cefad46cf5
fixup! Implement AES-{128,256}-CCM bindings
2018-03-11 22:04:01 +01:00
00359a1a55
Merge pull request #861 from bkchr/verify_certificate
...
Implements `X509_verify_cert`
2018-03-11 13:37:21 -07:00
40e59db37c
Rename Oid to Id
2018-03-11 13:29:01 -07:00
d7a7c379a8
Changes `init` to take a closure which is called with the initialized context
...
After calling the closure, we automatically cleanup the context. This is
required, because otherwise we could have dangling references in the context.
2018-03-11 11:34:36 +01:00
c0a4bc4202
Revert previous commit
2018-03-11 07:41:22 +00:00
e02dbde2f7
Generic custom extension add fn return type
2018-03-10 22:30:54 -08:00
eb5fda588f
Merge pull request #862 from bkchr/sign_verifier
...
Adds new functions for Verifier/Signer
2018-03-10 16:42:33 -08:00
562fe79f4c
Add one more set of impls
2018-03-10 08:53:46 -08:00
bc304565e7
Arguments should be BigNumRef and not BigNum
2018-03-10 16:29:54 +00:00
245f5f3a11
Impl Sync and Send for various types
...
Closes #865
2018-03-09 22:14:50 -08:00
b0bc1c770e
High-level API for OpenSSL 1.1.1 custom extension support
2018-03-09 20:33:49 -08:00
7fe3fabf24
Switches to new type wrapper for RsaPssSaltlen
2018-03-10 00:27:15 +01:00
a5d7f8a718
Moves store context init into its own function
2018-03-10 00:15:03 +01:00
e655b561a7
Added a function to create a EC<Key> from its parts
2018-03-09 15:58:56 +00:00
7ab650098c
Remove unneeded paramter
2018-03-09 10:39:58 +00:00
4866e9ff8a
fixup! Implement AES-{128,256}-CCM bindings
2018-03-08 21:57:39 +01:00
8461129456
Changes as per PR feedback
2018-03-08 17:42:15 +00:00
9e2755abae
Get curves for OpenSSL tests itself
2018-03-08 17:10:09 +00:00
0a38b5a9ef
Try out another curve
2018-03-08 16:56:40 +00:00
4b4d312018
Another try at using the correct curve
2018-03-08 16:46:31 +00:00
dcbb45cc9d
Implement AES-{128,256}-CCM bindings
2018-03-08 17:24:55 +01:00
d4de2a408f
Use examples listed in OpenSSL docs for testing
2018-03-08 16:12:35 +00:00
a5ba1a0007
Adds `RsaPssSaltlen` enum to encode the special values
2018-03-08 16:17:32 +01:00
b0ea53184d
Switches to newtype wrapper for Oid
2018-03-08 12:24:37 +01:00
1a0b085377
Extends the test to verify the certificate two times
2018-03-08 12:10:29 +01:00
810ddeb4ca
Moves `cleanup` into its own function
2018-03-08 12:08:39 +01:00
2d6cd9eb16
Exposed some of ECDSA functions
2018-03-08 09:44:05 +00:00
724dd6f830
Adds more functions to `Verifier`/`Signer` for RSA keys
2018-03-07 20:43:28 +01:00
84a5ce7607
Adds RSA PKCS1 PSS padding
2018-03-07 20:43:12 +01:00
9a8a1c752b
Adds `PKeyRef::get_id` to get the OID of a key
2018-03-07 18:42:13 +01:00
888f4ccaab
Fixes the implementation of `X509StoreContextRef::verify_cert`
...
The certificate, the store and the certificates chain does not need to be
consumed by `verify_cert` and instead are taken as references. We also call
`X509_STORE_CTX_cleanup`, after the verification succeeded.
2018-03-07 16:07:57 +01:00
53adf0e6a4
delay return until after forgets
2018-03-07 13:54:35 +01:00
6abac82f13
cleanup and add negative test
2018-03-07 13:54:35 +01:00
a1cfde765a
add cleanup ffi to store context
2018-03-07 13:54:15 +01:00
3187366cc5
restructure to self contained function
2018-03-07 13:53:29 +01:00
2251a6f2b6
Little tweaks
2018-03-07 13:51:58 +01:00
d8a11973e2
convert to raw pass-through methods
2018-03-07 13:51:58 +01:00
910386027d
add comment about consuming self in verify_cert
2018-03-07 13:50:12 +01:00
35cad33d51
fix error check
2018-03-07 13:50:12 +01:00
847fac25f8
properly version library functions
2018-03-07 13:48:09 +01:00
3595ff9e51
Fix memory mgmt
2018-03-07 13:42:39 +01:00
eb6296e892
add verify_cert and store_context_builder
2018-03-07 13:41:44 +01:00
f645165ee2
Remove the x509 module-level example
...
The example generated a bogus certificate that was missing a serial
number, a validity range, etc.
Generating a correct x509 certificate is complex enough that doing it
correctly is too long to be a reasonable doc example. There's already
a more complete example in the examples directory that handles things
more correctly.
Closes #859
2018-03-05 19:25:01 -08:00
f92de22b8d
Add SslOptions::ENABLE_MIDDLEBOX_COMPAT
2018-03-03 14:57:38 -08:00
85d8db21d2
Always include something in ErrorStack's Display
...
The error stack can be empty after a some kinds of errors (AEAD
validation failure in Crypter is one example), and we don't want to
display as an empty string in that case.
2018-02-27 15:56:23 -08:00
b7ba577339
Add min/max protocol version support
2018-02-25 23:20:10 -08:00
d5dd6575c1
Restore error stack in cookie callback
2018-02-25 22:11:08 -08:00
e04dbfa3ee
Expose cookie generate/verify callback setters
2018-02-25 20:05:15 -08:00
cebfbd9a25
Merge pull request #850 from sfackler/put-error
...
Add the ability to push errors back onto the error stack.
2018-02-24 20:58:07 -08:00
5fd23d38d5
Add the ability to push errors back onto the error stack.
2018-02-24 20:46:03 -08:00
f72f35e9bd
Add RFC 5705 support
2018-02-23 22:04:57 -08:00
7e0591a377
Actually add version stuff
2018-02-21 23:25:28 -08:00
950c39c2e6
Merge pull request #840 from olehermanse/master
...
Add des_ede3_cbc cipher and more tests/examples
2018-02-21 23:03:33 -08:00
15048f4c02
Inline connector constants
2018-02-21 19:41:06 -08:00
6977e9e89f
Don't special case 1.0.1
...
It appears that 1.0.1's defaults are actually okay.
2018-02-21 18:44:04 -08:00
7e02c09861
Added example/test in symm.rs for encrypting a private key with a symmetric cipher
...
Signed-off-by: Ole Herman Schumacher Elgesem <oleherman93@gmail.com>
2018-02-21 13:16:04 +01:00
7192a5291f
Update SslConnector cipher list
...
Based off of python/cpython#3532 , we use OpenSSL's default cipher list
and turn of things we don't like. This can't be used with 1.0.1,
however, which had a poor default set. There, we use the old defaults,
with the bits that aren't implemented in 1.0.1 removed (namely TLSv1.3
suites and ChaCha).
2018-02-20 22:27:54 -08:00
2daaf3fdea
Add some debugging-related bindings
2018-02-17 17:49:49 -08:00
90d5f85511
Add SSL_version binding
2018-02-17 13:44:21 -08:00
3f5e3f095e
Fix session cloning
2018-02-17 10:12:47 -08:00
e5123d266b
Bind remove and get session callbacks
2018-02-16 22:24:34 -08:00
4dffa0c33f
SSL session callbacks have always been around
2018-02-16 21:31:09 -08:00
8abc51c2b3
Fix symm decrypt documentation example
2018-02-16 11:59:47 +01:00
af4832e145
Doc tweak
2018-02-15 21:33:39 -08:00
a9d8bea33c
Add more session cache support
2018-02-15 21:30:20 -08:00
cc34a7149e
Add des_ede3_cbc cipher
...
Signed-off-by: Ole Herman Schumacher Elgesem <oleherman93@gmail.com>
2018-02-15 17:44:44 +01:00
f4ddd66b03
Tweak features
...
We should keep the version features totally separate for now.
2018-02-14 22:11:24 -08:00
e8fd63bae3
Fix tests for TLS 1.3
...
Google yells at you when using TLS 1.3 without SNI by sending a bogus
self-signed cert!
2018-02-14 19:36:11 -08:00
eb24a2157a
More tests for pem_pkcs1 methods
...
Signed-off-by: Ole Herman Schumacher Elgesem <oleherman93@gmail.com>
2018-02-15 03:02:58 +01:00
2765775535
OpenSSL 1.1.1 support
2018-02-13 22:31:37 -08:00
041d473c0a
Added binding for PEM_read_bio_RSAPublicKey
...
Signed-off-by: Ole Herman Schumacher Elgesem <oleherman93@gmail.com>
2018-02-14 02:08:01 +01:00
b1ab0ec473
Don't leak X509s
2018-02-12 09:32:26 -08:00
2fd79b525e
Merge pull request #831 from apeduru/rsa-docs
...
Add RSA docs
2018-02-11 20:56:37 -08:00
a686ed7891
Use Padding constant in RSA docs example
2018-02-10 23:36:05 -05:00
fda5e50638
Merge pull request #833 from CmdrMoozy/des_ede3
...
Support EVP_des_ede3.
2018-02-04 17:36:31 -08:00
404bbeddfd
Support EVP_des_ede3.
...
This cipher is used, for example, for DES challenges for authenticating
against a Yubikey, so supporting it in rust-openssl is generally useful.
2018-02-04 13:17:09 -08:00
c9fed802b3
Add RSA docs
2018-01-25 14:46:45 -05:00
a6499d44bb
Merge pull request #824 from apeduru/pkey-docs
...
Add PKey docs
2018-01-24 11:00:07 -08:00
d3169a565e
Add HMAC to Pkey docs
2018-01-24 09:53:28 -05:00
81f7d17822
tests: if server failed to start, print exit code instead of timing out
...
```
% cargo +stable test --lib ssl::test::test_connect_with_alpn_successful_single_match --features=v102
Finished dev [unoptimized + debuginfo] target(s) in 0.0 secs
Running /Users/nga/devel/left/rust-openssl/target/debug/deps/openssl-a38e12a3527f6932
running 1 test
test ssl::test::test_connect_with_alpn_successful_single_match ... FAILED
failures:
---- ssl::test::test_connect_with_alpn_successful_single_match stdout ----
thread 'ssl::test::test_connect_with_alpn_successful_single_match' panicked at 'server exited: exit code: 1', src/ssl/test.rs:91:24
note: Run with `RUST_BACKTRACE=1` for a backtrace.
failures:
ssl::test::test_connect_with_alpn_successful_single_match
test result: FAILED. 0 passed; 1 failed; 0 ignored; 0 measured; 159 filtered out
```
2018-01-24 00:27:13 -08:00
6552a9cbfd
Print the public key in PKey example
2018-01-23 22:43:53 -05:00
60337266ab
add support for rfc822Name (email) and uniformResourceIdentifier (uri) to GeneralName
2018-01-15 11:22:29 -06:00
692562470b
Add setters to ConnectConfiguration
2018-01-11 17:24:38 -08:00
be1e787ce6
Add from conversion
...
This is needed for tokio-openssl
2018-01-10 22:26:32 -08:00
d85e2a2937
Release openssl 0.10.0
2018-01-10 22:08:11 -08:00
b9eace6569
Fix import in pkey docs
2018-01-07 14:17:03 -05:00
33ec3a5784
Missing colon
2018-01-07 14:15:17 -05:00
15420eb44a
Add Pkey docs
2018-01-07 14:13:17 -05:00
af7aa52364
Adjust the SNI callback
...
Brings it more in line with how the raw callback is structured.
2018-01-06 22:20:20 -08:00
f50dd20cb6
Fix docs
2018-01-06 21:42:37 -08:00
91e120ca95
Rename and document RSA accessors
2018-01-06 17:44:24 -08:00
05c5c422fd
Merge pull request #820 from sfackler/key-constructor-docs
...
Rename key serialization/deserialization methods
2018-01-06 17:14:51 -08:00
3c19702299
Rename key serialization/deserialization methods
...
Also document their specific formats.
Closes #502
2018-01-06 13:27:44 -08:00
45c15a65ad
FIPS mode support
...
Closes #818
2018-01-06 08:51:20 -08:00
753a7d07b1
Merge pull request #811 from apeduru/x509-docs
...
Add documentation for x509 module
2018-01-04 16:48:01 -08:00
c4620a30c6
Fix links in x509 module
2018-01-01 16:16:41 -05:00
c2430b87f7
Merge branch 'master' into x509-docs
2018-01-01 15:40:02 -05:00
1553447385
Misc cleanup
2018-01-01 12:23:41 -08:00
9043cf9aa7
Move X509Filetype to SslFiletype
...
These constants have the same values, but X509_FILETYPE_DEFAULT doesn't
work in the Ssl methods and using the SSL_* names is a bit less
confusing.
2018-01-01 11:50:07 -08:00
a4c9dd4af3
Fix x509 doc examples
2018-01-01 11:48:55 -05:00
Mateusz Lenik