c776534ad4
Clean up stack
2016-11-01 19:25:40 -07:00
79c51d5e51
Clean up stack destructor
2016-11-01 19:12:38 -07:00
77b76ed8a8
Merge pull request #506 from simias/stack
...
Implemented a generic Stack API and use it to deal with StackOf(X509) and StackOf(GENERAL_NAME)
2016-11-01 18:59:35 -07:00
8d0090faec
Implement X509StoreContextRef::get_chain
2016-11-01 21:23:18 +01:00
36bf0bb387
Replace GeneralNames by the new Stack API
2016-11-01 21:23:18 +01:00
3bdefa987a
Implement a generic Stack API to deal with OpenSSL stacks
2016-11-01 21:23:13 +01:00
9ea27c12b9
Add method to encode a public key as a DER blob
2016-11-01 17:34:21 +01:00
43911db26c
Avoid extra allocations in Asn1Time Display impl
2016-10-31 23:09:07 -07:00
dd4836cdf6
Fix 1.1.0 build
2016-10-31 23:06:27 -07:00
f71395c600
Little cfg cleanup
2016-10-31 22:45:51 -07:00
dc4098bdd8
Clean up x509 name entries
2016-10-31 22:43:05 -07:00
ab30ad0ce7
Documentation
2016-10-31 21:00:26 -07:00
96a77cf5a8
Remove Opaque
2016-10-31 20:56:51 -07:00
cd7fa9fca2
Update x509
2016-10-31 20:54:34 -07:00
ff12d37aef
Update ssl
2016-10-31 20:32:55 -07:00
16e398e005
Update verify
2016-10-31 20:19:59 -07:00
e9d78181c3
Update Rsa
2016-10-31 20:15:12 -07:00
f640613863
Update PKey
2016-10-31 20:12:55 -07:00
d6579ab058
Update EcKey
2016-10-31 20:06:06 -07:00
fe5fb75d45
Update Dsa
2016-10-31 20:04:55 -07:00
28f375974a
Convert Dh
2016-10-31 20:02:24 -07:00
849fca4a7b
Convert Asn1Time
2016-10-31 20:02:24 -07:00
3363046c34
Update bignum
2016-10-31 20:02:24 -07:00
927c3e924c
Add a generic Ref type
2016-10-31 20:02:24 -07:00
006da59285
Return an SslRef
2016-10-30 22:42:32 -07:00
558124b755
Expose SSL_MODEs
2016-10-30 22:02:26 -07:00
e0211dac30
Rename set_CA_file
2016-10-30 21:39:26 -07:00
5b0fc9a185
Impl Sync and Send for SslContextBuilder
2016-10-30 20:34:35 -07:00
add8e4023e
Rename connectors
2016-10-30 19:39:18 -07:00
997e92e052
Merge ssl option setup
...
The client will ignore server-side options so we may as well stick them
all in the same spot.
2016-10-30 18:49:29 -07:00
bd457dba18
Move HandshakeError to submodule
2016-10-30 17:23:03 -07:00
287f6df6c6
Remove DsaParams
2016-10-30 17:04:55 -07:00
610403a562
Add RsaRef
2016-10-30 17:00:54 -07:00
c3b6eff191
Add DsaRef
2016-10-30 16:44:21 -07:00
f75f82e466
Rustfmt
2016-10-30 16:37:45 -07:00
7869651407
Remove out of date comment
2016-10-30 16:34:50 -07:00
9abbf6f80e
Use Python's cipher list on the client side.
2016-10-30 16:29:33 -07:00
d1179f1ad2
Update docs
2016-10-30 15:14:29 -07:00
52f288e090
Add a mozilla modern profile
2016-10-30 14:57:22 -07:00
7d13176cd1
Rename nwe to mozilla_intermediate
2016-10-30 14:34:05 -07:00
43b430e5b0
Pass SslMethod into constructors
2016-10-30 14:26:28 -07:00
ee79db61c2
Enable single ECDH use
2016-10-30 13:41:24 -07:00
677718f8da
Configure ECDH parameters in connector
2016-10-30 13:38:09 -07:00
8c58ecc2fa
Implement EcKey
...
cc #499
2016-10-30 13:17:20 -07:00
eb735f519a
Clean up generics a bit
2016-10-30 11:05:29 -07:00
23fe1e85e9
Pull Curl's CA list for Windows tests
2016-10-29 18:17:46 -07:00
761dd780c1
Add module level docs
2016-10-29 18:04:38 -07:00
c89f2c0be0
Use PKeyRef in X509Generator
2016-10-29 16:37:56 -07:00
c2b38d8bb3
Move docs
2016-10-29 15:02:36 -07:00
85169e5a61
Fix reexport
2016-10-29 15:02:07 -07:00
e72533c058
Docs for connectors
2016-10-29 15:00:46 -07:00
57d10ebbc3
Add PKeyRef
2016-10-29 14:19:09 -07:00
4c7a5a418e
Implement client and server connectors
2016-10-29 14:02:26 -07:00
1a288da86c
Make verification unconditionally exposed internally
2016-10-28 22:14:44 -07:00
c0cf4ab1c2
Remove private field in ParsedPkcs12
...
The function definition is fixed - nothing else is going to be coming
out of a PKCS#12 archive
2016-10-27 20:33:38 -07:00
dafb46fc51
Camel case DH
2016-10-27 20:26:18 -07:00
8604668a18
Make padding types consts
2016-10-27 19:56:52 -07:00
781417d50f
Add a macro definition
2016-10-27 19:12:55 -07:00
8e129af256
Fix description
2016-10-26 22:15:41 -07:00
63b1ec1a12
Stop returning an Option from cipher description
2016-10-26 22:13:10 -07:00
2234899e59
Fix drop signature
2016-10-26 22:00:33 -07:00
548c8b5fba
Remove macros module
2016-10-26 21:55:13 -07:00
654f0941e1
Don't double-allocate strings
2016-10-26 21:42:09 -07:00
4f59d57675
Move SslString to a shared location
2016-10-26 21:28:00 -07:00
ebc4c56c34
Add SslMethod::from_ptr
2016-10-26 20:43:43 -07:00
f4b7006771
Don't allow mutation of SslContexts
...
SslContext is reference counted and the various setter methods don't
take out locks where necessary. Fix this by adding a builder for the
context.
2016-10-25 23:12:56 -07:00
bea53bb39b
Support AES GCM
...
Closes #326
2016-10-25 20:59:33 -07:00
39279455c8
Add a shutdown method
2016-10-25 20:40:18 -07:00
eb655bddbc
Fix ordering
2016-10-25 20:01:28 -07:00
938fdd7137
Add into_error
2016-10-23 21:54:49 -07:00
ca71e00878
Fix Send + Sync-ness of SslStream
2016-10-23 20:55:31 -07:00
04fc853ee3
Remove NIDs only defined in 1.0.2+
2016-10-23 09:16:20 -07:00
d39a2cedad
Fix tests
2016-10-22 16:01:26 -07:00
787cad3c82
Use constants rather than constructors for Nid
2016-10-22 15:58:06 -07:00
3c50c74444
Camel case Rsa
2016-10-22 10:21:16 -07:00
b619c4e885
Camel case Dsa
2016-10-22 10:16:49 -07:00
2fd201d9c3
De-enumify Nid
2016-10-22 10:08:32 -07:00
ae72cbd28b
Fix hasher docs
2016-10-22 09:17:41 -07:00
98b7f2f935
Flatten crypto module
2016-10-22 09:16:38 -07:00
58f6d1138a
Properly propagate panics
2016-10-21 21:52:02 -07:00
9be0aab9ac
Borrow compression string
2016-10-21 21:46:32 -07:00
f1c68e3544
Rename SslContextOptions
2016-10-21 21:22:05 -07:00
8ec53eb0e1
Fix X509StoreContext
2016-10-21 20:59:07 -07:00
6f1a3f2834
Update BigNumRef
2016-10-21 20:26:53 -07:00
02b4385c5d
Convert X509VerifyParamRef
2016-10-21 19:58:06 -07:00
f0cde38929
Borrowed servername
2016-10-21 19:54:30 -07:00
fcb86b8394
Convert SslCipherRef
2016-10-21 19:45:46 -07:00
2bbeddd14a
Convert SslRef
2016-10-21 19:33:56 -07:00
fe98a90719
Convert SslContextRef
2016-10-21 19:15:09 -07:00
b7017a7eec
Update Asn1TimeRef
2016-10-21 17:13:30 -07:00
23fc6c828b
Convert X509Ref
2016-10-21 17:01:13 -07:00
b3eb8d516c
Switch X509Name over to new borrow setup
...
The use of actual references enables us to be correct with respect to
mutability without needing two structs for the mutable and immutable
cases and more deref impls.
2016-10-20 22:51:10 -07:00
bd0c0c60bd
Store a MidHandshakeSslStream in fatal errors
...
This in particular allows the X509 verification error to be retrieved,
as well as the stream itself.
2016-10-20 20:57:53 -07:00
8f3511c0cd
Redo SslStream construction
...
SslStream is now constructed via methods on Ssl. You realistically want
to create an Ssl for SNI and hostname verification so making it harder
to construct a stream directly from an SslContext is a good thing.
2016-10-20 19:59:09 -07:00
5ab037f056
Allow the X509 verify error to be read from an SslRef
2016-10-18 22:21:06 -07:00
cfd5192a7d
De-enumify X509ValidationError
...
Also make it an Error.
Closes #352 .
2016-10-18 22:10:37 -07:00
080050e10d
Drop lifetime on GeneralNames
2016-10-18 21:52:49 -07:00
c4459c37d9
Callback cleanup
2016-10-18 21:13:13 -07:00
f7e6d7fce6
Don't ignore errors in NPN/ALPN logic
...
Closes #479
2016-10-18 21:12:55 -07:00
194298a057
Implement new feature setup
...
The basic idea here is that there is a feature for each supported
OpenSSL version. Enabling multiple features represents support for
multiple OpenSSL versions, but it's then up to you to check which
version you link against (probably by depending on openssl-sys and
making a build script similar to what openssl does).
2016-10-17 21:57:54 -07:00
a938a001a7
Fix missing import
2016-10-16 23:26:38 -07:00
b7400d56e8
Fix algorithm field
2016-10-16 23:22:00 -07:00
68954cfc51
Finish BN overhaul
2016-10-16 23:13:00 -07:00
7ec015325b
Finish error overhaul
2016-10-16 21:07:17 -07:00
78daed2d58
ssl error handling cleanup
2016-10-16 20:14:04 -07:00
89a366d9f7
Finish crypto error cleanup
2016-10-16 19:24:04 -07:00
19440c2981
More error cleanup
...
Also allocation free RSA
2016-10-16 19:06:02 -07:00
73ccfe7a29
Continue error handling cleanup
...
Also overhaul/clean up pkcs5 internals
2016-10-16 16:42:56 -07:00
8f89f0bfa9
Start on error + BN refactor
2016-10-16 15:54:09 -07:00
6ea551dc82
Fix set_read_ahead signature
2016-10-15 16:53:10 -07:00
4ba5292a0a
De-enumify Padding
2016-10-15 16:19:19 -07:00
ee18988584
De-enumify SslMethod
2016-10-15 16:10:03 -07:00
1cecaeb62d
De-enumify Cipher
2016-10-15 15:47:40 -07:00
c171be551a
De-enumify message digests
2016-10-15 15:23:29 -07:00
6609a81685
Migrate DSA sign/verify to EVP APIs
2016-10-15 15:02:02 -07:00
228b8fbc5b
Correctly bind BIO_new_mem_buf
2016-10-15 13:39:47 -07:00
4ed81d6426
Fix EVP_DigestVerifyFinal version support
2016-10-15 13:12:37 -07:00
2ff82649b5
Add examples to crypto::sign
2016-10-15 12:50:03 -07:00
ea8cbbe9dc
Fix typo
2016-10-15 12:31:30 -07:00
4d567358a1
Distinguish between verification errors and "other" errors.
2016-10-15 12:31:06 -07:00
bb23b33829
Fix signature of EVP_DigestVerifyFinal on 1.0.1
2016-10-15 12:24:20 -07:00
6ae472487f
Support HMAC PKeys and remove hmac module
2016-10-15 11:06:11 -07:00
cce1d44f28
Remove old RSA sign and verify methods
2016-10-15 10:43:19 -07:00
f73313d688
Signature and verification support
2016-10-15 10:36:59 -07:00
64b8e5e553
Merge pull request #471 from sfackler/no-comp
...
Handle OPENSSL_NO_COMP
2016-10-14 23:09:11 -07:00
e1d1006fad
Check feature compatibility in build script
2016-10-14 23:03:44 -07:00
984b9a0cc7
Don't run test on ARM
...
They're very segfaulty, but it's almost certainly due to the QEMU layer.
We really just want to make sure things compile.
2016-10-14 22:28:24 -07:00
7ac0599638
Fix test_alpn_server_select_none
...
In OpenSSL 1.1, a failure to negotiate a protocol is a fatal error, so
fork that test. This also popped up an issue where we assumed all errors
had library, function, and reason strings which is not necessarily the
case.
While we're in here, adjust the Display impl to match what OpenSSL
prints out.
Closes #465
2016-10-14 22:01:21 -07:00
f520aa2860
Handle OPENSSL_NO_COMP
...
Closes #459
2016-10-14 20:50:45 -07:00
d976b8f595
Enable hostname verification on 1.0.2
2016-10-14 18:56:15 -07:00
af51b263b1
Support hostname verification
...
Closes #206
2016-10-14 17:39:31 -07:00
ae282a78e2
Remove link_name usage
2016-10-14 16:15:50 -07:00
0908fddc74
Ignore DTLS tests on Windows/ARM for now
...
cc #467
2016-10-14 11:15:22 -07:00
f44cff29e6
Cleanup
2016-10-13 22:34:39 -07:00
3d535f661f
Use stdlib logic for udp
2016-10-13 20:15:26 -07:00
a09f46266d
Fix windows for real
2016-10-13 20:09:43 -07:00
5b29fc9d69
Disable npn tests on < 1.0.2
...
s_client doesn't seem to support the required flag before then.
2016-10-13 20:03:02 -07:00
140ef1b988
Fix tests on windows
2016-10-13 20:01:31 -07:00
143556078b
Reenable dtls tests
2016-10-13 19:48:30 -07:00
edfc50f37d
Clean up features
2016-10-13 19:46:13 -07:00
1883590c61
Correct feature selection in tests
2016-10-13 19:21:12 -07:00
b610e01793
Flag off dtls and mask ssl_ops
...
Also un-feature gate npn as it ships with 1.0.1
2016-10-13 19:06:53 -07:00
ce4d233d38
Tweak some comments in Cargo.toml
2016-10-12 22:53:03 -07:00
715b700aff
Ignore a test on OpenSSL 1.1.0
2016-10-12 22:51:47 -07:00
af3e06d3e8
Add remaining SSL_OP constants
2016-10-12 22:50:08 -07:00
43c951f743
Add support for OpenSSL 1.1.0
...
This commit is relatively major refactoring of the `openssl-sys` crate as well
as the `openssl` crate itself. The end goal here was to support OpenSSL 1.1.0,
and lots of other various tweaks happened along the way. The major new features
are:
* OpenSSL 1.1.0 is supported
* OpenSSL 0.9.8 is no longer supported (aka all OSX users by default)
* All FFI bindings are verified with the `ctest` crate (same way as the `libc`
crate)
* CI matrixes are vastly expanded to include 32/64 of all platforms, more
OpenSSL version coverage, as well as ARM coverage on Linux
* The `c_helpers` module is completely removed along with the `gcc` dependency.
* The `openssl-sys` build script was completely rewritten
* Now uses `OPENSSL_DIR` to find the installation, not include/lib env vars.
* Better error messages for mismatched versions.
* Better error messages for failing to find OpenSSL on a platform (more can be
done here)
* Probing of OpenSSL build-time configuration to inform the API of the `*-sys`
crate.
* Many Cargo features have been removed as they're now enabled by default.
As this is a breaking change to both the `openssl` and `openssl-sys` crates this
will necessitate a major version bump of both. There's still a few more API
questions remaining but let's hash that out on a PR!
Closes #452
2016-10-12 22:49:55 -07:00
c1e41349fb
Rename NoPadding to None
2016-10-07 08:10:01 -07:00
b6719de92e
Rename EncryptionPadding to Padding
2016-10-07 08:09:02 -07:00
50648b7dac
Removed max_size; removed all encrypt/decrypt methods except private/public encrypt/decrypt which take the padding
2016-10-07 10:01:16 +03:00
f16cd5586f
added try_ssl_size, which handles -1 as error and returns the value otherwise; added RSA private_decrypt and public encrypt
...
lift_ssl_size
Added public/private encrypt/decrypt to RSA from the original commit + tests; added try_ssl_returns_size macro to check for -1 in case of SSL functions which return size
2016-10-05 14:39:11 +03:00
c5da7131f5
Make sure private component exists when signing
...
Closes #457
2016-09-29 00:09:31 +02:00
8d95383f32
Release v0.8.3
2016-09-09 09:19:24 -07:00
9a449dbd6e
Fix password callback on ARM
...
Closes #449
2016-09-08 09:35:56 -07:00
5e08ad0085
Implement Clone for openssl::error::ErrorStack
2016-09-01 20:10:02 +02:00
4718a88e04
Release openssl-sys v0.7.17, openssl v0.8.2
2016-08-18 12:59:22 -07:00
cd69343d67
Fix SslContext::add_extra_chain_cert
...
SSL_CTX_add_extra_chain_cert assumes ownership of the certificate, so
the method really needs to take an X509 by value. Work around this by
manually cloning the cert.
This method has been around for over a year but I'm guessing nobody
actually used it since it produces a nice double free into segfault!
2016-08-17 19:30:57 -07:00
80ed1ef8ab
Ignore flickering test on windows
2016-08-16 22:41:36 -07:00
7a653282a9
Get rid of use Asn1TimeRef warning for some builds
2016-08-17 01:23:54 -04:00
06f19cf285
Be explicit regarding Asn1TimeRef lifetimes
2016-08-17 01:23:54 -04:00
90c42fc026
Fix docs
2016-08-17 01:23:54 -04:00
234ce581f9
Add x509_validity feature to travis tests
...
- also update docs for new x509 `not_before`, `not_after`
2016-08-17 01:23:54 -04:00
8fa4059b82
Add test for `"x509_validity"` feature
2016-08-17 01:23:54 -04:00
96b1ef829c
Add `"x509_expiry"` feature flag
...
- fix return of `ASN1_TIME_print`
- assert on null `date`
2016-08-17 01:23:54 -04:00
32a4e2ba50
Introduce `Asn1TimeRef`
2016-08-17 01:23:54 -04:00
f9cd4bff1f
Progress on asn1 expiry
...
- Use MemBio and implement `Display` for Asn1Time
- Tweak doc for asn1 `not_before`, `not_after`
2016-08-17 01:23:54 -04:00
e64d3fcfcc
Fix finicky sha1 stdin format
2016-08-17 00:58:05 -04:00
e60c257019
Improve build script
...
- try and fallback to a mirror when openssl.org is down
- check the sha1 of the downloaded tarball
2016-08-17 00:48:56 -04:00
629f638f08
Release openssl-sys v0.7.16, openssl v0.8.1
2016-08-15 18:44:57 -07:00
88dcb1c81d
Add a little comment to sketchy transmute
2016-08-15 18:41:18 -07:00
e6c4135c53
Docs for pkcs12
2016-08-14 11:24:18 -07:00
e5299fd7c9
Fix memory leak in general name stack
2016-08-14 11:16:53 -07:00
6b12a0cdde
PKCS #12 support
2016-08-14 11:11:26 -07:00
ad4a8cc140
More test fixes
2016-08-14 11:05:53 -07:00
3876332734
Fix tests
2016-08-14 10:29:55 -07:00
773a6f0735
Start on PKCS #12 support
2016-08-14 10:11:38 -07:00
5042d3d170
Mangle c helper functions
...
We want to make sure that multiple openssl versions can coexist in the
same dependency tree.
Closes #438
2016-08-13 12:05:29 -07:00
2e8f19ca2f
Release openssl-sys v0.7.15, openssl v0.8.0
2016-08-11 21:00:43 -07:00
63239bf3ee
Require bitflags 7
2016-08-11 20:52:43 -07:00
b21805f541
Fix tests
2016-08-10 22:10:32 -07:00
0359afb99e
Little tweaks
2016-08-10 22:02:36 -07:00
9a3fa4d98d
Fix build
2016-08-10 21:37:24 -07:00
59fe901357
Method renames
2016-08-10 21:28:17 -07:00
c15642ccea
Tweaks
2016-08-10 21:25:18 -07:00
5e6b8e68fd
More API cleanup
2016-08-10 21:07:41 -07:00
c4e7743c57
Asn1 and Bignum renames
2016-08-10 20:51:06 -07:00
35c79d1768
Fix build
2016-08-09 23:13:56 -07:00
00db0bc4b3
Test hmac features
2016-08-09 22:56:08 -07:00
67b5b4d814
Make hmac support optional and remove openssl-sys-extras
...
rust-openssl no longer requires headers for the default feature set.
2016-08-09 22:52:12 -07:00
966c5385ea
Fix build
2016-08-09 22:26:18 -07:00
1ac54b06e9
Move X509_get_extensions to openssl helpers
2016-08-09 22:15:16 -07:00
0854632ff5
Make c_helpers optional
2016-08-09 22:02:49 -07:00
2f46c793e5
Remove rust_SSL_clone
2016-08-09 21:23:54 -07:00
15e8997052
Docs for Crypter::new
2016-08-08 23:31:25 -07:00
b8712c5c51
Fix size check
...
Decryption requires an extra byte of space
2016-08-08 23:25:06 -07:00
a8224d199b
symm reform
2016-08-08 23:10:03 -07:00
522447378e
Copy over getter macros
2016-08-08 20:37:48 -07:00
bf07dd9a4e
Remove symm_internal
2016-08-08 20:26:04 -07:00
e4b97921a9
Clean up RSA and DSA accessors
2016-08-08 19:04:30 -07:00
deb94a904b
Fix build on 1.9
2016-08-07 22:58:20 -07:00
6b1016c86e
Add PKey::from_rsa
2016-08-07 22:56:44 -07:00
6e5cd7ef47
Remove X509Generator::bitlenth
2016-08-07 22:46:14 -07:00
a8f827d28c
Fix example
2016-08-07 22:44:42 -07:00
1968956536
Restore disabled tests
2016-08-07 22:40:51 -07:00
2a3e9a2856
Add RSA::generate
2016-08-07 22:35:37 -07:00
25752280ae
Move init to crate root
2016-08-07 22:09:19 -07:00
77ba043acf
x509 cleanup
2016-08-07 21:53:05 -07:00
79602b6af4
get_error -> error
2016-08-07 21:34:58 -07:00
a0a6c03d74
DH cleanup
2016-08-07 21:19:40 -07:00
4d3c6868e7
pkcs5 reform
2016-08-07 20:57:44 -07:00
7855f428aa
PKey reform
...
This deletes the vast majority of PKey's API, since it was weirdly tied
to RSA and super broken.
2016-08-07 20:38:46 -07:00
7515272692
Fix RSA::verify
...
It never returns -1 - all errors are indicated by 0
2016-08-07 18:03:13 -07:00
6091c674c9
Fix bn tests on 32 bit
2016-08-07 17:52:13 -07:00
b56908a392
Take a c_ulong directly in BN construction
...
Closes #416
2016-08-07 17:48:18 -07:00
7ca5ccf064
Hash reform
...
Closes #430
2016-08-07 16:29:36 -07:00
05089bacb3
Refactor BigNum
2016-08-07 14:33:18 -07:00
5af01a5dbd
Clean up asn1time
2016-08-06 22:23:03 -07:00
bc97d088b0
get_handle -> handle
2016-08-05 21:07:17 -07:00
fe47e93f2f
Fix pkey method safety
2016-08-05 21:04:40 -07:00
b4145c6fa5
Clean up x509
2016-08-05 20:55:05 -07:00
4e911e7972
Make x509 constructors unsafe
2016-08-05 19:51:59 -07:00
c47be8b14b
Move SSL_CTX_set_ecdh_auto to -sys
2016-08-04 22:52:40 -07:00
ee67ea8ea0
Mvoe SSL_CTX_add_extra_chain_cert to -sys
2016-08-04 22:46:47 -07:00
378b86326c
Move SSL_CTX_set_tmp_dh to -sys
2016-08-04 22:43:24 -07:00
7fb7f4671d
Move SSL_CTX_set_read_ahead to -sys
2016-08-04 22:40:01 -07:00
77dbab2cad
Move SSL_CTX_set_tlsext_servername_callback to -sys
2016-08-04 22:37:39 -07:00
c2a7c5b7f0
Move SSL_set_tlsext_host_name to -sys
2016-08-04 22:28:33 -07:00
b29ea62491
Move BIO macros into -sys
2016-08-04 22:22:55 -07:00
dd16f64f89
Stop once-ing init wrapper
...
The underlying function already once-s itself
2016-08-04 22:15:50 -07:00
17474520bc
Support basic SSL options without C shims
2016-08-04 22:14:18 -07:00
abacc8bb18
Define SSL_CTX_set_mode in openssl-sys
2016-08-02 22:14:44 -07:00
c5b2ede282
Merge remote-tracking branch 'origin/breaks'
2016-08-02 20:52:07 -07:00
08e27f31ed
Restructure PEM input/output methods
...
Dealing with byte buffers directly avoids error handling weirdness and
we were loading it all into memory before anyway.
2016-08-02 20:49:28 -07:00
635bdb45a8
BigNum binary operators with different lifetimes.
2016-08-01 22:23:26 +02:00
92abf49b96
Drop unused feature gate
2016-07-31 16:23:48 -07:00
2574bff52d
Merge pull request #432 from alexcrichton/mid-handshake
...
Add MidHandshakeSslStream
2016-07-31 16:20:10 -07:00
f1b64aa2ee
Fix weird inference issue on 1.9
2016-07-31 16:04:03 -07:00
3539be3366
Add MidHandshakeSslStream
...
Allows recognizing when a stream is still in handshake mode and can gracefully
transition when ready. The blocking usage of the API should still be the same,
just helps nonblocking implementations!
2016-07-31 16:01:06 -07:00
6f40b65d2c
Build against 1.9
2016-07-31 15:55:32 -07:00
e86eb68624
Fix catch_unwind feature and drop feature gate
2016-07-31 15:51:22 -07:00
5cb04db787
Fix build with dtls
2016-07-31 15:35:45 -07:00
f0ffa246b8
Merge remote-tracking branch 'origin/master' into breaks
2016-07-31 15:15:47 -07:00
18c1ded8c7
Revert "Add a new trait based Nid setup"
...
This reverts commit 49db4c84df
2016-07-31 14:41:11 -07:00
df30e9e700
Merge pull request #402 from bbatha/feat/dsa-ffi
...
DSA bindings
2016-07-29 22:35:50 -07:00
67d3067dbf
improve error handling in rsa
2016-07-29 20:01:54 -04:00
a3a602be51
add low level dsa primitives
2016-07-29 19:04:37 -04:00
4eaada2c4b
Merge pull request #427 from onur/save_der
...
Implement save_der for X509 and X509Req
2016-07-29 09:05:51 -07:00
7c082904fc
Implement get_handle for X509Req
2016-07-29 16:30:24 +03:00
39be51943d
add RUST_BACKTRACE=1 to make debugging ci failures easier
2016-07-29 09:23:29 -04:00
5ed77df197
Implement save_der for X509 and X509Req
2016-07-29 12:14:49 +03:00
722a2bd673
Set SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER flag
2016-07-24 20:55:15 +02:00
85f5b8629c
Merge pull request #410 from jonas-schievink/passwd-callbacks
...
Password callbacks
2016-07-03 13:42:57 -04:00
5135fca87f
Release v0.7.14
2016-07-01 18:43:39 -04:00
121169c1f5
Set auto retry
...
SSL_read returns a WANT_READ after a renegotiation by default which ends
up bubbling up as a weird BUG error. Tell OpenSSL to just do the read
again.
2016-07-01 18:31:47 -04:00
f24ab26936
FnMut -> FnOnce, update docs
2016-06-26 19:44:53 +02:00
351bc569a4
Put the test behind the catch_unwind feature
...
And fix an unused variable warning
2016-06-26 18:25:54 +02:00
d176ea1c6e
Add an RSA key decryption test
2016-06-26 18:25:54 +02:00
41b78547ad
Put password callbacks behind a cargo feature
2016-06-26 18:25:54 +02:00
c1b7cd2420
Make the callback take a `&mut [c_char]`
2016-06-26 18:25:54 +02:00
c399c2475d
Add RSA::private_key_from_pem_cb
2016-06-26 18:25:54 +02:00
8119f06ca5
Move into utility module
2016-06-26 18:25:54 +02:00
f0b4a032d5
Try to propagate callback panics
2016-06-26 18:25:54 +02:00
311af7c3be
Add PKey::private_key_from_pem_cb
2016-06-26 18:25:54 +02:00
f134b94729
Document BigNum
2016-06-13 16:56:48 +02:00
f4f6412fcb
Fix a few mutable types for `self` parameters.
2016-06-02 10:25:33 -04:00
f6b612df5f
Release v0.7.13
2016-05-20 15:57:57 -07:00
95051b060d
Release v0.7.12
2016-05-16 23:04:03 -07:00
1b0757409d
Rustfmt
2016-05-16 23:03:13 -07:00
2077449bc8
Clean up RSA signature API
2016-05-16 23:03:13 -07:00
d3230874ae
Merge pull request #393 from nox/bitflags
...
Allow bitflags 0.7
2016-05-15 22:11:47 -07:00
62c29b54c1
Update cert
...
Now with a 10 year expriation
2016-05-15 22:11:10 -07:00
2c2c272e6a
Allow bitflags 0.7
2016-05-15 12:27:49 +02:00
dce59a63c5
Merge pull request #389 from cmsd2/master
...
expose rsa from raw private key and rsa sign and verify
2016-05-06 15:12:19 -07:00
f82a1c4f75
add rsa signature tests
2016-05-05 23:41:55 +01:00
78122a9d68
Release v0.7.11
2016-05-05 13:32:27 -07:00
a5ede6a851
add missing NIDs and use Nid as input to signing
2016-05-04 09:00:05 +01:00
49db4c84df
Add a new trait based Nid setup
2016-05-03 21:15:39 -07:00
356d4a0420
Remove AsRaw{Fd, Socket} impls
...
An SslStream can't really act as a raw socket since you'd skip the whole
TLS layer
2016-05-03 20:24:07 -07:00
f1846bce78
Remove silly internal error enum
2016-05-03 20:24:07 -07:00
00f517d2cd
Drop MaybeSslStream
...
It should be inlined into crates that depend on it.
2016-05-03 20:24:07 -07:00
085b2e6f03
Drop is_dtls methods on SslMethod
2016-05-03 20:24:07 -07:00
f09ca6fee2
Clean up SNI APIs
2016-05-03 20:24:07 -07:00
61f65cd8d6
Move SslContext::set_verify to a closure based API
2016-05-03 20:24:07 -07:00
696b1961ce
Rename getters in line with conventions
2016-05-03 20:24:07 -07:00
a0549c1606
Adjust set_ssl_context API
2016-05-03 20:24:07 -07:00
fa62232649
Error reform
2016-05-03 20:24:07 -07:00
58654bc491
Remove deprecated methods
2016-05-03 20:24:07 -07:00
de47d158c2
Remove NonblockingSslStream
2016-05-03 20:24:07 -07:00
6f410a25b2
take enum instead of ints from openssl header file
2016-05-03 22:17:07 +01:00
6bbb21779b
add constructor for private keys from bignums
2016-05-03 19:46:08 +01:00
b7de627eec
Update openssl version in CI
2016-05-03 08:47:28 -07:00
9b1eb6d94d
Add a version of Ssl::set_verify that doesn't set a callback
2016-05-01 20:45:49 -07:00
c7e68637bb
Merge pull request #388 from frewsxcv/lifetimes
...
Remove unnecessary explicit lifetimes.
2016-05-01 19:20:25 -07:00
487232b52d
Remove unnecessary explicit lifetime.
2016-05-01 21:28:51 -04:00
59c13aea84
Still check UTF validity in dnsname
2016-05-01 18:14:33 -07:00
2cfb25136f
Document SAN APIs and tweak accessor names
2016-05-01 09:09:51 -07:00
87782b22cf
Implement IntoIterator for &GeneralNames
2016-04-30 21:32:29 -07:00
bf7076b785
Implement `iter` method on `GeneralNames`.
2016-05-01 00:02:10 -04:00
7b73003b67
Add X509StoreContext::error_depth
2016-04-30 09:27:50 -07:00
62a7dd10e5
Add Ssl::set_verify
...
It also uses a better, closure based API than the existing callback
methods.
2016-04-30 08:09:12 -07:00
50024ce33b
Ignore default verify paths test on windows
2016-04-29 21:40:16 -07:00
8a5d3ea015
Merge pull request #385 from mbrubeck/bitflags-0.6
...
Upgrade to work with bitflags 0.5 and 0.6
2016-04-29 21:18:03 -07:00
a7bade104c
Merge pull request #381 from chaaz/master
...
Add 1DES symm ciphers (des-cbc, des-ecb, des-cfb, des-ofb)
2016-04-29 21:17:17 -07:00
32722e1850
Add accessors for x509 subject alt names
2016-04-29 21:15:32 -07:00
ee12087743
Upgrade to work with bitflags 0.5 and 0.6
2016-04-29 13:19:39 -07:00
caf9272c85
Start on GeneralName
2016-04-28 22:16:29 -07:00
5682c04469
Remove des_cfb and des_ofb, since they appear on limit platforms
2016-04-19 17:28:19 -06:00
54fc1df712
Release v0.7.10
2016-04-16 20:57:12 -07:00
c60e831cc4
Add docs for set_default_verify_paths
2016-04-16 20:49:46 -07:00
c2e72f6641
Add SslContext::set_default_verify_paths
2016-04-16 20:47:32 -07:00
2062d48dd2
Add 1DES symm ciphers (des-cbc, des-ecb, des-cfb, des-ofb)
...
1DES is well and truly dead for actual sensitive information, (its
keysize is too small for modern purposes), but it can still find use in
backwards compatiblity or educational applications.
2016-04-14 03:44:43 -06:00
b94ea8598c
Update for nightly changes
2016-04-13 19:30:08 -07:00
c48dcde568
Update lazy_static
2016-04-13 19:28:04 -07:00
9511a9bc19
Merge pull request #380 from Yoric/master
...
Resolves #378 - Module version with the version information
2016-04-13 14:45:49 -07:00
0c48f9a0e0
Resolves #378 - Module version with the version information
2016-04-13 23:29:25 +02:00
00282de2a5
Add ability to set session ID context on an SSL context
...
This is necessary to make authentication with client certificates work
without session restarts.
2016-04-13 21:38:23 +02:00
fa5537de81
copy PKey using DER encode and decode
...
test that fields of cloned private and public keys can be accessed
2016-04-10 00:16:31 -04:00
d143203f88
Release v0.7.9
2016-04-06 21:34:20 -07:00
4016edd4de
add EVP_PKEY_copy_parameters to FFI
...
copy EVP_PKEY params in PKey::clone
test that PKey::clone creates a copy
2016-04-06 19:39:50 -04:00
c4b7b85d99
Add safe wrapper BioMethod for ffi::BIO_METHOD
...
Adds a wrapper for ffi::BIO_METHOD located at ssl::bio::BioMethod. This
enables SslStream to be Send without doing an unsafe impl on the ffi
struct.
2016-04-04 16:08:38 -07:00
02f114faae
Cleanup
2016-03-27 13:37:00 -07:00
c4187638a8
Update for nightly changes
2016-03-27 13:29:24 -07:00
6d4bfaa490
Cast correctly c_char raw pointers (fixes build on ARM #363 )
...
Fix error caused by mismatched types while building crate
openssl for Raspberry Pi 2 and other ARM devices.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
2016-03-22 00:16:56 +02:00
e0412850ec
Release v0.7.8
2016-03-18 08:54:12 -07:00
6d043b3700
Allow Rust to infer the type of the argument to SSL_CIPHER_description.
...
This allows the code to compile on Android, where an unsigned char is
expected.
2016-03-18 15:44:47 +01:00
ade90bf004
Clean up BIO name
2016-03-17 22:27:16 -07:00
a9a18cf337
Simplify panic safety logic for new nightly
2016-03-17 22:23:51 -07:00
a569df29f4
Release v0.7.7
2016-03-17 09:04:23 -07:00
3467cf343f
Fix nightly warnings about zero-sized fn pointers
2016-03-11 12:57:56 -08:00
23fd427900
Merge pull request #353 from bluejekyll/master
...
adding functionality to directly get and set RSA public key material
2016-03-05 13:57:53 -08:00
3e5b65b7fa
making from_raw() unsafe
2016-03-05 13:43:14 -08:00
2fe3e48487
Stop testing sslv2 feature on Travis
...
OpenSSL removed support for this entirely in the most recent release.
2016-03-01 11:05:41 -08:00
90ce50730b
Update source URL for new OpenSSL release
2016-03-01 10:02:34 -08:00
1f5800fe2c
Merge pull request #356 from erikjohnston/conninfo
...
Add support for SSL_CIPHER
2016-03-01 09:20:36 -08:00
80ac6e54ac
Make SSLCipher.bits() return a struct.
2016-02-29 21:23:34 +00:00
04cbf049c0
Add SSL_get_version
2016-02-29 20:14:48 +00:00
3fb2c48c98
added public key material to the constructor
2016-02-28 22:05:19 -08:00
b37bbba78f
Bump bitflags to 0.4
2016-02-28 08:28:25 +04:00
6ebe581308
review fixes, keep raw RSA initiallization private
2016-02-23 20:49:21 -08:00
ef95223d26
adding functionality to directly get and set RSA key material
2016-02-17 23:18:42 -08:00
1e9667ea89
Add support for SSL_CIPHER
2016-02-17 22:38:32 +00:00
3df4c479c9
Release v0.7.6
2016-02-10 09:36:00 -08:00
643a4a58c9
More deprecated function cleanup
2016-02-08 23:20:19 -08:00
e3e4aa4472
Stop using deprecated method
2016-02-08 23:12:54 -08:00
fe0f8ea1d8
Rename Nid uid/UID to prevent breakage
2016-02-02 14:32:57 -08:00
4940ca7e92
Fix Nid::UID value
...
Nid::UID (userId) previously held the value of Nid::uid
(uniqueIdentifier).
2016-02-02 09:25:52 -08:00
627f394d59
Revert "Revert "impl Clone for PKey and X509 by using their 'references' member""
2016-01-31 20:38:36 +00:00
4e58fd10de
Fix PKey RSA constructors
...
`set1` functions bump the object's refcount so we were previously
leaking the RSA object. Split the decode from PEM part out to a method
on RSA and use that in the PKey constructors.
Also make RSA a pointer and actually free it.
2016-01-30 13:12:06 -08:00
8ab4b54541
Revert "impl Clone for PKey and X509 by using their 'references' member"
2016-01-28 23:37:27 -08:00
274715fad0
Merge pull request #343 from jimmycuadra/ordered-extensions
...
Preserve X.509 extension insertion order
2016-01-28 22:37:48 -08:00
87f94c832f
Bump openssl version to test with
2016-01-28 22:21:10 -08:00
Steven Fackler