with this error:
```
Compiling openssl v0.10.10
error[E0433]: failed to resolve. Use of undeclared type or module `CStr`
--> /home/stefan/.cargo/registry/src/github.com-1ecc6299db9ec823/openssl-0.10.10/src/ssl/callbacks.rs:386:16
|
386 | let line = CStr::from_ptr(line).to_bytes();
| ^^^^ Use of undeclared type or module `CStr`
error[E0412]: cannot find type `c_char` in this scope
--> /home/stefan/.cargo/registry/src/github.com-1ecc6299db9ec823/openssl-0.10.10/src/ssl/callbacks.rs:377:75
|
377 | pub unsafe extern "C" fn raw_keylog<F>(ssl: *const ffi::SSL, line: *const c_char)
| ^^^^^^ did you mean `c_uchar`?
help: possible candidates are found in other modules, you can import them into scope
|
1 | use libc::c_char;
|
1 | use std::os::raw::c_char;
|
error: aborting due to 2 previous errors
Some errors occurred: E0412, E0433.
For more information about an error, try `rustc --explain E0412`.
error: Could not compile `openssl`.
warning: build failed, waiting for other jobs to finish...
```
this patch fixes the problem
2018-06-21 22:19:29 +02:00
6440ee04ef
Merge pull request #943 from lolzballs/master
...
Add wrapper for SSL_CTX_set_psk_server_callback
2018-06-17 15:47:00 -07:00
bf86580bec
Disable TLSv1.3 for psk_ciphers test
2018-06-17 17:00:22 -04:00
115cb730b0
Switch to accessors in libressl where possible
...
Some accessors are mysteriously still macros so we can't make everything
opaque yet, unfortunately.
cc #909
2018-06-09 21:49:36 -07:00
cdc90c7e9d
Add SslRef::set_alpn_protos
2018-06-04 20:19:27 -07:00
0745d66927
Update to 1.1.1-pre7
...
The initial session ticket is now sent as part of SSL_accept, so some
tests need to write a single byte through the stream to make sure that
both ends have fully completed to avoid test flakes.
TLSv1.3 cipher suite control has been extracted from the normal cipher
list into a separate method: SslContextBuilder::set_ciphersuites.
2018-06-02 13:58:56 -07:00
88c61d252f
Ensure psk test callbacks are called
2018-06-02 15:50:24 -04:00
285884c925
push PSK callback errors onto ErrorStack
2018-06-02 15:49:59 -04:00
bcc4ca0285
Change psk test cipher to PSK-AES128-CBC-SHA
...
Hopefully it works on CI servers now
2018-06-02 13:59:04 -04:00
b1c77a7ea5
Use is_null()
2018-06-02 13:49:42 -04:00
5d8a44612d
add test for psk; deprecated set_psk_callback
2018-06-02 13:47:52 -04:00
b1eb1224f5
Merge remote-tracking branch 'origin/master'
2018-06-02 10:56:31 -04:00
3456add537
Add SslRef::verified_chain
2018-05-29 21:53:22 -07:00
a774c0c5f2
Rename X509Ref::fingerprint to X509Ref::digest and avoid allocating
2018-05-24 21:07:36 -07:00
3cd33cdd8b
Don't panic on bogus servernames
...
Also add a second version of the method to avoid filtering out non-utf8
names.
Closes #930
2018-05-24 20:22:15 -07:00
c0876cc8c6
Add bindings to SSL_get_finished and SSL_get_peer_finished
...
These are used for the tls-unique SCRAM channel binding mode.
2018-05-24 20:00:28 -07:00
c7db3d18ad
Merge pull request #920 from Ralith/max-early-data-accessors
...
TLS1.3 early data support
2018-05-22 20:42:46 -07:00
2e478fdcf4
Expose early I/O
2018-05-22 20:25:28 -07:00
7a7f98a32c
Revert "Move proto version accessors to SslContextRef"
2018-05-20 20:55:20 -07:00
b976b5fd52
Move proto version accessors to SslContextRef
...
Add a Derf impl for SslContextBuilder so existing use still works.
2018-05-20 20:47:00 -07:00
f0347fbce8
Improve error Display impls
2018-05-20 19:37:19 -07:00
4c1fdf1d81
Support ALPN on libressl
...
Closes #690
2018-05-20 12:52:49 -07:00
a6fcef01c0
Overhaul openssl cfgs
...
Also expose hostname verification on libressl
2018-05-20 12:33:02 -07:00
d991566f2b
Support min/max version in LibreSSL
...
Their implementations of the accessors don't behave expected with no
bounds, so we ignore those bits of the tests.
2018-05-19 19:57:12 -07:00
69c75a178b
Expose early keying material export
2018-05-17 13:16:41 -07:00
d5d414b16f
Expose max TLS1.3 early data accessors
2018-05-17 12:02:32 -07:00
47a68e2929
Add wrapper for SSL_CTX_set_psk_server_callback
2018-05-16 17:49:36 -04:00
ff2c7ffefd
Merge Ssl impl blocks
2018-05-12 16:50:50 +01:00
c25b6f3e26
Clean up SSL callbacks
...
Also add an Arc to avoid a weird use after free edge case if a callback
changes a callback.
2018-05-12 15:02:53 +01:00
5cfbe7ac6a
Disable tests that talk to Google on LibreSSL 2.5.0
...
They're flickering, and I'm assuming it's just because that version is
so old.
2018-05-12 13:59:22 +01:00
e5d65306e7
Change SslContext callback handling
...
Use the existing infrastructure!
2018-05-12 13:19:01 +01:00
7a1b59d605
Fix base version for min/max proto accessors
...
Closes #911
2018-05-09 20:04:43 +01:00
47431f66bb
Expose SslSession <-> DER conversion
2018-04-29 01:54:16 -07:00
aa619c81c0
Some misc cleanup
2018-04-27 15:41:12 -07:00
e423da2d12
Merge pull request #858 from Ralith/stateless-api
...
Introduce SslStreamBuilder
2018-03-31 11:28:03 -07:00
1bbe1b6a8f
Clean up a couple of holdovers from old features
2018-03-29 10:20:18 +02:00
f99c101559
Add test for stateless connection
2018-03-28 18:14:48 -07:00
99fdb2bd0b
Introduce SslStreamBuilder
2018-03-28 18:14:48 -07:00
bbb1cb61f6
Update to OpenSSL 1.1.1-pre3
2018-03-28 18:14:44 -07:00
7c33346960
Remove version-specific features
...
Closes #852
2018-03-19 00:41:33 -07:00
09b1fe9a0d
Expose additional cipher and digest accessors
2018-03-16 20:33:23 -07:00
9f5ef88880
Add a Sync + Send bound to the custom ext type
...
It's stored inside of the Ssl, so this is probably tecnically
necessarly?
2018-03-11 15:36:47 -07:00
d0329473bd
Merge branch 'master' into custom-extensions
2018-03-11 15:27:28 -07:00
e02dbde2f7
Generic custom extension add fn return type
2018-03-10 22:30:54 -08:00
562fe79f4c
Add one more set of impls
2018-03-10 08:53:46 -08:00
b0bc1c770e
High-level API for OpenSSL 1.1.1 custom extension support
2018-03-09 20:33:49 -08:00
f92de22b8d
Add SslOptions::ENABLE_MIDDLEBOX_COMPAT
2018-03-03 14:57:38 -08:00
b7ba577339
Add min/max protocol version support
2018-02-25 23:20:10 -08:00
d5dd6575c1
Restore error stack in cookie callback
2018-02-25 22:11:08 -08:00
e04dbfa3ee
Expose cookie generate/verify callback setters
2018-02-25 20:05:15 -08:00
cebfbd9a25
Merge pull request #850 from sfackler/put-error
...
Add the ability to push errors back onto the error stack.
2018-02-24 20:58:07 -08:00
5fd23d38d5
Add the ability to push errors back onto the error stack.
2018-02-24 20:46:03 -08:00
f72f35e9bd
Add RFC 5705 support
2018-02-23 22:04:57 -08:00
7e0591a377
Actually add version stuff
2018-02-21 23:25:28 -08:00
15048f4c02
Inline connector constants
2018-02-21 19:41:06 -08:00
6977e9e89f
Don't special case 1.0.1
...
It appears that 1.0.1's defaults are actually okay.
2018-02-21 18:44:04 -08:00
7192a5291f
Update SslConnector cipher list
...
Based off of python/cpython#3532 , we use OpenSSL's default cipher list
and turn of things we don't like. This can't be used with 1.0.1,
however, which had a poor default set. There, we use the old defaults,
with the bits that aren't implemented in 1.0.1 removed (namely TLSv1.3
suites and ChaCha).
2018-02-20 22:27:54 -08:00
2daaf3fdea
Add some debugging-related bindings
2018-02-17 17:49:49 -08:00
90d5f85511
Add SSL_version binding
2018-02-17 13:44:21 -08:00
3f5e3f095e
Fix session cloning
2018-02-17 10:12:47 -08:00
e5123d266b
Bind remove and get session callbacks
2018-02-16 22:24:34 -08:00
4dffa0c33f
SSL session callbacks have always been around
2018-02-16 21:31:09 -08:00
af4832e145
Doc tweak
2018-02-15 21:33:39 -08:00
a9d8bea33c
Add more session cache support
2018-02-15 21:30:20 -08:00
f4ddd66b03
Tweak features
...
We should keep the version features totally separate for now.
2018-02-14 22:11:24 -08:00
e8fd63bae3
Fix tests for TLS 1.3
...
Google yells at you when using TLS 1.3 without SNI by sending a bogus
self-signed cert!
2018-02-14 19:36:11 -08:00
2765775535
OpenSSL 1.1.1 support
2018-02-13 22:31:37 -08:00
81f7d17822
tests: if server failed to start, print exit code instead of timing out
...
```
% cargo +stable test --lib ssl::test::test_connect_with_alpn_successful_single_match --features=v102
Finished dev [unoptimized + debuginfo] target(s) in 0.0 secs
Running /Users/nga/devel/left/rust-openssl/target/debug/deps/openssl-a38e12a3527f6932
running 1 test
test ssl::test::test_connect_with_alpn_successful_single_match ... FAILED
failures:
---- ssl::test::test_connect_with_alpn_successful_single_match stdout ----
thread 'ssl::test::test_connect_with_alpn_successful_single_match' panicked at 'server exited: exit code: 1', src/ssl/test.rs:91:24
note: Run with `RUST_BACKTRACE=1` for a backtrace.
failures:
ssl::test::test_connect_with_alpn_successful_single_match
test result: FAILED. 0 passed; 1 failed; 0 ignored; 0 measured; 159 filtered out
```
2018-01-24 00:27:13 -08:00
692562470b
Add setters to ConnectConfiguration
2018-01-11 17:24:38 -08:00
be1e787ce6
Add from conversion
...
This is needed for tokio-openssl
2018-01-10 22:26:32 -08:00
af7aa52364
Adjust the SNI callback
...
Brings it more in line with how the raw callback is structured.
2018-01-06 22:20:20 -08:00
f50dd20cb6
Fix docs
2018-01-06 21:42:37 -08:00
3c19702299
Rename key serialization/deserialization methods
...
Also document their specific formats.
Closes #502
2018-01-06 13:27:44 -08:00
1553447385
Misc cleanup
2018-01-01 12:23:41 -08:00
9043cf9aa7
Move X509Filetype to SslFiletype
...
These constants have the same values, but X509_FILETYPE_DEFAULT doesn't
work in the Ssl methods and using the SSL_* names is a bit less
confusing.
2018-01-01 11:50:07 -08:00
d207897458
Parameterize keys over what they contain
...
Closes #790
2017-12-30 21:53:39 -08:00
1085e79447
Remove `SslRef::compression`
...
TLS compression is extremely deprecated, so no-one should be messing
with this in the first place.
2017-12-28 20:22:05 -08:00
23bab6336e
Add a parameter to servername
2017-12-28 10:18:23 -08:00
7fbda61609
Overhaul ALPN
...
There was previously a lot of behind the scenes magic. We now bind much
more directly to the relevant functions.
Also remove APN support. That protocol is supersceded by ALPN - let's
see if anyone actually needs to use it.
2017-12-27 16:24:01 -07:00
52a06adc08
Overhaul ssl error
2017-12-26 21:03:49 -07:00
f9866cd44f
Split X509StoreContextRef::ssl up
2017-12-26 14:53:35 -07:00
129b6b9d84
Overhaul verify error type
...
Also set the error in the hostname verification callback for 1.0.1
2017-12-26 14:43:10 -07:00
19dc6ce1eb
Adjust SslConnector and SslAcceptor construction
2017-12-26 10:39:21 -07:00
ce0641f093
Drop Any bounds
2017-12-26 08:55:12 -07:00
2adf2cf12b
Remove deprecated APIs
2017-12-25 22:09:27 -07:00
3744e31e16
Fix a bunch of FIXMEs
2017-12-25 21:44:41 -07:00
7cc6c9b2f2
Tweak default ssl options
2017-12-25 21:18:49 -07:00
7d0c6c9442
Fix tests
2017-12-25 20:32:06 -07:00
77448362ce
Rename X509FileType to X509Filetype
2017-12-25 19:57:02 -07:00
3eab162dc2
Move to associated consts
2017-12-25 19:56:27 -07:00
bbae793eb3
Upgrade bitflags to 1.0
...
Closes #756
2017-12-25 19:38:11 -07:00
34d700309c
Clean up 1.0.1 hostname verification
2017-12-23 19:32:33 -07:00
196a855d2a
Allow SNI and hostname verification to be configured separately
...
Closes #728
2017-12-23 12:47:38 -08:00
4b732dad19
Fix link
2017-12-09 15:50:23 -08:00
3207e57a09
Finish documentation for the ssl module
...
Closes #727
2017-12-04 22:15:56 -08:00
bf70d3dd71
Docs for the ssl module.
...
cc #727
2017-12-03 23:10:56 -08:00
4a10c31219
Impl deref for acceptor/connector builders
2017-12-03 19:24:11 -08:00
e9ad9f1afd
Upgrade foreign-types
...
foreign-types 0.3 and 0.2 now share the same types and traits, so this
is backwards compatible.
2017-11-26 17:07:24 -07:00
de987f20c8
Revert "Update foreign-types to 0.3"
2017-11-21 08:51:37 -08:00
Steven Fackler