min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,327 Commits 2 Branches 0 Tags 16 MiB
Commit Graph

69 Commits

Author SHA1 Message Date
Steven Fackler a6fcef01c0 Overhaul openssl cfgs 
Also expose hostname verification on libressl
 2018-05-20 12:33:02 -07:00
Steven Fackler 1bbe1b6a8f Clean up a couple of holdovers from old features 2018-03-29 10:20:18 +02:00
Steven Fackler 7c33346960 Remove version-specific features 
Closes #852
 2018-03-19 00:41:33 -07:00
Steven Fackler 15048f4c02 Inline connector constants 2018-02-21 19:41:06 -08:00
Steven Fackler 6977e9e89f Don't special case 1.0.1 
It appears that 1.0.1's defaults are actually okay.
 2018-02-21 18:44:04 -08:00
Steven Fackler 7192a5291f Update SslConnector cipher list 
Based off of python/cpython#3532, we use OpenSSL's default cipher list
and turn of things we don't like. This can't be used with 1.0.1,
however, which had a poor default set. There, we use the old defaults,
with the bits that aren't implemented in 1.0.1 removed (namely TLSv1.3
suites and ChaCha).
 2018-02-20 22:27:54 -08:00
Steven Fackler 2765775535 OpenSSL 1.1.1 support 2018-02-13 22:31:37 -08:00
Steven Fackler 692562470b Add setters to ConnectConfiguration 2018-01-11 17:24:38 -08:00
Steven Fackler 3c19702299 Rename key serialization/deserialization methods 
Also document their specific formats.

Closes #502
 2018-01-06 13:27:44 -08:00
Steven Fackler f9866cd44f Split X509StoreContextRef::ssl up 2017-12-26 14:53:35 -07:00
Steven Fackler 129b6b9d84 Overhaul verify error type 
Also set the error in the hostname verification callback for 1.0.1
 2017-12-26 14:43:10 -07:00
Steven Fackler 19dc6ce1eb Adjust SslConnector and SslAcceptor construction 2017-12-26 10:39:21 -07:00
Steven Fackler 2adf2cf12b Remove deprecated APIs 2017-12-25 22:09:27 -07:00
Steven Fackler 3744e31e16 Fix a bunch of FIXMEs 2017-12-25 21:44:41 -07:00
Steven Fackler 7cc6c9b2f2 Tweak default ssl options 2017-12-25 21:18:49 -07:00
Steven Fackler 7d0c6c9442 Fix tests 2017-12-25 20:32:06 -07:00
Steven Fackler bbae793eb3 Upgrade bitflags to 1.0 
Closes #756
 2017-12-25 19:38:11 -07:00
Steven Fackler 34d700309c Clean up 1.0.1 hostname verification 2017-12-23 19:32:33 -07:00
Steven Fackler 196a855d2a Allow SNI and hostname verification to be configured separately 
Closes #728
 2017-12-23 12:47:38 -08:00
Steven Fackler 3207e57a09 Finish documentation for the ssl module 
Closes #727
 2017-12-04 22:15:56 -08:00
Steven Fackler 4a10c31219 Impl deref for acceptor/connector builders 2017-12-03 19:24:11 -08:00
johnthagen b5bb8de4f2 Convert try! usage to ? 2017-10-03 17:44:02 -04:00
Steven Fackler dc92a514ef Properly handle IPs in hostname verification 2017-09-20 10:04:09 -04:00
Steven Fackler 7d41009a9c Update default client cipher list 2017-09-16 13:10:55 -04:00
Steven Fackler 9bd64edc08 Fix indentation 2017-09-15 22:31:03 -04:00
Alex Crichton 68a30c29c9 Set SSL_MODE_RELEASE_BUFFERS by default 
Closes #696
 2017-09-14 19:15:00 -07:00
Steven Fackler 8fa9b58743 Tweak formatting on cipher list 2017-07-26 20:49:24 -07:00
Steven Fackler bcd0dcafcb Rustfmt 2017-07-15 21:46:11 -07:00
Steven Fackler dbbf446a9e Fix build 2017-07-15 17:25:02 -07:00
Steven Fackler c68db708ee Don't overwrite the configured verify mode 
We can leverage the new extra data API to configure the verification
mode up front so users can reconfigure it as they like.
 2017-07-15 16:50:36 -07:00
Steven Fackler c8d1698f27 Logic to support client-side session reuse 2017-03-25 19:30:01 -07:00
Steven Fackler 1fbe8f8d71 Fix typo 2017-01-08 11:04:47 -08:00
Steven Fackler 1942977408 Add methods to construct SslAcceptorBuilder without key and cert 
This will allow, in particular, initialization directly from files
rather than having to load and parse them manually.
 2017-01-08 10:57:04 -08:00
Steven Fackler cfb2539ed4 Typo 2017-01-02 09:37:31 -08:00
Steven Fackler 146512099b Implement Clone for SslConnector and SslAcceptor 2016-11-27 21:35:35 -08:00
Steven Fackler 234f126d7d Cleanup 2016-11-27 21:00:59 -08:00
Steven Fackler 6794a45d60 Rename ec_key to ec 2016-11-14 22:37:01 +01:00
Steven Fackler 0d0b5080e2 Rename new_by_curve_name to from_curve_name 2016-11-13 20:21:44 +00:00
Steven Fackler 85c1474ce6 No need to use a raw string anymore 2016-11-13 12:19:31 +00:00
Steven Fackler 64e9932ac9 Use ffdhe2048 in mozilla_intermediate 2016-11-12 17:52:58 +00:00
Steven Fackler 2f8301fc63 Be a bit more emphatic about the danger 2016-11-12 16:51:26 +00:00
Steven Fackler 6b3599d319 Add a connect method that does not perform hostname verification 
The method name is intentionally painful to type to discourage its use
 2016-11-12 16:45:18 +00:00
Steven Fackler aa7c27536a Make sure to override SslContext verify callback always 
The 1.0.1 code has to override this to setup hostname validation, and
don't want behavior to silently change depending on the OpenSSL version
you're building against.
 2016-11-08 22:38:48 +00:00
Steven Fackler 1edb6f682e Support client CA advertisement 2016-11-06 12:17:14 -08:00
Steven Fackler f15c817c2d Rustfmt 2016-11-05 10:54:17 -07:00
Steven Fackler 99b41a0050 Rename accessors 2016-11-05 10:15:40 -07:00
Steven Fackler 01ae978db0 Get rid of Ref 
There's unfortunately a rustdoc bug that causes all methods implemented
for any Ref<T> to be inlined in the deref methods section :(
 2016-11-04 17:16:59 -07:00
Steven Fackler aa0040125b Use built in DH parameters when available 
Fall back to a hardcoded PEM blob on 1.0.1, but serialized from
DH_get_2048_256.
 2016-11-01 22:50:22 -07:00
Lionel Flandrin 36bf0bb387 Replace GeneralNames by the new Stack API 2016-11-01 21:23:18 +01:00
Steven Fackler f71395c600 Little cfg cleanup 2016-10-31 22:45:51 -07:00