mirror of
https://github.com/openharmony/third_party_rust_rust-native-tls.git
synced 2026-07-01 20:24:01 -04:00
Upgrade to security-framework 0.2
This commit is contained in:
+2
-1
@@ -1,4 +1,5 @@
|
||||
target
|
||||
Cargo.lock
|
||||
.idea
|
||||
*.iml
|
||||
*.iml
|
||||
.vscode
|
||||
|
||||
+2
-2
@@ -12,8 +12,8 @@ readme = "README.md"
|
||||
lazy_static = "1.0"
|
||||
|
||||
[target.'cfg(any(target_os = "macos", target_os = "ios"))'.dependencies]
|
||||
security-framework = { version = "0.1.15", features = ["OSX_10_8" ]}
|
||||
security-framework-sys = "0.1.15"
|
||||
security-framework = "0.2"
|
||||
security-framework-sys = "0.2"
|
||||
libc = "0.2"
|
||||
tempdir = "0.3"
|
||||
|
||||
|
||||
@@ -6,9 +6,9 @@ extern crate tempdir;
|
||||
use self::security_framework::base;
|
||||
use self::security_framework::certificate::SecCertificate;
|
||||
use self::security_framework::identity::SecIdentity;
|
||||
use self::security_framework::import_export::{Pkcs12ImportOptions, ImportedIdentityOptions};
|
||||
use self::security_framework::secure_transport::{self, SslContext, ProtocolSide, ConnectionType,
|
||||
SslProtocol, ClientBuilder};
|
||||
use self::security_framework::import_export::{ImportedIdentity, Pkcs12ImportOptions};
|
||||
use self::security_framework::secure_transport::{self, ClientBuilder, SslConnectionType,
|
||||
SslContext, SslProtocol, SslProtocolSide};
|
||||
use self::security_framework_sys::base::errSecIO;
|
||||
use self::tempdir::TempDir;
|
||||
use std::fmt;
|
||||
@@ -18,9 +18,9 @@ use std::sync::Mutex;
|
||||
use std::sync::{Once, ONCE_INIT};
|
||||
|
||||
#[cfg(not(target_os = "ios"))]
|
||||
use self::security_framework::os::macos::keychain::{self, SecKeychain, KeychainSettings};
|
||||
use self::security_framework::os::macos::keychain::{self, KeychainSettings, SecKeychain};
|
||||
#[cfg(not(target_os = "ios"))]
|
||||
use self::security_framework::os::macos::import_export::{SecItems, ImportOptions};
|
||||
use self::security_framework::os::macos::import_export::{ImportOptions, SecItems};
|
||||
#[cfg(not(target_os = "ios"))]
|
||||
use self::security_framework_sys::base::errSecParam;
|
||||
|
||||
@@ -35,10 +35,10 @@ lazy_static! {
|
||||
|
||||
fn convert_protocol(protocol: Protocol) -> SslProtocol {
|
||||
match protocol {
|
||||
Protocol::Sslv3 => SslProtocol::Ssl3,
|
||||
Protocol::Tlsv10 => SslProtocol::Tls1,
|
||||
Protocol::Tlsv11 => SslProtocol::Tls11,
|
||||
Protocol::Tlsv12 => SslProtocol::Tls12,
|
||||
Protocol::Sslv3 => SslProtocol::SSL3,
|
||||
Protocol::Tlsv10 => SslProtocol::TLS1,
|
||||
Protocol::Tlsv11 => SslProtocol::TLS11,
|
||||
Protocol::Tlsv12 => SslProtocol::TLS12,
|
||||
Protocol::__NonExhaustive => unreachable!(),
|
||||
}
|
||||
}
|
||||
@@ -98,9 +98,9 @@ impl Pkcs12 {
|
||||
let mut imports = try!(Pkcs12::import_options(buf, pass));
|
||||
let import = imports.pop().unwrap();
|
||||
|
||||
let identity = import.identity.expect(
|
||||
"Pkcs12 files must include an identity",
|
||||
);
|
||||
let identity = import
|
||||
.identity
|
||||
.expect("Pkcs12 files must include an identity");
|
||||
|
||||
// FIXME: Compare the certificates for equality using CFEqual
|
||||
let identity_cert = try!(identity.certificate()).to_der();
|
||||
@@ -117,7 +117,7 @@ impl Pkcs12 {
|
||||
}
|
||||
|
||||
#[cfg(not(target_os = "ios"))]
|
||||
fn import_options(buf: &[u8], pass: &str) -> Result<Vec<ImportedIdentityOptions>, Error> {
|
||||
fn import_options(buf: &[u8], pass: &str) -> Result<Vec<ImportedIdentity>, Error> {
|
||||
SET_AT_EXIT.call_once(|| {
|
||||
extern "C" fn atexit() {
|
||||
*TEMP_KEYCHAIN.lock().unwrap() = None;
|
||||
@@ -130,13 +130,12 @@ impl Pkcs12 {
|
||||
let keychain = match *TEMP_KEYCHAIN.lock().unwrap() {
|
||||
Some((ref keychain, _)) => keychain.clone(),
|
||||
ref mut lock @ None => {
|
||||
let dir = TempDir::new("native-tls").map_err(|_| {
|
||||
Error(base::Error::from(errSecIO))
|
||||
})?;
|
||||
let dir =
|
||||
TempDir::new("native-tls").map_err(|_| Error(base::Error::from(errSecIO)))?;
|
||||
|
||||
let mut keychain = keychain::CreateOptions::new().password(pass).create(
|
||||
dir.path().join("tmp.keychain"),
|
||||
)?;
|
||||
let mut keychain = keychain::CreateOptions::new()
|
||||
.password(pass)
|
||||
.create(dir.path().join("tmp.keychain"))?;
|
||||
keychain.set_settings(&KeychainSettings::new())?;
|
||||
|
||||
*lock = Some((keychain, dir));
|
||||
@@ -147,7 +146,7 @@ impl Pkcs12 {
|
||||
Pkcs12ImportOptions::new()
|
||||
.passphrase(pass)
|
||||
.keychain(keychain)
|
||||
.import_optional(buf)
|
||||
.import(buf)
|
||||
);
|
||||
Ok(imports)
|
||||
}
|
||||
@@ -256,18 +255,14 @@ where
|
||||
|
||||
pub fn handshake(self) -> Result<TlsStream<S>, HandshakeError<S>> {
|
||||
match self {
|
||||
MidHandshakeTlsStream::Server(s) => {
|
||||
match s.handshake() {
|
||||
Ok(s) => Ok(TlsStream(s)),
|
||||
Err(e) => Err(e.into()),
|
||||
}
|
||||
}
|
||||
MidHandshakeTlsStream::Client(s) => {
|
||||
match s.handshake() {
|
||||
Ok(s) => Ok(TlsStream(s)),
|
||||
Err(e) => Err(e.into()),
|
||||
}
|
||||
}
|
||||
MidHandshakeTlsStream::Server(s) => match s.handshake() {
|
||||
Ok(s) => Ok(TlsStream(s)),
|
||||
Err(e) => Err(e.into()),
|
||||
},
|
||||
MidHandshakeTlsStream::Client(s) => match s.handshake() {
|
||||
Ok(s) => Ok(TlsStream(s)),
|
||||
Err(e) => Err(e.into()),
|
||||
},
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -342,11 +337,11 @@ impl TlsConnector {
|
||||
}
|
||||
builder.anchor_certificates(&self.roots);
|
||||
|
||||
let r = match domain {
|
||||
Some(domain) => builder.handshake2(domain, stream),
|
||||
None => builder.danger_handshake_without_providing_domain_for_certificate_validation_and_server_name_indication(stream),
|
||||
};
|
||||
match r {
|
||||
if domain.is_none() {
|
||||
builder.use_sni(false).danger_accept_invalid_hostnames(true);
|
||||
}
|
||||
|
||||
match builder.handshake(domain.unwrap_or(""), stream) {
|
||||
Ok(s) => Ok(TlsStream(s)),
|
||||
Err(e) => Err(e.into()),
|
||||
}
|
||||
@@ -385,17 +380,14 @@ impl TlsAcceptor {
|
||||
S: io::Read + io::Write,
|
||||
{
|
||||
let mut ctx = try!(SslContext::new(
|
||||
ProtocolSide::Server,
|
||||
ConnectionType::Stream,
|
||||
SslProtocolSide::SERVER,
|
||||
SslConnectionType::STREAM,
|
||||
));
|
||||
|
||||
let (min, max) = protocol_min_max(&self.protocols);
|
||||
try!(ctx.set_protocol_version_min(min));
|
||||
try!(ctx.set_protocol_version_max(max));
|
||||
try!(ctx.set_certificate(
|
||||
&self.pkcs12.identity,
|
||||
&self.pkcs12.chain,
|
||||
));
|
||||
try!(ctx.set_certificate(&self.pkcs12.identity, &self.pkcs12.chain,));
|
||||
match ctx.handshake(stream) {
|
||||
Ok(s) => Ok(TlsStream(s)),
|
||||
Err(e) => Err(e.into()),
|
||||
|
||||
Reference in New Issue
Block a user