Skip to content

Commit

Permalink
Sync X509StoreBuilder with openssl
Browse files Browse the repository at this point in the history
  • Loading branch information
kornelski committed Nov 28, 2024
1 parent 8990844 commit ade1b67
Show file tree
Hide file tree
Showing 4 changed files with 40 additions and 15 deletions.
2 changes: 1 addition & 1 deletion boring/src/aes.rs
Original file line number Diff line number Diff line change
Expand Up @@ -39,9 +39,9 @@
//!
use crate::ffi;
use libc::{c_int, c_uint, size_t};
use openssl_macros::corresponds;
use std::mem::MaybeUninit;
use std::ptr;
use openssl_macros::corresponds;

/// Provides Error handling for parsing keys.
#[derive(Debug)]
Expand Down
4 changes: 2 additions & 2 deletions boring/src/ssl/test/custom_verify.rs
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ fn untrusted_with_set_cert() {
let cert = ssl.peer_certificate().unwrap();
let cert_chain = ssl.peer_cert_chain().unwrap();

assert_eq!(store.objects().len(), 0);
assert_eq!(store.objects_len(), 0);

X509StoreContext::new()
.unwrap()
Expand Down Expand Up @@ -94,7 +94,7 @@ fn trusted_with_set_cert() {
let cert = ssl.peer_certificate().unwrap();
let cert_chain = ssl.peer_cert_chain().unwrap();

assert_eq!(store.objects().len(), 1);
assert_eq!(store.objects_len(), 1);

X509StoreContext::new()
.unwrap()
Expand Down
35 changes: 26 additions & 9 deletions boring/src/x509/store.rs
Original file line number Diff line number Diff line change
Expand Up @@ -43,12 +43,12 @@
use crate::error::ErrorStack;
use crate::ffi;
use crate::stack::StackRef;
use crate::x509::verify::{X509Flags, X509VerifyParamRef};
use crate::x509::verify::{X509VerifyFlags, X509VerifyParamRef};
use crate::x509::{X509Object, X509};
use crate::{cvt, cvt_p};
use foreign_types::{ForeignType, ForeignTypeRef};
use std::mem;
use openssl_macros::corresponds;
use std::mem;

foreign_type_and_impl_send_sync! {
type CType = ffi::X509_STORE;
Expand Down Expand Up @@ -96,15 +96,11 @@ impl X509StoreBuilderRef {
unsafe { cvt(ffi::X509_STORE_set_default_paths(self.as_ptr())).map(|_| ()) }
}

/// Sets verify flags.
///
/// This corresponds to [`X509_STORE_set_flags`].
///
/// [`X509_STORE_set_flags`]: https://www.openssl.org/docs/manmaster/man3/X509_STORE_set_flags.html
/// Sets certificate chain validation related flags.
#[corresponds(X509_STORE_set_flags)]
pub fn set_flags(&mut self, flags: X509Flags) {
pub fn set_flags(&mut self, flags: X509VerifyFlags) {
unsafe {
ffi::X509_STORE_set_flags(self.as_ptr(), flags.bits());
cvt(ffi::X509_STORE_set_flags(self.as_ptr(), flags.bits())).unwrap();
}
}

Expand All @@ -116,6 +112,12 @@ impl X509StoreBuilderRef {
pub fn verify_param_mut(&mut self) -> &mut X509VerifyParamRef {
unsafe { X509VerifyParamRef::from_ptr_mut(ffi::X509_STORE_get0_param(self.as_ptr())) }
}

/// Sets certificate chain validation related parameters.
#[corresponds(X509_STORE_set1_param)]
pub fn set_param(&mut self, param: &X509VerifyParamRef) -> Result<(), ErrorStack> {
unsafe { cvt(ffi::X509_STORE_set1_param(self.as_ptr(), param.as_ptr())).map(|_| ()) }
}
}

foreign_type_and_impl_send_sync! {
Expand All @@ -127,9 +129,24 @@ foreign_type_and_impl_send_sync! {
}

impl X509StoreRef {
/// **Warning: this method is unsound**
///
/// Get a reference to the cache of certificates in this store.
///
/// # Safety
/// References may be invalidated by any access to the shared cache.
#[deprecated(
note = "This method is unsound https://github.com/sfackler/rust-openssl/issues/2096"
)]
#[corresponds(X509_STORE_get0_objects)]
pub fn objects(&self) -> &StackRef<X509Object> {
unsafe { StackRef::from_ptr(ffi::X509_STORE_get0_objects(self.as_ptr())) }
}

/// For testing only, where it doesn't have to expose an unsafe pointer
#[cfg(test)]
#[allow(deprecated)]
pub fn objects_len(&self) -> usize {
self.objects().len()
}
}
14 changes: 11 additions & 3 deletions boring/src/x509/verify.rs
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
use crate::ffi;
use foreign_types::{ForeignType, ForeignTypeRef};
use libc::{c_int, c_uint, c_ulong, time_t};
use std::net::IpAddr;
use openssl_macros::corresponds;
use std::net::IpAddr;

use crate::error::ErrorStack;
use crate::{cvt, cvt_p};
Expand Down Expand Up @@ -81,15 +81,23 @@ impl X509VerifyParamRef {
#[corresponds(X509_VERIFY_PARAM_set_flags)]
pub fn set_flags(&mut self, flags: X509VerifyFlags) {
unsafe {
cvt(ffi::X509_VERIFY_PARAM_set_flags(self.as_ptr(), flags.bits())).unwrap();
cvt(ffi::X509_VERIFY_PARAM_set_flags(
self.as_ptr(),
flags.bits(),
))
.unwrap();
}
}

/// Clear verification flags.
#[corresponds(X509_VERIFY_PARAM_clear_flags)]
pub fn clear_flags(&mut self, flags: X509VerifyFlags) {
unsafe {
cvt(ffi::X509_VERIFY_PARAM_clear_flags(self.as_ptr(), flags.bits())).unwrap();
cvt(ffi::X509_VERIFY_PARAM_clear_flags(
self.as_ptr(),
flags.bits(),
))
.unwrap();
}
}

Expand Down

0 comments on commit ade1b67

Please sign in to comment.