impl SSL_CTX_set_default_verify_paths and friends

Adds:

* SSL_CTX_set_default_verify_paths
* SSL_CTX_set_default_verify_dir
* SSL_CTX_set_default_verify_file

Stubs:

* SSL_CTX_set_default_verify_store

We take a dep on `openssl-probe` in order to get convenient handling of
the `SSL_CERT_DIR` and `SSL_CERT_FILE` env vars, and default locations
for the verify paths.

There is likely some fine-tuning to do (e.g. with respect to the
`X509_LOOKUP` API surface), but is a step in the right direction for the
simple cases.

rustls-libssl/Cargo.toml

@@ -12,6 +12,7 @@ crate-type = ["cdylib"]
 [dependencies]
 env_logger = "0.10"
 log = "0.4"
+openssl-probe = "0.1"
 openssl-sys = "0.9.98"
 rustls = "0.22"
 rustls-pemfile = "2"

rustls-libssl/src/entry.rs

@@ -234,6 +234,48 @@ fn load_verify_files(ctx: &Mutex<SSL_CTX>, file_names: impl Iterator<Item = Path
     }
 }
 
+entry! {
+    pub fn _SSL_CTX_set_default_verify_paths(ctx: *mut SSL_CTX) -> c_int {
+        let ctx = try_clone_arc!(ctx);
+        match ctx
+            .lock()
+            .map_err(|_| Error::cannot_lock())
+            .map(|mut ctx| ctx.set_default_verify_paths())
+        {
+            Err(e) => e.raise().into(),
+            Ok(()) => C_INT_SUCCESS,
+        }
+    }
+}
+
+entry! {
+    pub fn _SSL_CTX_set_default_verify_dir(ctx: *mut SSL_CTX) -> c_int {
+        let ctx = try_clone_arc!(ctx);
+        match ctx
+            .lock()
+            .map_err(|_| Error::cannot_lock())
+            .map(|mut ctx| ctx.set_default_verify_dir())
+        {
+            Err(e) => e.raise().into(),
+            Ok(()) => C_INT_SUCCESS,
+        }
+    }
+}
+
+entry! {
+    pub fn _SSL_CTX_set_default_verify_file(ctx: *mut SSL_CTX) -> c_int {
+        let ctx = try_clone_arc!(ctx);
+        match ctx
+            .lock()
+            .map_err(|_| Error::cannot_lock())
+            .map(|mut ctx| ctx.set_default_verify_file())
+        {
+            Err(e) => e.raise().into(),
+            Ok(()) => C_INT_SUCCESS,
+        }
+    }
+}
+
 entry! {
     pub fn _SSL_CTX_load_verify_file(ctx: *mut SSL_CTX, ca_file: *const c_char) -> c_int {
         let ctx = try_clone_arc!(ctx);
@@ -1007,6 +1049,11 @@ entry_stub! {
     ) -> c_int;
 }
 
+// The SSL_CTX X509_STORE isn't being meaningfully used yet.
+entry_stub! {
+    pub fn _SSL_CTX_set_default_verify_store(_ctx: *mut SSL_CTX) -> c_int;
+}
+
 pub struct SSL_SESSION;
 
 entry_stub! {

rustls-libssl/src/lib.rs

@@ -1,7 +1,9 @@
 use core::ffi::{c_int, CStr};
 use std::io::{ErrorKind, Read, Write};
+use std::path::PathBuf;
 use std::sync::{Arc, Mutex};
 
+use openssl_probe::ProbeResult;
 use openssl_sys::{
     SSL_ERROR_NONE, SSL_ERROR_SSL, SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE, X509_STORE,
     X509_V_ERR_UNSPECIFIED,
@@ -205,6 +207,8 @@ pub struct SslContext {
     verify_roots: RootCertStore,
     verify_x509_store: x509::OwnedX509Store,
     alpn: Vec<Vec<u8>>,
+    default_cert_file: Option<PathBuf>,
+    default_cert_dir: Option<PathBuf>,
 }
 
 impl SslContext {
@@ -216,6 +220,8 @@ impl SslContext {
             verify_roots: RootCertStore::empty(),
             verify_x509_store: x509::OwnedX509Store::new(),
             alpn: vec![],
+            default_cert_file: None,
+            default_cert_dir: None,
         }
     }
 
@@ -237,6 +243,25 @@ impl SslContext {
         self.verify_mode = mode;
     }
 
+    fn set_default_verify_paths(&mut self) {
+        let ProbeResult {
+            cert_file,
+            cert_dir,
+        } = openssl_probe::probe();
+        self.default_cert_file = cert_file;
+        self.default_cert_dir = cert_dir;
+    }
+
+    fn set_default_verify_dir(&mut self) {
+        let ProbeResult { cert_dir, .. } = openssl_probe::probe();
+        self.default_cert_dir = cert_dir;
+    }
+
+    fn set_default_verify_file(&mut self) {
+        let ProbeResult { cert_file, .. } = openssl_probe::probe();
+        self.default_cert_file = cert_file;
+    }
+
     fn add_trusted_certs(
         &mut self,
         certs: Vec<CertificateDer<'static>>,