91 lines
2.5 KiB
Rust
91 lines
2.5 KiB
Rust
//! Describe a context in which to verify an `X509` certificate.
|
|
//!
|
|
//! The `X509` certificate store holds trusted CA certificates used to verify
|
|
//! peer certificates.
|
|
//!
|
|
//! # Example
|
|
//!
|
|
//! ```rust
|
|
//! extern crate openssl;
|
|
//!
|
|
//! use openssl::x509::X509;
|
|
//! use openssl::x509::store::{X509StoreBuilder, X509Store};
|
|
//!
|
|
//! fn main() {
|
|
//! let cert = include_bytes!("cert.pem");
|
|
//! let cert = X509::from_pem(cert).ok().expect("Failed to load PEM");
|
|
//!
|
|
//! let mut builder = X509StoreBuilder::new().unwrap();
|
|
//! let _ = builder.add_cert(cert);
|
|
//!
|
|
//! let store: X509Store = builder.build();
|
|
//! }
|
|
//! ```
|
|
use ffi;
|
|
use foreign_types::ForeignTypeRef;
|
|
use std::mem;
|
|
|
|
use {cvt, cvt_p};
|
|
use error::ErrorStack;
|
|
use x509::X509;
|
|
|
|
foreign_type! {
|
|
type CType = ffi::X509_STORE;
|
|
fn drop = ffi::X509_STORE_free;
|
|
|
|
/// A builder type used to construct an `X509Store`.
|
|
pub struct X509StoreBuilder;
|
|
/// Reference to an `X509StoreBuilder`.
|
|
pub struct X509StoreBuilderRef;
|
|
}
|
|
|
|
impl X509StoreBuilder {
|
|
/// Returns a builder for a certificate store.
|
|
///
|
|
/// The store is initially empty.
|
|
pub fn new() -> Result<X509StoreBuilder, ErrorStack> {
|
|
unsafe {
|
|
ffi::init();
|
|
|
|
cvt_p(ffi::X509_STORE_new()).map(X509StoreBuilder)
|
|
}
|
|
}
|
|
|
|
/// Constructs the `X509Store`.
|
|
pub fn build(self) -> X509Store {
|
|
let store = X509Store(self.0);
|
|
mem::forget(self);
|
|
store
|
|
}
|
|
}
|
|
|
|
impl X509StoreBuilderRef {
|
|
/// Adds a certificate to the certificate store.
|
|
pub fn add_cert(&mut self, cert: X509) -> Result<(), ErrorStack> {
|
|
unsafe {
|
|
let ptr = cert.as_ptr();
|
|
mem::forget(cert); // the cert will be freed inside of X509_STORE_add_cert on error
|
|
cvt(ffi::X509_STORE_add_cert(self.as_ptr(), ptr)).map(|_| ())
|
|
}
|
|
}
|
|
|
|
/// Load certificates from their default locations.
|
|
///
|
|
/// These locations are read from the `SSL_CERT_FILE` and `SSL_CERT_DIR`
|
|
/// environment variables if present, or defaults specified at OpenSSL
|
|
/// build time otherwise.
|
|
pub fn set_default_paths(&mut self) -> Result<(), ErrorStack> {
|
|
unsafe { cvt(ffi::X509_STORE_set_default_paths(self.as_ptr())).map(|_| ()) }
|
|
}
|
|
}
|
|
|
|
foreign_type! {
|
|
type CType = ffi::X509_STORE;
|
|
fn drop = ffi::X509_STORE_free;
|
|
|
|
/// A certificate store to hold trusted `X509` certificates.
|
|
pub struct X509Store;
|
|
/// Reference to an `X509Store`.
|
|
pub struct X509StoreRef;
|
|
}
|