diff options
author | Steven Fackler <sfackler@gmail.com> | 2020-11-29 11:42:12 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-11-29 11:42:12 -0500 |
commit | 282d1ef8ce15e7ab6ec6a1a76ca391f843bf21eb (patch) | |
tree | a7b4684368bb89baa2a006fbf4bbc58c61ff8a90 /openssl-sys | |
parent | 838e2d1cc0c847933a6afa198170d598e6a1719f (diff) | |
parent | 1dec65068ab68e2829d38f80664aec9ac3d7989f (diff) | |
download | rust-openssl-282d1ef8ce15e7ab6ec6a1a76ca391f843bf21eb.zip |
Merge pull request #1373 from max-heller/revocation-checking
Support for enabling CRL-based certificate revocation checking
Diffstat (limited to 'openssl-sys')
-rw-r--r-- | openssl-sys/src/ossl_typ.rs | 2 | ||||
-rw-r--r-- | openssl-sys/src/ssl.rs | 3 | ||||
-rw-r--r-- | openssl-sys/src/x509_vfy.rs | 77 |
3 files changed, 82 insertions, 0 deletions
diff --git a/openssl-sys/src/ossl_typ.rs b/openssl-sys/src/ossl_typ.rs index b67b029e..2ad6ee65 100644 --- a/openssl-sys/src/ossl_typ.rs +++ b/openssl-sys/src/ossl_typ.rs @@ -342,6 +342,8 @@ cfg_if! { } } +pub enum X509_LOOKUP_METHOD {} + pub enum X509_NAME {} cfg_if! { diff --git a/openssl-sys/src/ssl.rs b/openssl-sys/src/ssl.rs index 51f97321..bf7539fe 100644 --- a/openssl-sys/src/ssl.rs +++ b/openssl-sys/src/ssl.rs @@ -1004,6 +1004,9 @@ extern "C" { pub fn SSL_new(ctx: *mut SSL_CTX) -> *mut SSL; #[cfg(any(ossl102, libressl261))] + pub fn SSL_CTX_get0_param(ctx: *mut SSL_CTX) -> *mut X509_VERIFY_PARAM; + + #[cfg(any(ossl102, libressl261))] pub fn SSL_get0_param(ssl: *mut SSL) -> *mut X509_VERIFY_PARAM; } diff --git a/openssl-sys/src/x509_vfy.rs b/openssl-sys/src/x509_vfy.rs index 73d97091..f5a22496 100644 --- a/openssl-sys/src/x509_vfy.rs +++ b/openssl-sys/src/x509_vfy.rs @@ -95,6 +95,71 @@ cfg_if! { } } +#[cfg(not(ossl110))] +pub const X509_V_FLAG_CB_ISSUER_CHECK: c_ulong = 0x1; +#[cfg(ossl110)] +pub const X509_V_FLAG_CB_ISSUER_CHECK: c_ulong = 0x0; +pub const X509_V_FLAG_USE_CHECK_TIME: c_ulong = 0x2; +pub const X509_V_FLAG_CRL_CHECK: c_ulong = 0x4; +pub const X509_V_FLAG_CRL_CHECK_ALL: c_ulong = 0x8; +pub const X509_V_FLAG_IGNORE_CRITICAL: c_ulong = 0x10; +pub const X509_V_FLAG_X509_STRICT: c_ulong = 0x20; +pub const X509_V_FLAG_ALLOW_PROXY_CERTS: c_ulong = 0x40; +pub const X509_V_FLAG_POLICY_CHECK: c_ulong = 0x80; +pub const X509_V_FLAG_EXPLICIT_POLICY: c_ulong = 0x100; +pub const X509_V_FLAG_INHIBIT_ANY: c_ulong = 0x200; +pub const X509_V_FLAG_INHIBIT_MAP: c_ulong = 0x400; +pub const X509_V_FLAG_NOTIFY_POLICY: c_ulong = 0x800; +pub const X509_V_FLAG_EXTENDED_CRL_SUPPORT: c_ulong = 0x1000; +pub const X509_V_FLAG_USE_DELTAS: c_ulong = 0x2000; +pub const X509_V_FLAG_CHECK_SS_SIGNATURE: c_ulong = 0x4000; +#[cfg(ossl102)] +pub const X509_V_FLAG_TRUSTED_FIRST: c_ulong = 0x8000; +#[cfg(ossl102)] +pub const X509_V_FLAG_SUITEB_128_LOS_ONLY: c_ulong = 0x10000; +#[cfg(ossl102)] +pub const X509_V_FLAG_SUITEB_192_LOS: c_ulong = 0x20000; +#[cfg(ossl102)] +pub const X509_V_FLAG_SUITEB_128_LOS: c_ulong = 0x30000; +#[cfg(ossl102)] +pub const X509_V_FLAG_PARTIAL_CHAIN: c_ulong = 0x80000; +#[cfg(ossl110)] +pub const X509_V_FLAG_NO_ALT_CHAINS: c_ulong = 0x100000; +#[cfg(ossl110)] +pub const X509_V_FLAG_NO_CHECK_TIME: c_ulong = 0x200000; + +extern "C" { + #[cfg(ossl110)] + pub fn X509_LOOKUP_meth_free(method: *mut X509_LOOKUP_METHOD); +} + +extern "C" { + pub fn X509_LOOKUP_free(ctx: *mut X509_LOOKUP); + pub fn X509_LOOKUP_hash_dir() -> *mut X509_LOOKUP_METHOD; + pub fn X509_LOOKUP_ctrl( + ctx: *mut X509_LOOKUP, + cmd: c_int, + argc: *const c_char, + argl: c_long, + ret: *mut *mut c_char, + ) -> c_int; +} + +pub unsafe fn X509_LOOKUP_add_dir( + ctx: *mut X509_LOOKUP, + name: *const c_char, + _type: c_int, +) -> c_int { + const X509_L_ADD_DIR: c_int = 2; + X509_LOOKUP_ctrl( + ctx, + X509_L_ADD_DIR, + name, + _type as c_long, + std::ptr::null_mut(), + ) +} + extern "C" { pub fn X509_STORE_new() -> *mut X509_STORE; pub fn X509_STORE_free(store: *mut X509_STORE); @@ -112,6 +177,11 @@ extern "C" { pub fn X509_STORE_add_cert(store: *mut X509_STORE, x: *mut X509) -> c_int; + pub fn X509_STORE_add_lookup( + store: *mut X509_STORE, + meth: *mut X509_LOOKUP_METHOD, + ) -> *mut X509_LOOKUP; + pub fn X509_STORE_set_default_paths(store: *mut X509_STORE) -> c_int; pub fn X509_STORE_CTX_get_ex_data(ctx: *mut X509_STORE_CTX, idx: c_int) -> *mut c_void; @@ -137,6 +207,13 @@ extern "C" { pub fn X509_VERIFY_PARAM_free(param: *mut X509_VERIFY_PARAM); #[cfg(any(ossl102, libressl261))] + pub fn X509_VERIFY_PARAM_set_flags(param: *mut X509_VERIFY_PARAM, flags: c_ulong) -> c_int; + #[cfg(any(ossl102, libressl261))] + pub fn X509_VERIFY_PARAM_clear_flags(param: *mut X509_VERIFY_PARAM, flags: c_ulong) -> c_int; + #[cfg(any(ossl102, libressl261))] + pub fn X509_VERIFY_PARAM_get_flags(param: *mut X509_VERIFY_PARAM) -> c_ulong; + + #[cfg(any(ossl102, libressl261))] pub fn X509_VERIFY_PARAM_set1_host( param: *mut X509_VERIFY_PARAM, name: *const c_char, |