min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,549 Commits 2 Branches 0 Tags 16 MiB
Commit Graph

316 Commits

Author SHA1 Message Date
Steven Fackler 43b430e5b0 Pass SslMethod into constructors 2016-10-30 14:26:28 -07:00
Steven Fackler ee79db61c2 Enable single ECDH use 2016-10-30 13:41:24 -07:00
Steven Fackler 677718f8da Configure ECDH parameters in connector 2016-10-30 13:38:09 -07:00
Steven Fackler eb735f519a Clean up generics a bit 2016-10-30 11:05:29 -07:00
Steven Fackler 23fe1e85e9 Pull Curl's CA list for Windows tests 2016-10-29 18:17:46 -07:00
Steven Fackler 761dd780c1 Add module level docs 2016-10-29 18:04:38 -07:00
Steven Fackler e72533c058 Docs for connectors 2016-10-29 15:00:46 -07:00
Steven Fackler 57d10ebbc3 Add PKeyRef 2016-10-29 14:19:09 -07:00
Steven Fackler 4c7a5a418e Implement client and server connectors 2016-10-29 14:02:26 -07:00
Steven Fackler dafb46fc51 Camel case DH 2016-10-27 20:26:18 -07:00
Steven Fackler 781417d50f Add a macro definition 2016-10-27 19:12:55 -07:00
Steven Fackler 8e129af256 Fix description 2016-10-26 22:15:41 -07:00
Steven Fackler 63b1ec1a12 Stop returning an Option from cipher description 2016-10-26 22:13:10 -07:00
Steven Fackler ebc4c56c34 Add SslMethod::from_ptr 2016-10-26 20:43:43 -07:00
Steven Fackler f4b7006771 Don't allow mutation of SslContexts 
SslContext is reference counted and the various setter methods don't
take out locks where necessary. Fix this by adding a builder for the
context.
 2016-10-25 23:12:56 -07:00
Steven Fackler 39279455c8 Add a shutdown method 2016-10-25 20:40:18 -07:00
Steven Fackler eb655bddbc Fix ordering 2016-10-25 20:01:28 -07:00
Steven Fackler 938fdd7137 Add into_error 2016-10-23 21:54:49 -07:00
Steven Fackler ca71e00878 Fix Send + Sync-ness of SslStream 2016-10-23 20:55:31 -07:00
Steven Fackler 98b7f2f935 Flatten crypto module 2016-10-22 09:16:38 -07:00
Steven Fackler 9be0aab9ac Borrow compression string 2016-10-21 21:46:32 -07:00
Steven Fackler f1c68e3544 Rename SslContextOptions 2016-10-21 21:22:05 -07:00
Steven Fackler 8ec53eb0e1 Fix X509StoreContext 2016-10-21 20:59:07 -07:00
Steven Fackler 02b4385c5d Convert X509VerifyParamRef 2016-10-21 19:58:06 -07:00
Steven Fackler f0cde38929 Borrowed servername 2016-10-21 19:54:30 -07:00
Steven Fackler fcb86b8394 Convert SslCipherRef 2016-10-21 19:45:46 -07:00
Steven Fackler 2bbeddd14a Convert SslRef 2016-10-21 19:33:56 -07:00
Steven Fackler fe98a90719 Convert SslContextRef 2016-10-21 19:15:09 -07:00
Steven Fackler bd0c0c60bd Store a MidHandshakeSslStream in fatal errors 
This in particular allows the X509 verification error to be retrieved,
as well as the stream itself.
 2016-10-20 20:57:53 -07:00
Steven Fackler 8f3511c0cd Redo SslStream construction 
SslStream is now constructed via methods on Ssl. You realistically want
to create an Ssl for SNI and hostname verification so making it harder
to construct a stream directly from an SslContext is a good thing.
 2016-10-20 19:59:09 -07:00
Steven Fackler 5ab037f056 Allow the X509 verify error to be read from an SslRef 2016-10-18 22:21:06 -07:00
Steven Fackler c4459c37d9 Callback cleanup 2016-10-18 21:13:13 -07:00
Steven Fackler f7e6d7fce6 Don't ignore errors in NPN/ALPN logic 
Closes #479
 2016-10-18 21:12:55 -07:00
Steven Fackler 194298a057 Implement new feature setup 
The basic idea here is that there is a feature for each supported
OpenSSL version. Enabling multiple features represents support for
multiple OpenSSL versions, but it's then up to you to check which
version you link against (probably by depending on openssl-sys and
making a build script similar to what openssl does).
 2016-10-17 21:57:54 -07:00
Steven Fackler b7400d56e8 Fix algorithm field 2016-10-16 23:22:00 -07:00
Steven Fackler 78daed2d58 ssl error handling cleanup 2016-10-16 20:14:04 -07:00
Steven Fackler 6ea551dc82 Fix set_read_ahead signature 2016-10-15 16:53:10 -07:00
Steven Fackler ee18988584 De-enumify SslMethod 2016-10-15 16:10:03 -07:00
Steven Fackler c171be551a De-enumify message digests 2016-10-15 15:23:29 -07:00
Steven Fackler 64b8e5e553 Merge pull request #471 from sfackler/no-comp 
Handle OPENSSL_NO_COMP
 2016-10-14 23:09:11 -07:00
Steven Fackler 7ac0599638 Fix test_alpn_server_select_none 
In OpenSSL 1.1, a failure to negotiate a protocol is a fatal error, so
fork that test. This also popped up an issue where we assumed all errors
had library, function, and reason strings which is not necessarily the
case.

While we're in here, adjust the Display impl to match what OpenSSL
prints out.

Closes #465
 2016-10-14 22:01:21 -07:00
Steven Fackler f520aa2860 Handle OPENSSL_NO_COMP 
Closes #459
 2016-10-14 20:50:45 -07:00
Steven Fackler d976b8f595 Enable hostname verification on 1.0.2 2016-10-14 18:56:15 -07:00
Steven Fackler af51b263b1 Support hostname verification 
Closes #206
 2016-10-14 17:39:31 -07:00
Alex Crichton 0908fddc74 Ignore DTLS tests on Windows/ARM for now 
cc #467
 2016-10-14 11:15:22 -07:00
Steven Fackler f44cff29e6 Cleanup 2016-10-13 22:34:39 -07:00
Steven Fackler 3d535f661f Use stdlib logic for udp 2016-10-13 20:15:26 -07:00
Steven Fackler a09f46266d Fix windows for real 2016-10-13 20:09:43 -07:00
Steven Fackler 5b29fc9d69 Disable npn tests on < 1.0.2 
s_client doesn't seem to support the required flag before then.
 2016-10-13 20:03:02 -07:00
Steven Fackler 140ef1b988 Fix tests on windows 2016-10-13 20:01:31 -07:00
Steven Fackler 143556078b Reenable dtls tests 2016-10-13 19:48:30 -07:00
Steven Fackler edfc50f37d Clean up features 2016-10-13 19:46:13 -07:00
Steven Fackler b610e01793 Flag off dtls and mask ssl_ops 
Also un-feature gate npn as it ships with 1.0.1
 2016-10-13 19:06:53 -07:00
Alex Crichton 715b700aff Ignore a test on OpenSSL 1.1.0 2016-10-12 22:51:47 -07:00
Steven Fackler af3e06d3e8 Add remaining SSL_OP constants 2016-10-12 22:50:08 -07:00
Alex Crichton 43c951f743 Add support for OpenSSL 1.1.0 
This commit is relatively major refactoring of the `openssl-sys` crate as well
as the `openssl` crate itself. The end goal here was to support OpenSSL 1.1.0,
and lots of other various tweaks happened along the way. The major new features
are:

* OpenSSL 1.1.0 is supported
* OpenSSL 0.9.8 is no longer supported (aka all OSX users by default)
* All FFI bindings are verified with the `ctest` crate (same way as the `libc`
  crate)
* CI matrixes are vastly expanded to include 32/64 of all platforms, more
  OpenSSL version coverage, as well as ARM coverage on Linux
* The `c_helpers` module is completely removed along with the `gcc` dependency.
* The `openssl-sys` build script was completely rewritten
  * Now uses `OPENSSL_DIR` to find the installation, not include/lib env vars.
  * Better error messages for mismatched versions.
  * Better error messages for failing to find OpenSSL on a platform (more can be
    done here)
  * Probing of OpenSSL build-time configuration to inform the API of the `*-sys`
    crate.
* Many Cargo features have been removed as they're now enabled by default.

As this is a breaking change to both the `openssl` and `openssl-sys` crates this
will necessitate a major version bump of both. There's still a few more API
questions remaining but let's hash that out on a PR!

Closes #452
 2016-10-12 22:49:55 -07:00
Steven Fackler cd69343d67 Fix SslContext::add_extra_chain_cert 
SSL_CTX_add_extra_chain_cert assumes ownership of the certificate, so
the method really needs to take an X509 by value. Work around this by
manually cloning the cert.

This method has been around for over a year but I'm guessing nobody
actually used it since it produces a nice double free into segfault!
 2016-08-17 19:30:57 -07:00
Steven Fackler 80ed1ef8ab Ignore flickering test on windows 2016-08-16 22:41:36 -07:00
Steven Fackler 6b12a0cdde PKCS #12 support 2016-08-14 11:11:26 -07:00
Steven Fackler ad4a8cc140 More test fixes 2016-08-14 11:05:53 -07:00
Steven Fackler 3876332734 Fix tests 2016-08-14 10:29:55 -07:00
Steven Fackler 773a6f0735 Start on PKCS #12 support 2016-08-14 10:11:38 -07:00
Steven Fackler 5042d3d170 Mangle c helper functions 
We want to make sure that multiple openssl versions can coexist in the
same dependency tree.

Closes #438
 2016-08-13 12:05:29 -07:00
Steven Fackler b21805f541 Fix tests 2016-08-10 22:10:32 -07:00
Steven Fackler 0359afb99e Little tweaks 2016-08-10 22:02:36 -07:00
Steven Fackler 59fe901357 Method renames 2016-08-10 21:28:17 -07:00
Steven Fackler 5e6b8e68fd More API cleanup 2016-08-10 21:07:41 -07:00
Steven Fackler 0854632ff5 Make c_helpers optional 2016-08-09 22:02:49 -07:00
Steven Fackler 2f46c793e5 Remove rust_SSL_clone 2016-08-09 21:23:54 -07:00
Steven Fackler 25752280ae Move init to crate root 2016-08-07 22:09:19 -07:00
Steven Fackler 79602b6af4 get_error -> error 2016-08-07 21:34:58 -07:00
Steven Fackler 5af01a5dbd Clean up asn1time 2016-08-06 22:23:03 -07:00
Steven Fackler fe47e93f2f Fix pkey method safety 2016-08-05 21:04:40 -07:00
Steven Fackler b4145c6fa5 Clean up x509 2016-08-05 20:55:05 -07:00
Steven Fackler c47be8b14b Move SSL_CTX_set_ecdh_auto to -sys 2016-08-04 22:52:40 -07:00
Steven Fackler ee67ea8ea0 Mvoe SSL_CTX_add_extra_chain_cert to -sys 2016-08-04 22:46:47 -07:00
Steven Fackler 378b86326c Move SSL_CTX_set_tmp_dh to -sys 2016-08-04 22:43:24 -07:00
Steven Fackler 7fb7f4671d Move SSL_CTX_set_read_ahead to -sys 2016-08-04 22:40:01 -07:00
Steven Fackler 77dbab2cad Move SSL_CTX_set_tlsext_servername_callback to -sys 2016-08-04 22:37:39 -07:00
Steven Fackler c2a7c5b7f0 Move SSL_set_tlsext_host_name to -sys 2016-08-04 22:28:33 -07:00
Steven Fackler b29ea62491 Move BIO macros into -sys 2016-08-04 22:22:55 -07:00
Steven Fackler dd16f64f89 Stop once-ing init wrapper 
The underlying function already once-s itself
 2016-08-04 22:15:50 -07:00
Steven Fackler 17474520bc Support basic SSL options without C shims 2016-08-04 22:14:18 -07:00
Steven Fackler abacc8bb18 Define SSL_CTX_set_mode in openssl-sys 2016-08-02 22:14:44 -07:00
Steven Fackler 08e27f31ed Restructure PEM input/output methods 
Dealing with byte buffers directly avoids error handling weirdness and
we were loading it all into memory before anyway.
 2016-08-02 20:49:28 -07:00
Steven Fackler 2574bff52d Merge pull request #432 from alexcrichton/mid-handshake 
Add MidHandshakeSslStream
 2016-07-31 16:20:10 -07:00
Alex Crichton 3539be3366 Add MidHandshakeSslStream 
Allows recognizing when a stream is still in handshake mode and can gracefully
transition when ready. The blocking usage of the API should still be the same,
just helps nonblocking implementations!
 2016-07-31 16:01:06 -07:00
Steven Fackler 5cb04db787 Fix build with dtls 2016-07-31 15:35:45 -07:00
Steven Fackler f0ffa246b8 Merge remote-tracking branch 'origin/master' into breaks 2016-07-31 15:15:47 -07:00
Shaun Taheri 722a2bd673 Set SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER flag 2016-07-24 20:55:15 +02:00
Steven Fackler 121169c1f5 Set auto retry 
SSL_read returns a WANT_READ after a renegotiation by default which ends
up bubbling up as a weird BUG error. Tell OpenSSL to just do the read
again.
 2016-07-01 18:31:47 -04:00
Corey Farwell f4f6412fcb Fix a few mutable types for `self` parameters. 2016-06-02 10:25:33 -04:00
Steven Fackler 1b0757409d Rustfmt 2016-05-16 23:03:13 -07:00
Steven Fackler 62c29b54c1 Update cert 
Now with a 10 year expriation
 2016-05-15 22:11:10 -07:00
Steven Fackler 356d4a0420 Remove AsRaw{Fd, Socket} impls 
An SslStream can't really act as a raw socket since you'd skip the whole
TLS layer
 2016-05-03 20:24:07 -07:00
Steven Fackler f1846bce78 Remove silly internal error enum 2016-05-03 20:24:07 -07:00
Steven Fackler 00f517d2cd Drop MaybeSslStream 
It should be inlined into crates that depend on it.
 2016-05-03 20:24:07 -07:00
Steven Fackler 085b2e6f03 Drop is_dtls methods on SslMethod 2016-05-03 20:24:07 -07:00
Steven Fackler f09ca6fee2 Clean up SNI APIs 2016-05-03 20:24:07 -07:00
Steven Fackler 61f65cd8d6 Move SslContext::set_verify to a closure based API 2016-05-03 20:24:07 -07:00