min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,982 Commits 2 Branches 0 Tags 16 MiB
Commit Graph

384 Commits

Author SHA1 Message Date
Steven Fackler f2c69ae7e9 Merge remote-tracking branch 'origin/master' into x509-builder 2017-02-11 10:13:00 -08:00
Steven Fackler 12ae31ad47 Switch to foreign_types 2017-02-03 23:03:35 -08:00
Steven Fackler 722bdb6a4c Merge pull request #550 from Keruspe/master 
LibreSSL support improvements
 2017-01-22 18:39:34 +00:00
Steven Fackler 1ffdf8a1ab Fix test warnings 2017-01-21 14:43:43 +00:00
Steven Fackler 920ab0d6fb OCSP functionality 2017-01-14 21:09:38 -08:00
Steven Fackler 1fbe8f8d71 Fix typo 2017-01-08 11:04:47 -08:00
Steven Fackler 1942977408 Add methods to construct SslAcceptorBuilder without key and cert 
This will allow, in particular, initialization directly from files
rather than having to load and parse them manually.
 2017-01-08 10:57:04 -08:00
Marc-Antoine Perennou 0978f87095 libressl: make set_ecdh_auto available 
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
 2017-01-05 20:47:01 +01:00
Steven Fackler 404e0341d8 Provide master key access 2017-01-04 22:01:30 -08:00
Steven Fackler a2c118bf82 Add basic session tests 2017-01-04 21:18:13 -08:00
Steven Fackler 0b1bfee46d session is nullable 2017-01-04 21:15:09 -08:00
Steven Fackler 5d53405597 Provide access to the session ID 2017-01-04 21:11:06 -08:00
Steven Fackler 88a7032f4b Types and accessor for SslSession 2017-01-04 20:59:46 -08:00
Steven Fackler cfb2539ed4 Typo 2017-01-02 09:37:31 -08:00
Steven Fackler 0e0bee50a5 Clean up bio 2017-01-01 10:18:43 -08:00
Steven Fackler 7e035a7fd1 Merge pull request #538 from semarie/libressl 
Add LibreSSL support
 2016-12-22 11:59:19 -05:00
Sébastien Marie b3526cbd2b Add LibreSSL 2.5.0 support 2016-12-21 09:27:12 +01:00
Alex Crichton 8e01f8d250 Handle zero-length reads/writes 
This commit adds some short-circuits for zero-length reads/writes to
`SslStream`. Because OpenSSL returns 0 on error, then we could mistakenly
confuse a 0-length success as an actual error, so we avoid writing or reading 0
bytes by returning quickly with a success.
 2016-12-20 15:52:18 -08:00
Steven Fackler 146512099b Implement Clone for SslConnector and SslAcceptor 2016-11-27 21:35:35 -08:00
Steven Fackler 234f126d7d Cleanup 2016-11-27 21:00:59 -08:00
Steven Fackler 6794a45d60 Rename ec_key to ec 2016-11-14 22:37:01 +01:00
Steven Fackler 0d0b5080e2 Rename new_by_curve_name to from_curve_name 2016-11-13 20:21:44 +00:00
Steven Fackler 85c1474ce6 No need to use a raw string anymore 2016-11-13 12:19:31 +00:00
Steven Fackler 64e9932ac9 Use ffdhe2048 in mozilla_intermediate 2016-11-12 17:52:58 +00:00
Steven Fackler 2f8301fc63 Be a bit more emphatic about the danger 2016-11-12 16:51:26 +00:00
Steven Fackler 6b3599d319 Add a connect method that does not perform hostname verification 
The method name is intentionally painful to type to discourage its use
 2016-11-12 16:45:18 +00:00
Steven Fackler 7cdb58bc47 Simplify test logic a bit 2016-11-12 14:42:48 +00:00
Steven Fackler 96d24c8957 Add SslRef::set_{tmp_dh,tmp_ecdh,ecdh_auto} 2016-11-12 13:45:54 +00:00
Steven Fackler 2a1d7b2bcb Pick different cipher lists on 1.0.1 and 1.0.2 2016-11-12 13:36:03 +00:00
Steven Fackler 93253ba599 Adjust cipher lists to work on older versions 2016-11-12 13:09:12 +00:00
Steven Fackler 780c46e0e7 Add SslRef::set_tmp_{ec,}dh_calback 2016-11-12 12:56:58 +00:00
Steven Fackler 563754fb08 Add SslContextBuilder::set_tmp_{ec,}dh_callback 2016-11-12 12:43:44 +00:00
Steven Fackler 26a3358a2b Add basic X509_STORE access 
There's more to do here, but this enabled addition of trusted CAs from
X509 objects.

Closes #394
 2016-11-12 00:24:12 +00:00
Steven Fackler 898e7f02df Fix EOF detection 
See https://github.com/openssl/openssl/issues/1903 for details
 2016-11-11 15:10:30 +00:00
Steven Fackler a42c6e8713 Drop rustc-serialize dependency 2016-11-09 20:35:23 +00:00
Steven Fackler aa7c27536a Make sure to override SslContext verify callback always 
The 1.0.1 code has to override this to setup hostname validation, and
don't want behavior to silently change depending on the OpenSSL version
you're building against.
 2016-11-08 22:38:48 +00:00
Steven Fackler 597d05b8f8 Add stack creation and push 2016-11-06 23:46:42 -08:00
Steven Fackler 1edb6f682e Support client CA advertisement 2016-11-06 12:17:14 -08:00
Steven Fackler a4e0581e4f Fix build on 1.0.1 2016-11-06 11:57:50 -08:00
Steven Fackler bcb7b3f5dc Add accessors for cert and private key 
Closes #340
 2016-11-06 10:46:38 -08:00
Steven Fackler 79e2004eef Fixes 2016-11-05 19:28:17 -07:00
Steven Fackler f15c817c2d Rustfmt 2016-11-05 10:54:17 -07:00
Steven Fackler 99b41a0050 Rename accessors 2016-11-05 10:15:40 -07:00
Steven Fackler 01ae978db0 Get rid of Ref 
There's unfortunately a rustdoc bug that causes all methods implemented
for any Ref<T> to be inlined in the deref methods section :(
 2016-11-04 17:16:59 -07:00
Steven Fackler 6fe7dd3024 Remove an enum 2016-11-03 22:45:54 -07:00
Steven Fackler aa0040125b Use built in DH parameters when available 
Fall back to a hardcoded PEM blob on 1.0.1, but serialized from
DH_get_2048_256.
 2016-11-01 22:50:22 -07:00
Lionel Flandrin 36bf0bb387 Replace GeneralNames by the new Stack API 2016-11-01 21:23:18 +01:00
Steven Fackler f71395c600 Little cfg cleanup 2016-10-31 22:45:51 -07:00
Steven Fackler dc4098bdd8 Clean up x509 name entries 2016-10-31 22:43:05 -07:00
Steven Fackler cd7fa9fca2 Update x509 2016-10-31 20:54:34 -07:00
Steven Fackler ff12d37aef Update ssl 2016-10-31 20:32:55 -07:00
Steven Fackler 16e398e005 Update verify 2016-10-31 20:19:59 -07:00
Steven Fackler f640613863 Update PKey 2016-10-31 20:12:55 -07:00
Steven Fackler d6579ab058 Update EcKey 2016-10-31 20:06:06 -07:00
Steven Fackler 28f375974a Convert Dh 2016-10-31 20:02:24 -07:00
Steven Fackler 006da59285 Return an SslRef 2016-10-30 22:42:32 -07:00
Steven Fackler 558124b755 Expose SSL_MODEs 2016-10-30 22:02:26 -07:00
Steven Fackler e0211dac30 Rename set_CA_file 2016-10-30 21:39:26 -07:00
Steven Fackler 5b0fc9a185 Impl Sync and Send for SslContextBuilder 2016-10-30 20:34:35 -07:00
Steven Fackler add8e4023e Rename connectors 2016-10-30 19:39:18 -07:00
Steven Fackler 997e92e052 Merge ssl option setup 
The client will ignore server-side options so we may as well stick them
all in the same spot.
 2016-10-30 18:49:29 -07:00
Steven Fackler bd457dba18 Move HandshakeError to submodule 2016-10-30 17:23:03 -07:00
Steven Fackler f75f82e466 Rustfmt 2016-10-30 16:37:45 -07:00
Steven Fackler 7869651407 Remove out of date comment 2016-10-30 16:34:50 -07:00
Steven Fackler 9abbf6f80e Use Python's cipher list on the client side. 2016-10-30 16:29:33 -07:00
Steven Fackler d1179f1ad2 Update docs 2016-10-30 15:14:29 -07:00
Steven Fackler 52f288e090 Add a mozilla modern profile 2016-10-30 14:57:22 -07:00
Steven Fackler 7d13176cd1 Rename nwe to mozilla_intermediate 2016-10-30 14:34:05 -07:00
Steven Fackler 43b430e5b0 Pass SslMethod into constructors 2016-10-30 14:26:28 -07:00
Steven Fackler ee79db61c2 Enable single ECDH use 2016-10-30 13:41:24 -07:00
Steven Fackler 677718f8da Configure ECDH parameters in connector 2016-10-30 13:38:09 -07:00
Steven Fackler eb735f519a Clean up generics a bit 2016-10-30 11:05:29 -07:00
Steven Fackler 23fe1e85e9 Pull Curl's CA list for Windows tests 2016-10-29 18:17:46 -07:00
Steven Fackler 761dd780c1 Add module level docs 2016-10-29 18:04:38 -07:00
Steven Fackler e72533c058 Docs for connectors 2016-10-29 15:00:46 -07:00
Steven Fackler 57d10ebbc3 Add PKeyRef 2016-10-29 14:19:09 -07:00
Steven Fackler 4c7a5a418e Implement client and server connectors 2016-10-29 14:02:26 -07:00
Steven Fackler dafb46fc51 Camel case DH 2016-10-27 20:26:18 -07:00
Steven Fackler 781417d50f Add a macro definition 2016-10-27 19:12:55 -07:00
Steven Fackler 8e129af256 Fix description 2016-10-26 22:15:41 -07:00
Steven Fackler 63b1ec1a12 Stop returning an Option from cipher description 2016-10-26 22:13:10 -07:00
Steven Fackler ebc4c56c34 Add SslMethod::from_ptr 2016-10-26 20:43:43 -07:00
Steven Fackler f4b7006771 Don't allow mutation of SslContexts 
SslContext is reference counted and the various setter methods don't
take out locks where necessary. Fix this by adding a builder for the
context.
 2016-10-25 23:12:56 -07:00
Steven Fackler 39279455c8 Add a shutdown method 2016-10-25 20:40:18 -07:00
Steven Fackler eb655bddbc Fix ordering 2016-10-25 20:01:28 -07:00
Steven Fackler 938fdd7137 Add into_error 2016-10-23 21:54:49 -07:00
Steven Fackler ca71e00878 Fix Send + Sync-ness of SslStream 2016-10-23 20:55:31 -07:00
Steven Fackler 98b7f2f935 Flatten crypto module 2016-10-22 09:16:38 -07:00
Steven Fackler 9be0aab9ac Borrow compression string 2016-10-21 21:46:32 -07:00
Steven Fackler f1c68e3544 Rename SslContextOptions 2016-10-21 21:22:05 -07:00
Steven Fackler 8ec53eb0e1 Fix X509StoreContext 2016-10-21 20:59:07 -07:00
Steven Fackler 02b4385c5d Convert X509VerifyParamRef 2016-10-21 19:58:06 -07:00
Steven Fackler f0cde38929 Borrowed servername 2016-10-21 19:54:30 -07:00
Steven Fackler fcb86b8394 Convert SslCipherRef 2016-10-21 19:45:46 -07:00
Steven Fackler 2bbeddd14a Convert SslRef 2016-10-21 19:33:56 -07:00
Steven Fackler fe98a90719 Convert SslContextRef 2016-10-21 19:15:09 -07:00
Steven Fackler bd0c0c60bd Store a MidHandshakeSslStream in fatal errors 
This in particular allows the X509 verification error to be retrieved,
as well as the stream itself.
 2016-10-20 20:57:53 -07:00
Steven Fackler 8f3511c0cd Redo SslStream construction 
SslStream is now constructed via methods on Ssl. You realistically want
to create an Ssl for SNI and hostname verification so making it harder
to construct a stream directly from an SslContext is a good thing.
 2016-10-20 19:59:09 -07:00
Steven Fackler 5ab037f056 Allow the X509 verify error to be read from an SslRef 2016-10-18 22:21:06 -07:00
Steven Fackler c4459c37d9 Callback cleanup 2016-10-18 21:13:13 -07:00