a43011d77c
Fix probelms with DTLS when no packets are pending.
...
When using DTLS you might run into the situation where no packets
are pending, so SSL_read returns len=0. On a TLS connection this
means that the connection was closed, but on DTLS it does not
(a DTLS connection cannot be closed in the usual sense).
This commit fixes a bug introduced by c8d23f3
2015-07-18 13:00:34 +02:00
b478c29151
Added AES CTR-mode under feature flag.
2015-07-15 20:45:18 -04:00
90dd54b541
Implement certificate extensions for certificate requests
2015-07-08 13:37:35 -07:00
0cb4368ef8
Merge pull request #221 from jethrogb/topic/ssl_options
...
Several SSL option fixes
2015-07-08 10:20:33 -07:00
3229296105
Merge pull request #233 from jethrogb/topic/x509_extension
...
Allow setting of arbitrary X509 extensions
2015-07-08 03:10:40 -04:00
cc497b4768
Release v0.6.4
2015-07-06 11:09:03 -07:00
aeefa364b7
Decouple C SSL Option bit flags from Rust version
...
The OpenSSL "SSL_OP_*" flags are in constant flux between different OpenSSL
versions. To avoid having to change the Rust definitions, we implement our
own numbering system in Rust, and use an automatically-generated C shim to
convert the bitflags at runtime.
2015-07-01 21:49:11 -07:00
b46574b635
Add arbitrary X509 extensions by OID string
2015-07-01 00:18:45 -07:00
01e01e3747
ssl: support ALPN
...
Heavily based on the existing NPN wrapping code. Naming of public
functions is identical to the NPN ones with `s/npn/alpn/` applied to
prevent devs from needing to remember 2 names (and to let my copy the
npn tests and perform the subistution to generate the apln tests).
It might make sense to (at some point) use macros or a trait to cut down
the duplication.
2015-06-29 10:58:45 -04:00
0cff370f1d
Reduce SslStream constructor duplication
2015-06-27 21:40:00 -07:00
9d0acfe615
Fix set_hostname
...
It was previously failing to null terminate the hostname string (was
anyone actually using this?). Also move the macro expansion to the C
shim.
2015-06-27 19:37:45 -07:00
cb7248d8cb
Import shim'd HMAC stuff with the original name
2015-06-27 15:23:19 -07:00
d0b769c93c
Move macro replicas into C shim
2015-06-27 15:11:11 -07:00
524c1e63aa
Release v0.6.3
2015-06-25 23:22:04 -07:00
c8d23f37a4
Fix EOF handling in retry wrapper
2015-06-25 22:47:53 -07:00
c1232f3035
Implement limited X509_REQ functionality
2015-05-28 00:22:14 -07:00
d723481f77
Fix doc root
2015-05-13 16:31:27 -07:00
8a9aa0c657
Merge pull request #210 from manuels/pending
...
Add SslStream.pending()
2015-05-05 22:57:14 -04:00
fb2822d5c7
Merge pull request #201 from manuels/pkey_cmp
...
Add comparison for PKeys
2015-05-04 10:19:13 -07:00
c8fae312ad
Add SslStream.pending()
2015-04-30 20:00:30 +02:00
c55d410829
Fixes for Native Client.
2015-04-18 23:03:11 -05:00
123d400277
Add comparison for PKeys
2015-04-16 17:14:21 +02:00
7db00b97ba
Add X509::public_key()
2015-04-15 22:59:07 +02:00
912cacf4bc
Fix rebase errors
2015-04-06 12:26:10 +02:00
dbef985e32
Move connected_socket to its own crate and fix SSL_CTX_set_read_ahead()
2015-04-06 12:23:11 +02:00
664600eadf
Add DTLSv1 and DTLSv1.2 support
2015-04-06 12:22:50 +02:00
5408b641dd
Add connect() support for UDP sockets
2015-04-06 12:14:36 +02:00
b6c5c113f5
Add SslContext::add_extra_chain_cert()
2015-04-03 14:34:24 +02:00
632d8398cf
Add ability to load private keys from files and use raw keys and certificates for SslContext
2015-04-03 14:34:24 +02:00
b42202b858
Change SslVerifyMode to bitflags and add SSL_VERIFY_FAIL_IF_NO_PEER_CERT
...
SslVerifyMode was changed to bitflags to allow for bitwise operations
like (SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT).
2015-04-03 14:34:24 +02:00
293f1ce5b1
Fixup for beta
...
Add derive(Clone) and don't negate unsigned numbers
2015-04-02 18:14:51 -07:00
24b876521b
rustup: changes to io::Error
2015-04-02 11:12:18 -07:00
5a80cc8aae
Update to rust master
2015-03-25 10:51:28 -07:00
f09cfdfdd5
openssl-sys: Add TLS extension constants
2015-03-23 08:14:47 +01:00
b96bbf6961
openssl-sys: Add NPN functions and constants
2015-03-23 08:14:47 +01:00
2560ccb330
Remove usage of unstable features in openssl-sys
2015-03-16 11:05:29 -07:00
a65b03c89e
Fix warnings
2015-03-10 19:38:44 -07:00
8b8736fb46
Merge pull request #172 from reaperhulk/add-ssl-ctx-set-get-options
...
add support for SSL_CTX_set_options and SSL_CTX_get_options
2015-03-07 08:43:30 -08:00
1c9b8a029b
Cut down on unstable features in openssl-sys
...
* Move from `old_path` to `path` (leveraging the `fs` feature as well)
* Move from `StaticMutex` to `Mutex<()>` as they're dynamically initialized
2015-03-04 14:14:05 -08:00
1b4a2eef0e
Switch to cargo liblibc
2015-02-24 21:47:30 -08:00
8940bd767b
add support for SSL_CTX_clear_options and use bitflags
2015-02-23 19:39:23 -06:00
06ba41ad47
add support for SSL_CTX_set_options and SSL_CTX_get_options
...
fixes #168
2015-02-22 15:45:00 -06:00
6bfc4d986b
Fix warnings
2015-02-19 09:13:22 -08:00
bb2fe87d03
Fix debuginfo ICE for now
2015-02-19 07:39:40 -08:00
2fa1571e2e
Remove deprecated functions from openssl-sys
2015-02-13 23:31:00 -08:00
15ff737b8c
Ask openssl what version it is
2015-02-13 21:39:41 -08:00
fabc1da31e
rustup to current master
2015-02-12 18:25:45 +01:00
6ef819f971
Fix builds against 0.9.x OpenSSL
...
Namely builds on OSX
2015-02-08 23:31:46 -08:00
ec65b0c67b
Move docs to this repo and auto build
2015-02-07 21:30:05 -08:00
d06f226b3f
Fix deprecation warnings in openssl-sys
2015-02-05 21:04:18 -08:00
361e5f44fa
Move openssl-sys build.rs
2015-02-03 10:04:37 -08:00
2864db42af
Merge pull request #153 from mbrubeck/android
...
Don't bail out of openssl-sys build config when targeting Android
2015-02-03 13:03:53 -05:00
96a3ac2644
Don't bail out when targeting Android
2015-02-03 09:23:15 -08:00
2bcd67f568
Declare the use of unstable libstd APIs
2015-02-01 14:56:07 +02:00
eb7b7bf847
Change Hasher and HMAC APIs closer to std::hash model
...
- Implement Clone and std::io::Writer.
- Reduce the API to write() and finish(). Contrary to std::hash, finish() resets the hasher immediately.
- Add hmac::hmac() convenience fn.
- Replace hash::evpmd() with HashType methods.
- Add assertions as a crude check for failed calls into openssl.
- Add examples and some tests.
[breaking-change]
2015-01-28 21:51:12 +02:00
030cf5fe88
Fix for IO changes
2015-01-28 08:47:16 -08:00
cb0898df37
Bring ffi definitions closer to the originals
...
Add missing return types and fix imprecise type translations.
Repair the fallout in the openssl crate.
2015-01-21 21:56:56 +02:00
c49816055a
Fix ffi: `BN_hex2bn` and `BN_dec2bn` shall take `*const c_char` as parameter
...
`c_char` is not `i8` on all platforms
2015-01-12 20:44:59 +00:00
9dfeea6ca9
Update to rust master
2015-01-09 08:12:39 -08:00
fde7fbd03b
Merge remote-tracking branch 'upstream/master'
2015-01-03 19:31:14 -05:00
2f24d8e771
Fix deprecation warnings
2015-01-03 08:31:57 -08:00
2e2fde4b1a
Added BN_add_word, BN_sub_word, BN_mul_word, BN_div_word.
...
Removed BIGNUM_PTR struct.
2015-01-02 18:47:29 -05:00
077846fdb1
Merge remote-tracking branch 'upstream/master'
2015-01-02 15:43:02 -05:00
ef8b8f7ead
Merge pull request #134 from DiamondLovesYou/master
...
OpenSSL-sys: Cfg off target_os instead off feature.
2015-01-02 11:13:11 -05:00
afffffc730
Array syntax fallout
2015-01-02 13:51:26 +02:00
8a7e7b67d8
OpenSSL-sys: Cfg off target_os instead off feature.
...
It seems cargo doesn't provide --cfg entries for dep crates after all.
2015-01-02 03:37:35 -06:00
dfdd4c0e4f
Change to use updated Mutex API in latest Rust master.
2014-12-30 16:39:49 -08:00
fa32bc950b
Added Copy impl.
2014-12-23 15:50:29 -05:00
156fc65eb0
Merge remote-tracking branch 'upstream/master'
...
Conflicts:
openssl-sys/src/lib.rs
2014-12-23 15:14:27 -05:00
e2fa62e2ae
Replaced now removed NativeMutex with StaticMutex, and fixed Neg
...
implementation for BigNum.
2014-12-21 08:52:12 -05:00
38682821ad
Added BigNum::{from_dec_str,from_hex_str}, BN_dec2bn, and BN_hex2bn.
2014-12-14 10:02:18 -05:00
4d49abd102
Use static linking on android, which simplifies deployment since loading application specific shared libraries on android requires Java code or other hacks.
2014-12-12 08:05:42 +10:00
c1e225563d
Clean up Copy impls a bit
2014-12-11 09:04:27 -08:00
c922090075
Update to nightly: explicit Copy trait
2014-12-11 13:44:37 +02:00
fb1c815274
Merge remote-tracking branch 'upstream/master'
2014-12-10 22:09:20 -05:00
33f3c966ac
Added mod_word.
2014-12-10 22:08:32 -05:00
6d2f8d67f2
Add the openssl function prototype 'HMAC_CTX_cleanup'.
2014-12-10 22:25:32 +01:00
6d6ef3e747
Merge pull request #113 from DiamondLovesYou/nacl-crosses
...
Now that pkg-config 0.1.1 has been published, delegate bailout detection to pkg-config.
2014-12-10 00:23:10 -05:00
10e8a8f8e3
Now that pkg-config 0.1.1 has been published, delegate to bailout detection to pkg-config.
...
Also bump version minors for publishing. :)
2014-12-09 23:15:04 -06:00
43c9a43e2d
Merge pull request #108 from DiamondLovesYou/nacl-crosses
...
Use locally built libreSSL if targeting NaCl instead of the host's versions.
2014-12-09 02:13:09 -05:00
0dff5268de
Add a feature to openssl-sys to cause it to build a local copy of libressl for
...
use instead of whatever pkg-config says (which in the case of crosses, is almost
certainly incorrect). This is for PNaCl.
2014-12-09 00:04:06 -06:00
31d188e313
Directly substitute $OPENSSL_PATH
2014-12-05 06:43:18 -08:00
82db54c822
Allow passing in Android paths
2014-12-03 12:49:53 -08:00
08d1f2e629
Drop execute bit on file
2014-11-28 14:04:33 -08:00
5fafe4fc60
Hasher: static contract checking, context reuse
...
- Store EVP_MD_CTX in a separate struct.
- Add with_context() constructor that uses an existing context.
- Switch to EVP_Digest(Init|Final)_ex for efficient context reuse.
- Make update() borrow &mut self.
- Make finalize() consume self. Add finalize_reuse() that also returns the
context which can be passed to from_context() constructor for reuse.
These changes let the type system prevent illegal calls to update() and
finalize().
2014-11-26 21:38:06 +02:00
762331eb2b
Sync is now part of the standard library
2014-11-26 16:04:10 +01:00
c6696eb029
sys: add SSL_get_peer_certificate()
2014-11-24 15:40:48 -05:00
9951cb2bda
sys: add some methods for dealing with x509 certs
2014-11-24 15:38:25 -05:00
381a9b6e51
sys (and bn): make CRYPTO_free() take a *mut c_void insead of a *const c_char
...
CRYPTO_free() ends up being used for a variety of types of data, not just
c_char. And it essentially takes full ownership of the type, making
*mut appropriate.
With this change it also more closely (exactly) matches the C defintion:
void CRYPTO_free(void *ptr);
2014-11-24 15:38:04 -05:00
0cc749d3fc
Runtime fallout
2014-11-21 11:57:48 +02:00
b9e3ed50ad
Baseline server support
...
Allows calling SSL_accept() instead of SSL_connect() when creating an
SslStream.
2014-11-19 15:23:31 -05:00
5258ce6ece
Move AES XTS support to a feature
2014-11-16 14:01:24 -08:00
287d402042
Add XTS-AES mode
2014-11-14 12:22:34 -08:00
b60d140d3d
New build system
2014-11-13 15:17:00 +02:00
Manuel Schölling