f520aa2860
Handle OPENSSL_NO_COMP
...
Closes #459
2016-10-14 20:50:45 -07:00
d976b8f595
Enable hostname verification on 1.0.2
2016-10-14 18:56:15 -07:00
af51b263b1
Support hostname verification
...
Closes #206
2016-10-14 17:39:31 -07:00
f44cff29e6
Cleanup
2016-10-13 22:34:39 -07:00
edfc50f37d
Clean up features
2016-10-13 19:46:13 -07:00
b610e01793
Flag off dtls and mask ssl_ops
...
Also un-feature gate npn as it ships with 1.0.1
2016-10-13 19:06:53 -07:00
af3e06d3e8
Add remaining SSL_OP constants
2016-10-12 22:50:08 -07:00
43c951f743
Add support for OpenSSL 1.1.0
...
This commit is relatively major refactoring of the `openssl-sys` crate as well
as the `openssl` crate itself. The end goal here was to support OpenSSL 1.1.0,
and lots of other various tweaks happened along the way. The major new features
are:
* OpenSSL 1.1.0 is supported
* OpenSSL 0.9.8 is no longer supported (aka all OSX users by default)
* All FFI bindings are verified with the `ctest` crate (same way as the `libc`
crate)
* CI matrixes are vastly expanded to include 32/64 of all platforms, more
OpenSSL version coverage, as well as ARM coverage on Linux
* The `c_helpers` module is completely removed along with the `gcc` dependency.
* The `openssl-sys` build script was completely rewritten
* Now uses `OPENSSL_DIR` to find the installation, not include/lib env vars.
* Better error messages for mismatched versions.
* Better error messages for failing to find OpenSSL on a platform (more can be
done here)
* Probing of OpenSSL build-time configuration to inform the API of the `*-sys`
crate.
* Many Cargo features have been removed as they're now enabled by default.
As this is a breaking change to both the `openssl` and `openssl-sys` crates this
will necessitate a major version bump of both. There's still a few more API
questions remaining but let's hash that out on a PR!
Closes #452
2016-10-12 22:49:55 -07:00
cd69343d67
Fix SslContext::add_extra_chain_cert
...
SSL_CTX_add_extra_chain_cert assumes ownership of the certificate, so
the method really needs to take an X509 by value. Work around this by
manually cloning the cert.
This method has been around for over a year but I'm guessing nobody
actually used it since it produces a nice double free into segfault!
2016-08-17 19:30:57 -07:00
6b12a0cdde
PKCS #12 support
2016-08-14 11:11:26 -07:00
5042d3d170
Mangle c helper functions
...
We want to make sure that multiple openssl versions can coexist in the
same dependency tree.
Closes #438
2016-08-13 12:05:29 -07:00
0359afb99e
Little tweaks
2016-08-10 22:02:36 -07:00
59fe901357
Method renames
2016-08-10 21:28:17 -07:00
5e6b8e68fd
More API cleanup
2016-08-10 21:07:41 -07:00
0854632ff5
Make c_helpers optional
2016-08-09 22:02:49 -07:00
2f46c793e5
Remove rust_SSL_clone
2016-08-09 21:23:54 -07:00
25752280ae
Move init to crate root
2016-08-07 22:09:19 -07:00
5af01a5dbd
Clean up asn1time
2016-08-06 22:23:03 -07:00
fe47e93f2f
Fix pkey method safety
2016-08-05 21:04:40 -07:00
b4145c6fa5
Clean up x509
2016-08-05 20:55:05 -07:00
c47be8b14b
Move SSL_CTX_set_ecdh_auto to -sys
2016-08-04 22:52:40 -07:00
ee67ea8ea0
Mvoe SSL_CTX_add_extra_chain_cert to -sys
2016-08-04 22:46:47 -07:00
378b86326c
Move SSL_CTX_set_tmp_dh to -sys
2016-08-04 22:43:24 -07:00
7fb7f4671d
Move SSL_CTX_set_read_ahead to -sys
2016-08-04 22:40:01 -07:00
77dbab2cad
Move SSL_CTX_set_tlsext_servername_callback to -sys
2016-08-04 22:37:39 -07:00
c2a7c5b7f0
Move SSL_set_tlsext_host_name to -sys
2016-08-04 22:28:33 -07:00
dd16f64f89
Stop once-ing init wrapper
...
The underlying function already once-s itself
2016-08-04 22:15:50 -07:00
17474520bc
Support basic SSL options without C shims
2016-08-04 22:14:18 -07:00
abacc8bb18
Define SSL_CTX_set_mode in openssl-sys
2016-08-02 22:14:44 -07:00
2574bff52d
Merge pull request #432 from alexcrichton/mid-handshake
...
Add MidHandshakeSslStream
2016-07-31 16:20:10 -07:00
3539be3366
Add MidHandshakeSslStream
...
Allows recognizing when a stream is still in handshake mode and can gracefully
transition when ready. The blocking usage of the API should still be the same,
just helps nonblocking implementations!
2016-07-31 16:01:06 -07:00
5cb04db787
Fix build with dtls
2016-07-31 15:35:45 -07:00
f0ffa246b8
Merge remote-tracking branch 'origin/master' into breaks
2016-07-31 15:15:47 -07:00
722a2bd673
Set SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER flag
2016-07-24 20:55:15 +02:00
121169c1f5
Set auto retry
...
SSL_read returns a WANT_READ after a renegotiation by default which ends
up bubbling up as a weird BUG error. Tell OpenSSL to just do the read
again.
2016-07-01 18:31:47 -04:00
f4f6412fcb
Fix a few mutable types for `self` parameters.
2016-06-02 10:25:33 -04:00
1b0757409d
Rustfmt
2016-05-16 23:03:13 -07:00
356d4a0420
Remove AsRaw{Fd, Socket} impls
...
An SslStream can't really act as a raw socket since you'd skip the whole
TLS layer
2016-05-03 20:24:07 -07:00
f1846bce78
Remove silly internal error enum
2016-05-03 20:24:07 -07:00
00f517d2cd
Drop MaybeSslStream
...
It should be inlined into crates that depend on it.
2016-05-03 20:24:07 -07:00
085b2e6f03
Drop is_dtls methods on SslMethod
2016-05-03 20:24:07 -07:00
f09ca6fee2
Clean up SNI APIs
2016-05-03 20:24:07 -07:00
61f65cd8d6
Move SslContext::set_verify to a closure based API
2016-05-03 20:24:07 -07:00
696b1961ce
Rename getters in line with conventions
2016-05-03 20:24:07 -07:00
a0549c1606
Adjust set_ssl_context API
2016-05-03 20:24:07 -07:00
fa62232649
Error reform
2016-05-03 20:24:07 -07:00
58654bc491
Remove deprecated methods
2016-05-03 20:24:07 -07:00
de47d158c2
Remove NonblockingSslStream
2016-05-03 20:24:07 -07:00
9b1eb6d94d
Add a version of Ssl::set_verify that doesn't set a callback
2016-05-01 20:45:49 -07:00
62a7dd10e5
Add Ssl::set_verify
...
It also uses a better, closure based API than the existing callback
methods.
2016-04-30 08:09:12 -07:00
ee12087743
Upgrade to work with bitflags 0.5 and 0.6
2016-04-29 13:19:39 -07:00
c60e831cc4
Add docs for set_default_verify_paths
2016-04-16 20:49:46 -07:00
c2e72f6641
Add SslContext::set_default_verify_paths
2016-04-16 20:47:32 -07:00
b94ea8598c
Update for nightly changes
2016-04-13 19:30:08 -07:00
00282de2a5
Add ability to set session ID context on an SSL context
...
This is necessary to make authentication with client certificates work
without session restarts.
2016-04-13 21:38:23 +02:00
c4b7b85d99
Add safe wrapper BioMethod for ffi::BIO_METHOD
...
Adds a wrapper for ffi::BIO_METHOD located at ssl::bio::BioMethod. This
enables SslStream to be Send without doing an unsafe impl on the ffi
struct.
2016-04-04 16:08:38 -07:00
6d4bfaa490
Cast correctly c_char raw pointers (fixes build on ARM #363 )
...
Fix error caused by mismatched types while building crate
openssl for Raspberry Pi 2 and other ARM devices.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
2016-03-22 00:16:56 +02:00
6d043b3700
Allow Rust to infer the type of the argument to SSL_CIPHER_description.
...
This allows the code to compile on Android, where an unsigned char is
expected.
2016-03-18 15:44:47 +01:00
3467cf343f
Fix nightly warnings about zero-sized fn pointers
2016-03-11 12:57:56 -08:00
80ac6e54ac
Make SSLCipher.bits() return a struct.
2016-02-29 21:23:34 +00:00
04cbf049c0
Add SSL_get_version
2016-02-29 20:14:48 +00:00
1e9667ea89
Add support for SSL_CIPHER
2016-02-17 22:38:32 +00:00
b7d3357f37
Fix connect and accept error reporting
...
We were previously trying to create an error twice so the second
wouldn't be correct.
2016-01-22 15:34:31 -08:00
dacde211c3
ssl: fix refcounting of SslContext when set_ssl_context is used
...
Additionally impl Clone for SslContext to both allow us to use it &
allow external users to take advantage of SslContext's internal
refcount.
Maintain the existing signature for set_ssl_context(), but
add inline comments recommending changing it.
Fixes #333
2016-01-18 15:37:13 -05:00
fd6454f625
Add stream panic propagation behind a nightly feature gate
2016-01-11 22:36:58 -08:00
11129aa521
Rustfmt
2015-12-18 22:34:30 -08:00
a31acdbb93
Fix deprecation location
2015-12-18 22:21:23 -08:00
e85b49d375
Work around the worst of clone bogusness
...
SslStream::{clone,try_clone} are inherently broken since the Ssl object
shared by both streams is only going to be talking to one stream. Stuff
like hyper depends on try_clone, so we'll leave it here for now but
minimize the brokenness to "no worse than what it used to be like".
They'll be removed in 0.8.
cc #325
2015-12-18 21:20:47 -08:00
053c924d5a
Fix nonblocking behavior
...
A new nonblocking socket may not have finished connecting yet, so reads
and writes can return ENOTCONNECTED which we should reinterpret into a
WantRead or WantWrite
Closes #323
2015-12-17 16:54:11 -08:00
02d2230a76
Fix regression of c_char type mismatches on ARM
2015-12-16 11:11:14 +01:00
157e6aa961
Rustfmt
2015-12-15 21:51:20 -08:00
edfb318e0b
Fix bounds on ssl_read and ssl_write
2015-12-15 20:06:07 -08:00
6d559bf1da
Cleanup SNI stuff
2015-12-15 19:39:24 -08:00
3a0e64dca5
Cleanup
2015-12-15 19:33:36 -08:00
514c5ec415
Merge pull request #309 from Geal/master
...
Add support for Server Name indication (SNI) on the server's side
2015-12-15 19:22:39 -08:00
b8c8b770e3
Yet more AsRawSocket fixes
2015-12-12 18:01:21 -08:00
ddedda1d03
More AsRawSocket fixes
2015-12-12 16:47:03 -08:00
63a45ac622
Fix AsRawSocket impls
2015-12-12 16:33:58 -08:00
d6ce9afdf3
Have NonblockingSslStream delegate to SslStream
2015-12-12 15:46:17 -08:00
1df131ff81
Build out a new error type
2015-12-12 15:01:16 -08:00
aa37dba0bc
Make error handling more reliable
2015-12-10 21:58:22 -08:00
91f8c542f7
Replace SslStream implementation!
2015-12-09 23:30:29 -08:00
8f56897043
Implement read and write
2015-12-09 22:02:02 -08:00
9ee6f1c578
IT LIVES
2015-12-09 21:43:02 -08:00
4d883d488e
Custom BIO infrastructure
2015-12-08 23:02:38 -08:00
6850c810d3
Increment SSL_CTX's reference count in Ssl::get_ssl_context()
...
Without this, whenever the returned SslContext is released,
the refcount of the underlying SSL_CTX will decrease and it
will be freed too soon
2015-12-03 12:26:55 +01:00
f54af75eb7
Cast correctly c_char raw pointers (fixes build on ARM #314 )
2015-11-30 21:06:54 +01:00
7835ea1c90
Make shims for SSL_CTX_ctrl and SSL_CTX_callback_ctrl macro wrappers
2015-11-25 08:10:36 +01:00
e486944320
fix memory management
2015-11-25 07:51:22 +01:00
667e3f44b9
Avoid freeing the SSL object when Ssl is dropped
2015-11-24 17:15:52 +01:00
dba3a0ced2
implement get/set ssl context
2015-11-24 17:11:00 +01:00
cb4263f91e
test SNI support
2015-11-24 17:11:00 +01:00
6bb3d8f1b5
Implement try_clone for MaybeSslStream
...
Closes #308
2015-11-20 21:33:36 -08:00
38b3b4a11e
Fixed a typo in a comment.
2015-11-19 19:52:26 -05:00
a8a10e64ad
Split stuff requiring a shim out to a separate crate
2015-11-16 20:16:01 -08:00
03e4908c13
Move SSL methods to Ssl object, add getter
2015-11-16 20:16:01 -08:00
be2cbabdb7
Revert "Revert "Merge pull request #280 from ltratt/libressl_build""
...
This reverts commit ae3d0e36d7
2015-11-16 20:16:01 -08:00
1e7ff1d8a8
Better debug impls
2015-10-26 21:43:52 -07:00
c37767df8f
Nonblocking streams support.
2015-10-20 23:14:26 -07:00
ae3d0e36d7
Revert "Merge pull request #280 from ltratt/libressl_build"
...
This reverts commit aad933e50760ee731408
2015-10-14 21:51:32 -04:00
Steven Fackler