d7a7c379a8
Changes `init` to take a closure which is called with the initialized context
...
After calling the closure, we automatically cleanup the context. This is
required, because otherwise we could have dangling references in the context.
2018-03-11 11:34:36 +01:00
a5d7f8a718
Moves store context init into its own function
2018-03-10 00:15:03 +01:00
1a0b085377
Extends the test to verify the certificate two times
2018-03-08 12:10:29 +01:00
810ddeb4ca
Moves `cleanup` into its own function
2018-03-08 12:08:39 +01:00
888f4ccaab
Fixes the implementation of `X509StoreContextRef::verify_cert`
...
The certificate, the store and the certificates chain does not need to be
consumed by `verify_cert` and instead are taken as references. We also call
`X509_STORE_CTX_cleanup`, after the verification succeeded.
2018-03-07 16:07:57 +01:00
53adf0e6a4
delay return until after forgets
2018-03-07 13:54:35 +01:00
6abac82f13
cleanup and add negative test
2018-03-07 13:54:35 +01:00
a1cfde765a
add cleanup ffi to store context
2018-03-07 13:54:15 +01:00
3187366cc5
restructure to self contained function
2018-03-07 13:53:29 +01:00
2251a6f2b6
Little tweaks
2018-03-07 13:51:58 +01:00
d8a11973e2
convert to raw pass-through methods
2018-03-07 13:51:58 +01:00
910386027d
add comment about consuming self in verify_cert
2018-03-07 13:50:12 +01:00
35cad33d51
fix error check
2018-03-07 13:50:12 +01:00
847fac25f8
properly version library functions
2018-03-07 13:48:09 +01:00
3595ff9e51
Fix memory mgmt
2018-03-07 13:42:39 +01:00
eb6296e892
add verify_cert and store_context_builder
2018-03-07 13:41:44 +01:00
f645165ee2
Remove the x509 module-level example
...
The example generated a bogus certificate that was missing a serial
number, a validity range, etc.
Generating a correct x509 certificate is complex enough that doing it
correctly is too long to be a reasonable doc example. There's already
a more complete example in the examples directory that handles things
more correctly.
Closes #859
2018-03-05 19:25:01 -08:00
5760ded1ce
Merge pull request #857 from Ralith/middlebox-compat
...
Add SslOptions::ENABLE_MIDDLEBOX_COMPAT
2018-03-03 15:06:47 -08:00
f92de22b8d
Add SslOptions::ENABLE_MIDDLEBOX_COMPAT
2018-03-03 14:57:38 -08:00
b6985c7e8d
Release openssl v0.10.5
2018-02-28 14:33:04 -08:00
aa9addf532
Release openssl-sys 0.9.27
2018-02-28 14:31:23 -08:00
7fcd1ba96d
Update changelog
2018-02-28 14:23:44 -08:00
65e124055c
Merge pull request #854 from sfackler/error-description
...
Always include something in ErrorStack's Display
2018-02-27 17:30:48 -08:00
85d8db21d2
Always include something in ErrorStack's Display
...
The error stack can be empty after a some kinds of errors (AEAD
validation failure in Crypter is one example), and we don't want to
display as an empty string in that case.
2018-02-27 15:56:23 -08:00
42ec251b55
Merge pull request #853 from sfackler/min-max-version
...
Add min/max protocol version support
2018-02-26 11:39:31 -08:00
b7ba577339
Add min/max protocol version support
2018-02-25 23:20:10 -08:00
d5dd6575c1
Restore error stack in cookie callback
2018-02-25 22:11:08 -08:00
b94b0f67c5
Merge pull request #835 from Ralith/stateless
...
[WIP] Expose bindings needed for TLS1.3 stateless handshakes
2018-02-25 22:10:17 -08:00
e04dbfa3ee
Expose cookie generate/verify callback setters
2018-02-25 20:05:15 -08:00
e06a209e72
Expose FFI bindings needed for SSL_stateless
2018-02-25 19:58:49 -08:00
cebfbd9a25
Merge pull request #850 from sfackler/put-error
...
Add the ability to push errors back onto the error stack.
2018-02-24 20:58:07 -08:00
5fd23d38d5
Add the ability to push errors back onto the error stack.
2018-02-24 20:46:03 -08:00
6a5845c875
Merge pull request #849 from sfackler/key-export
...
Add RFC 5705 support
2018-02-24 14:15:11 -08:00
f72f35e9bd
Add RFC 5705 support
2018-02-23 22:04:57 -08:00
c1a106fc68
Merge pull request #847 from sfackler/version2
...
Actually add version stuff
2018-02-21 23:30:33 -08:00
7e0591a377
Actually add version stuff
2018-02-21 23:25:28 -08:00
950c39c2e6
Merge pull request #840 from olehermanse/master
...
Add des_ede3_cbc cipher and more tests/examples
2018-02-21 23:03:33 -08:00
38470bd351
Merge pull request #846 from sfackler/client-cipher-update
...
Update SslConnector cipher list
2018-02-21 19:56:46 -08:00
15048f4c02
Inline connector constants
2018-02-21 19:41:06 -08:00
6977e9e89f
Don't special case 1.0.1
...
It appears that 1.0.1's defaults are actually okay.
2018-02-21 18:44:04 -08:00
7e02c09861
Added example/test in symm.rs for encrypting a private key with a symmetric cipher
...
Signed-off-by: Ole Herman Schumacher Elgesem <oleherman93@gmail.com>
2018-02-21 13:16:04 +01:00
7192a5291f
Update SslConnector cipher list
...
Based off of python/cpython#3532 , we use OpenSSL's default cipher list
and turn of things we don't like. This can't be used with 1.0.1,
however, which had a poor default set. There, we use the old defaults,
with the bits that aren't implemented in 1.0.1 removed (namely TLSv1.3
suites and ChaCha).
2018-02-20 22:27:54 -08:00
69a91815b8
Release openssl v0.10.4
2018-02-18 10:50:13 -08:00
402d81bb72
Release openssl-sys 0.9.26
2018-02-18 10:48:08 -08:00
78aed77cf3
Update changelog
2018-02-18 10:15:00 -08:00
9693c7ccf8
Merge pull request #845 from sfackler/ssl-version
...
Ssl version
2018-02-17 17:54:46 -08:00
2daaf3fdea
Add some debugging-related bindings
2018-02-17 17:49:49 -08:00
90d5f85511
Add SSL_version binding
2018-02-17 13:44:21 -08:00
8f8895697d
Merge pull request #844 from sfackler/fix-session-clone
...
Fix session cloning
2018-02-17 10:20:07 -08:00
3f5e3f095e
Fix session cloning
2018-02-17 10:12:47 -08:00
Bastian Köcher