Merge pull request #1373 from max-heller/revocation-checking

Support for enabling CRL-based certificate revocation checking
author: Steven Fackler <sfackler@gmail.com> 2020-11-29 11:42:12 -0500
committer: GitHub <noreply@github.com> 2020-11-29 11:42:12 -0500
commit: 282d1ef8ce15e7ab6ec6a1a76ca391f843bf21eb (patch)
tree: a7b4684368bb89baa2a006fbf4bbc58c61ff8a90 /openssl-sys
parent: 838e2d1cc0c847933a6afa198170d598e6a1719f (diff)
parent: 1dec65068ab68e2829d38f80664aec9ac3d7989f (diff)
download: rust-openssl-282d1ef8ce15e7ab6ec6a1a76ca391f843bf21eb.zip
3 files changed, 82 insertions, 0 deletions
diff --git a/openssl-sys/src/ossl_typ.rs b/openssl-sys/src/ossl_typ.rs
index b67b029e..2ad6ee65 100644
--- a/openssl-sys/src/ossl_typ.rs
+++ b/openssl-sys/src/ossl_typ.rs
@@ -342,6 +342,8 @@ cfg_if! {
     }
 }
 
+pub enum X509_LOOKUP_METHOD {}
+
 pub enum X509_NAME {}
 
 cfg_if! {
diff --git a/openssl-sys/src/ssl.rs b/openssl-sys/src/ssl.rs
index 51f97321..bf7539fe 100644
--- a/openssl-sys/src/ssl.rs
+++ b/openssl-sys/src/ssl.rs
@@ -1004,6 +1004,9 @@ extern "C" {
     pub fn SSL_new(ctx: *mut SSL_CTX) -> *mut SSL;
 
     #[cfg(any(ossl102, libressl261))]
+    pub fn SSL_CTX_get0_param(ctx: *mut SSL_CTX) -> *mut X509_VERIFY_PARAM;
+
+    #[cfg(any(ossl102, libressl261))]
     pub fn SSL_get0_param(ssl: *mut SSL) -> *mut X509_VERIFY_PARAM;
 }
 
diff --git a/openssl-sys/src/x509_vfy.rs b/openssl-sys/src/x509_vfy.rs
index 73d97091..f5a22496 100644
--- a/openssl-sys/src/x509_vfy.rs
+++ b/openssl-sys/src/x509_vfy.rs
@@ -95,6 +95,71 @@ cfg_if! {
     }
 }
 
+#[cfg(not(ossl110))]
+pub const X509_V_FLAG_CB_ISSUER_CHECK: c_ulong = 0x1;
+#[cfg(ossl110)]
+pub const X509_V_FLAG_CB_ISSUER_CHECK: c_ulong = 0x0;
+pub const X509_V_FLAG_USE_CHECK_TIME: c_ulong = 0x2;
+pub const X509_V_FLAG_CRL_CHECK: c_ulong = 0x4;
+pub const X509_V_FLAG_CRL_CHECK_ALL: c_ulong = 0x8;
+pub const X509_V_FLAG_IGNORE_CRITICAL: c_ulong = 0x10;
+pub const X509_V_FLAG_X509_STRICT: c_ulong = 0x20;
+pub const X509_V_FLAG_ALLOW_PROXY_CERTS: c_ulong = 0x40;
+pub const X509_V_FLAG_POLICY_CHECK: c_ulong = 0x80;
+pub const X509_V_FLAG_EXPLICIT_POLICY: c_ulong = 0x100;
+pub const X509_V_FLAG_INHIBIT_ANY: c_ulong = 0x200;
+pub const X509_V_FLAG_INHIBIT_MAP: c_ulong = 0x400;
+pub const X509_V_FLAG_NOTIFY_POLICY: c_ulong = 0x800;
+pub const X509_V_FLAG_EXTENDED_CRL_SUPPORT: c_ulong = 0x1000;
+pub const X509_V_FLAG_USE_DELTAS: c_ulong = 0x2000;
+pub const X509_V_FLAG_CHECK_SS_SIGNATURE: c_ulong = 0x4000;
+#[cfg(ossl102)]
+pub const X509_V_FLAG_TRUSTED_FIRST: c_ulong = 0x8000;
+#[cfg(ossl102)]
+pub const X509_V_FLAG_SUITEB_128_LOS_ONLY: c_ulong = 0x10000;
+#[cfg(ossl102)]
+pub const X509_V_FLAG_SUITEB_192_LOS: c_ulong = 0x20000;
+#[cfg(ossl102)]
+pub const X509_V_FLAG_SUITEB_128_LOS: c_ulong = 0x30000;
+#[cfg(ossl102)]
+pub const X509_V_FLAG_PARTIAL_CHAIN: c_ulong = 0x80000;
+#[cfg(ossl110)]
+pub const X509_V_FLAG_NO_ALT_CHAINS: c_ulong = 0x100000;
+#[cfg(ossl110)]
+pub const X509_V_FLAG_NO_CHECK_TIME: c_ulong = 0x200000;
+
+extern "C" {
+    #[cfg(ossl110)]
+    pub fn X509_LOOKUP_meth_free(method: *mut X509_LOOKUP_METHOD);
+}
+
+extern "C" {
+    pub fn X509_LOOKUP_free(ctx: *mut X509_LOOKUP);
+    pub fn X509_LOOKUP_hash_dir() -> *mut X509_LOOKUP_METHOD;
+    pub fn X509_LOOKUP_ctrl(
+        ctx: *mut X509_LOOKUP,
+        cmd: c_int,
+        argc: *const c_char,
+        argl: c_long,
+        ret: *mut *mut c_char,
+    ) -> c_int;
+}
+
+pub unsafe fn X509_LOOKUP_add_dir(
+    ctx: *mut X509_LOOKUP,
+    name: *const c_char,
+    _type: c_int,
+) -> c_int {
+    const X509_L_ADD_DIR: c_int = 2;
+    X509_LOOKUP_ctrl(
+        ctx,
+        X509_L_ADD_DIR,
+        name,
+        _type as c_long,
+        std::ptr::null_mut(),
+    )
+}
+
 extern "C" {
     pub fn X509_STORE_new() -> *mut X509_STORE;
     pub fn X509_STORE_free(store: *mut X509_STORE);
@@ -112,6 +177,11 @@ extern "C" {
 
     pub fn X509_STORE_add_cert(store: *mut X509_STORE, x: *mut X509) -> c_int;
 
+    pub fn X509_STORE_add_lookup(
+        store: *mut X509_STORE,
+        meth: *mut X509_LOOKUP_METHOD,
+    ) -> *mut X509_LOOKUP;
+
     pub fn X509_STORE_set_default_paths(store: *mut X509_STORE) -> c_int;
 
     pub fn X509_STORE_CTX_get_ex_data(ctx: *mut X509_STORE_CTX, idx: c_int) -> *mut c_void;
@@ -137,6 +207,13 @@ extern "C" {
     pub fn X509_VERIFY_PARAM_free(param: *mut X509_VERIFY_PARAM);
 
     #[cfg(any(ossl102, libressl261))]
+    pub fn X509_VERIFY_PARAM_set_flags(param: *mut X509_VERIFY_PARAM, flags: c_ulong) -> c_int;
+    #[cfg(any(ossl102, libressl261))]
+    pub fn X509_VERIFY_PARAM_clear_flags(param: *mut X509_VERIFY_PARAM, flags: c_ulong) -> c_int;
+    #[cfg(any(ossl102, libressl261))]
+    pub fn X509_VERIFY_PARAM_get_flags(param: *mut X509_VERIFY_PARAM) -> c_ulong;
+
+    #[cfg(any(ossl102, libressl261))]
     pub fn X509_VERIFY_PARAM_set1_host(
         param: *mut X509_VERIFY_PARAM,
         name: *const c_char,
author	Steven Fackler <sfackler@gmail.com>	2020-11-29 11:42:12 -0500
committer	GitHub <noreply@github.com>	2020-11-29 11:42:12 -0500
commit	282d1ef8ce15e7ab6ec6a1a76ca391f843bf21eb (patch)
tree	a7b4684368bb89baa2a006fbf4bbc58c61ff8a90 /openssl-sys
parent	838e2d1cc0c847933a6afa198170d598e6a1719f (diff)
parent	1dec65068ab68e2829d38f80664aec9ac3d7989f (diff)
download	rust-openssl-282d1ef8ce15e7ab6ec6a1a76ca391f843bf21eb.zip