8f3511c0cd
Redo SslStream construction
...
SslStream is now constructed via methods on Ssl. You realistically want
to create an Ssl for SNI and hostname verification so making it harder
to construct a stream directly from an SslContext is a good thing.
2016-10-20 19:59:09 -07:00
5ab037f056
Allow the X509 verify error to be read from an SslRef
2016-10-18 22:21:06 -07:00
cfd5192a7d
De-enumify X509ValidationError
...
Also make it an Error.
Closes #352 .
2016-10-18 22:10:37 -07:00
080050e10d
Drop lifetime on GeneralNames
2016-10-18 21:52:49 -07:00
c4459c37d9
Callback cleanup
2016-10-18 21:13:13 -07:00
f7e6d7fce6
Don't ignore errors in NPN/ALPN logic
...
Closes #479
2016-10-18 21:12:55 -07:00
194298a057
Implement new feature setup
...
The basic idea here is that there is a feature for each supported
OpenSSL version. Enabling multiple features represents support for
multiple OpenSSL versions, but it's then up to you to check which
version you link against (probably by depending on openssl-sys and
making a build script similar to what openssl does).
2016-10-17 21:57:54 -07:00
a938a001a7
Fix missing import
2016-10-16 23:26:38 -07:00
b7400d56e8
Fix algorithm field
2016-10-16 23:22:00 -07:00
68954cfc51
Finish BN overhaul
2016-10-16 23:13:00 -07:00
7ec015325b
Finish error overhaul
2016-10-16 21:07:17 -07:00
78daed2d58
ssl error handling cleanup
2016-10-16 20:14:04 -07:00
89a366d9f7
Finish crypto error cleanup
2016-10-16 19:24:04 -07:00
19440c2981
More error cleanup
...
Also allocation free RSA
2016-10-16 19:06:02 -07:00
73ccfe7a29
Continue error handling cleanup
...
Also overhaul/clean up pkcs5 internals
2016-10-16 16:42:56 -07:00
8f89f0bfa9
Start on error + BN refactor
2016-10-16 15:54:09 -07:00
6ea551dc82
Fix set_read_ahead signature
2016-10-15 16:53:10 -07:00
4ba5292a0a
De-enumify Padding
2016-10-15 16:19:19 -07:00
ee18988584
De-enumify SslMethod
2016-10-15 16:10:03 -07:00
1cecaeb62d
De-enumify Cipher
2016-10-15 15:47:40 -07:00
c171be551a
De-enumify message digests
2016-10-15 15:23:29 -07:00
6609a81685
Migrate DSA sign/verify to EVP APIs
2016-10-15 15:02:02 -07:00
228b8fbc5b
Correctly bind BIO_new_mem_buf
2016-10-15 13:39:47 -07:00
4ed81d6426
Fix EVP_DigestVerifyFinal version support
2016-10-15 13:12:37 -07:00
2ff82649b5
Add examples to crypto::sign
2016-10-15 12:50:03 -07:00
ea8cbbe9dc
Fix typo
2016-10-15 12:31:30 -07:00
4d567358a1
Distinguish between verification errors and "other" errors.
2016-10-15 12:31:06 -07:00
bb23b33829
Fix signature of EVP_DigestVerifyFinal on 1.0.1
2016-10-15 12:24:20 -07:00
6ae472487f
Support HMAC PKeys and remove hmac module
2016-10-15 11:06:11 -07:00
cce1d44f28
Remove old RSA sign and verify methods
2016-10-15 10:43:19 -07:00
f73313d688
Signature and verification support
2016-10-15 10:36:59 -07:00
64b8e5e553
Merge pull request #471 from sfackler/no-comp
...
Handle OPENSSL_NO_COMP
2016-10-14 23:09:11 -07:00
e1d1006fad
Check feature compatibility in build script
2016-10-14 23:03:44 -07:00
984b9a0cc7
Don't run test on ARM
...
They're very segfaulty, but it's almost certainly due to the QEMU layer.
We really just want to make sure things compile.
2016-10-14 22:28:24 -07:00
7ac0599638
Fix test_alpn_server_select_none
...
In OpenSSL 1.1, a failure to negotiate a protocol is a fatal error, so
fork that test. This also popped up an issue where we assumed all errors
had library, function, and reason strings which is not necessarily the
case.
While we're in here, adjust the Display impl to match what OpenSSL
prints out.
Closes #465
2016-10-14 22:01:21 -07:00
f520aa2860
Handle OPENSSL_NO_COMP
...
Closes #459
2016-10-14 20:50:45 -07:00
d976b8f595
Enable hostname verification on 1.0.2
2016-10-14 18:56:15 -07:00
af51b263b1
Support hostname verification
...
Closes #206
2016-10-14 17:39:31 -07:00
ae282a78e2
Remove link_name usage
2016-10-14 16:15:50 -07:00
0908fddc74
Ignore DTLS tests on Windows/ARM for now
...
cc #467
2016-10-14 11:15:22 -07:00
f44cff29e6
Cleanup
2016-10-13 22:34:39 -07:00
3d535f661f
Use stdlib logic for udp
2016-10-13 20:15:26 -07:00
a09f46266d
Fix windows for real
2016-10-13 20:09:43 -07:00
5b29fc9d69
Disable npn tests on < 1.0.2
...
s_client doesn't seem to support the required flag before then.
2016-10-13 20:03:02 -07:00
140ef1b988
Fix tests on windows
2016-10-13 20:01:31 -07:00
143556078b
Reenable dtls tests
2016-10-13 19:48:30 -07:00
edfc50f37d
Clean up features
2016-10-13 19:46:13 -07:00
1883590c61
Correct feature selection in tests
2016-10-13 19:21:12 -07:00
b610e01793
Flag off dtls and mask ssl_ops
...
Also un-feature gate npn as it ships with 1.0.1
2016-10-13 19:06:53 -07:00
ce4d233d38
Tweak some comments in Cargo.toml
2016-10-12 22:53:03 -07:00
Steven Fackler