Merge pull request #87 from sfackler/stuff

More changes for 0.2
This commit is contained in:
Steven Fackler
2018-05-06 01:28:59 -07:00
committed by GitHub
12 changed files with 98 additions and 297 deletions
+5 -5
View File
@@ -51,7 +51,7 @@ To accept connections as a server from remote clients:
```rust,no_run
extern crate native_tls;
use native_tls::{Pkcs12, TlsAcceptor, TlsStream};
use native_tls::{Identity, TlsAcceptor, TlsStream};
use std::fs::File;
use std::io::{Read};
use std::net::{TcpListener, TcpStream};
@@ -60,11 +60,11 @@ use std::thread;
fn main() {
let mut file = File::open("identity.pfx").unwrap();
let mut pkcs12 = vec![];
file.read_to_end(&mut pkcs12).unwrap();
let pkcs12 = Pkcs12::from_der(&pkcs12, "hunter2").unwrap();
let mut identity = vec![];
file.read_to_end(&mut identity).unwrap();
let identity = Identity::from_pkcs12(&identity, "hunter2").unwrap();
let acceptor = TlsAcceptor::builder(pkcs12).unwrap().build().unwrap();
let acceptor = TlsAcceptor::builder(identity).unwrap().build().unwrap();
let acceptor = Arc::new(acceptor);
let listener = TcpListener::bind("0.0.0.0:8443").unwrap();
+6 -8
View File
@@ -1,14 +1,12 @@
use std::env;
fn main() {
let no_ssl_mask = if let Ok(version) = env::var("DEP_OPENSSL_VERSION_NUMBER") {
let version = u64::from_str_radix(&version, 16).unwrap();
version < 0x1_00_02_00_0
} else {
true
};
let openssl_version = env::var("DEP_OPENSSL_VERSION_NUMBER")
.ok()
.map(|s| u64::from_str_radix(&s, 16).unwrap());
if no_ssl_mask {
println!("cargo:rustc-cfg=no_ssl_mask");
match openssl_version {
Some(version) if version >= 0x1_00_02_00_0 => println!("cargo:rustc-cfg=have_no_ssl_mask"),
_ => {}
}
}
+2 -2
View File
@@ -1,6 +1,6 @@
extern crate native_tls;
use native_tls::{Pkcs12, TlsAcceptor, TlsStream};
use native_tls::{Identity, TlsAcceptor, TlsStream};
use std::fs::File;
use std::io::Read;
use std::net::{TcpListener, TcpStream};
@@ -11,7 +11,7 @@ fn main() {
let mut file = File::open("identity.pfx").unwrap();
let mut pkcs12 = vec![];
file.read_to_end(&mut pkcs12).unwrap();
let pkcs12 = Pkcs12::from_der(&pkcs12, "hunter2").unwrap();
let pkcs12 = Identity::from_pkcs12(&pkcs12, "hunter2").unwrap();
let acceptor = TlsAcceptor::builder(pkcs12).unwrap().build().unwrap();
let acceptor = Arc::new(acceptor);
-10
View File
@@ -1,10 +0,0 @@
//! TLS backend-specific functionality.
#[cfg(any(target_os = "macos", target_os = "ios"))]
pub mod security_framework;
#[cfg(target_os = "windows")]
pub mod schannel;
#[cfg(not(any(target_os = "macos", target_os = "windows", target_os = "ios")))]
pub mod openssl;
-4
View File
@@ -1,4 +0,0 @@
//! OpenSSL-specific functionality.
pub use imp::ErrorExt;
pub use imp::{TlsAcceptorBuilderExt, TlsConnectorBuilderExt, TlsStreamExt};
-5
View File
@@ -1,5 +0,0 @@
//! SChannel-specific functionality.
pub use imp::CertificateExt;
pub use imp::ErrorExt;
pub use imp::TlsStreamExt;
-5
View File
@@ -1,5 +0,0 @@
//! Security Framework-specific functionality.
pub use imp::ErrorExt;
pub use imp::TlsConnectorBuilderExt;
pub use imp::TlsStreamExt;
+20 -107
View File
@@ -1,10 +1,11 @@
extern crate openssl;
use self::openssl::error::ErrorStack;
use self::openssl::pkcs12;
use self::openssl::ssl::{self, MidHandshakeSslStream, SslAcceptor, SslAcceptorBuilder,
SslConnector, SslConnectorBuilder, SslContextBuilder, SslMethod,
SslOptions, SslVerifyMode};
use self::openssl::pkcs12::{ParsedPkcs12, Pkcs12};
use self::openssl::ssl::{
self, MidHandshakeSslStream, SslAcceptor, SslAcceptorBuilder, SslConnector,
SslConnectorBuilder, SslContextBuilder, SslMethod, SslOptions, SslVerifyMode,
};
use self::openssl::x509::X509;
use std::error;
use std::fmt;
@@ -13,10 +14,10 @@ use std::io;
use Protocol;
fn supported_protocols(protocols: &[Protocol], ctx: &mut SslContextBuilder) {
#[cfg(no_ssl_mask)]
#[cfg(not(have_no_ssl_mask))]
let no_ssl_mask = SslOptions::NO_SSLV2 | SslOptions::NO_SSLV3 | SslOptions::NO_TLSV1
| SslOptions::NO_TLSV1_1 | SslOptions::NO_TLSV1_2;
#[cfg(not(no_ssl_mask))]
#[cfg(have_no_ssl_mask)]
let no_ssl_mask = SslOptions::NO_SSL_MASK;
ctx.clear_options(no_ssl_mask);
@@ -70,13 +71,13 @@ impl From<ErrorStack> for Error {
}
}
pub struct Pkcs12(pkcs12::ParsedPkcs12);
pub struct Identity(ParsedPkcs12);
impl Pkcs12 {
pub fn from_der(buf: &[u8], pass: &str) -> Result<Pkcs12, Error> {
let pkcs12 = pkcs12::Pkcs12::from_der(buf)?;
impl Identity {
pub fn from_pkcs12(buf: &[u8], pass: &str) -> Result<Identity, Error> {
let pkcs12 = Pkcs12::from_der(buf)?;
let parsed = pkcs12.parse(pass)?;
Ok(Pkcs12(parsed))
Ok(Identity(parsed))
}
}
@@ -158,12 +159,12 @@ pub struct TlsConnectorBuilder {
}
impl TlsConnectorBuilder {
pub fn identity(&mut self, pkcs12: Pkcs12) -> Result<(), Error> {
pub fn identity(&mut self, identity: Identity) -> Result<(), Error> {
// FIXME clear chain certs to clean up if called multiple times
self.connector.set_certificate(&pkcs12.0.cert)?;
self.connector.set_private_key(&pkcs12.0.pkey)?;
self.connector.set_certificate(&identity.0.cert)?;
self.connector.set_private_key(&identity.0.pkey)?;
self.connector.check_private_key()?;
if let Some(chain) = pkcs12.0.chain {
if let Some(chain) = identity.0.chain {
for cert in chain {
self.connector.add_extra_chain_cert(cert)?;
}
@@ -238,37 +239,6 @@ impl TlsConnector {
}
}
/// OpenSSL-specific extensions to `TlsConnectorBuilder`.
pub trait TlsConnectorBuilderExt {
/// Initialize `TlsAcceptorBuilderExt` from an `SslAcceptorBuilder`.
fn from_openssl(builder: SslConnectorBuilder) -> Self;
/// Returns a shared reference to the inner `SslConnectorBuilder`.
fn builder(&self) -> &SslConnectorBuilder;
/// Returns a mutable reference to the inner `SslConnectorBuilder`.
fn builder_mut(&mut self) -> &mut SslConnectorBuilder;
}
impl TlsConnectorBuilderExt for ::TlsConnectorBuilder {
fn from_openssl(builder: SslConnectorBuilder) -> ::TlsConnectorBuilder {
::TlsConnectorBuilder(TlsConnectorBuilder {
connector: builder,
use_sni: true,
accept_invalid_hostnames: false,
accept_invalid_certs: false,
})
}
fn builder(&self) -> &SslConnectorBuilder {
&(self.0).connector
}
fn builder_mut(&mut self) -> &mut SslConnectorBuilder {
&mut (self.0).connector
}
}
pub struct TlsAcceptorBuilder(SslAcceptorBuilder);
impl TlsAcceptorBuilder {
@@ -286,11 +256,11 @@ impl TlsAcceptorBuilder {
pub struct TlsAcceptor(SslAcceptor);
impl TlsAcceptor {
pub fn builder(pkcs12: Pkcs12) -> Result<TlsAcceptorBuilder, Error> {
pub fn builder(identity: Identity) -> Result<TlsAcceptorBuilder, Error> {
let mut builder = SslAcceptor::mozilla_intermediate(SslMethod::tls())?;
builder.set_private_key(&pkcs12.0.pkey)?;
builder.set_certificate(&pkcs12.0.cert)?;
if let Some(chain) = pkcs12.0.chain {
builder.set_private_key(&identity.0.pkey)?;
builder.set_certificate(&identity.0.cert)?;
if let Some(chain) = identity.0.chain {
for cert in chain {
builder.add_extra_chain_cert(cert)?;
}
@@ -307,32 +277,6 @@ impl TlsAcceptor {
}
}
/// OpenSSL-specific extensions to `TlsAcceptorBuilder`.
pub trait TlsAcceptorBuilderExt {
/// Initialize `TlsAcceptorBuilderExt` from an `SslAcceptorBuilder`.
fn from_openssl(builder: SslAcceptorBuilder) -> Self;
/// Returns a shared reference to the inner `SslAcceptorBuilder`.
fn builder(&self) -> &SslAcceptorBuilder;
/// Returns a mutable reference to the inner `SslAcceptorBuilder`.
fn builder_mut(&mut self) -> &mut SslAcceptorBuilder;
}
impl TlsAcceptorBuilderExt for ::TlsAcceptorBuilder {
fn from_openssl(builder: SslAcceptorBuilder) -> ::TlsAcceptorBuilder {
::TlsAcceptorBuilder(TlsAcceptorBuilder(builder))
}
fn builder(&self) -> &SslAcceptorBuilder {
&(self.0).0
}
fn builder_mut(&mut self) -> &mut SslAcceptorBuilder {
&mut (self.0).0
}
}
pub struct TlsStream<S>(ssl::SslStream<S>);
impl<S: fmt::Debug> fmt::Debug for TlsStream<S> {
@@ -379,34 +323,3 @@ impl<S: io::Read + io::Write> io::Write for TlsStream<S> {
self.0.flush()
}
}
/// OpenSSL-specific extensions to `TlsStream`.
pub trait TlsStreamExt<S> {
/// Returns a shared reference to the OpenSSL `SslStream`.
fn raw_stream(&self) -> &ssl::SslStream<S>;
/// Returns a mutable reference to the OpenSSL `SslStream`.
fn raw_stream_mut(&mut self) -> &mut ssl::SslStream<S>;
}
impl<S> TlsStreamExt<S> for ::TlsStream<S> {
fn raw_stream(&self) -> &ssl::SslStream<S> {
&(self.0).0
}
fn raw_stream_mut(&mut self) -> &mut ssl::SslStream<S> {
&mut (self.0).0
}
}
/// OpenSSL-specific extensions to `Error`
pub trait ErrorExt {
/// Extract the underlying OpenSSL error for inspection.
fn openssl_error(&self) -> &ssl::Error;
}
impl ErrorExt for ::Error {
fn openssl_error(&self) -> &ssl::Error {
&(self.0).0
}
}
+8 -51
View File
@@ -51,12 +51,12 @@ impl From<io::Error> for Error {
}
}
pub struct Pkcs12 {
pub struct Identity {
cert: CertContext,
}
impl Pkcs12 {
pub fn from_der(buf: &[u8], pass: &str) -> Result<Pkcs12, Error> {
impl Identity {
pub fn from_pkcs12(buf: &[u8], pass: &str) -> Result<Identity, Error> {
let store = PfxImportOptions::new().password(pass).import(buf)?;
let mut identity = None;
@@ -82,7 +82,7 @@ impl Pkcs12 {
}
};
Ok(Pkcs12 { cert: identity })
Ok(Identity { cert: identity })
}
}
@@ -164,8 +164,8 @@ impl<S> From<io::Error> for HandshakeError<S> {
pub struct TlsConnectorBuilder(TlsConnector);
impl TlsConnectorBuilder {
pub fn identity(&mut self, pkcs12: Pkcs12) -> Result<(), Error> {
self.0.cert = Some(pkcs12.cert);
pub fn identity(&mut self, identity: Identity) -> Result<(), Error> {
self.0.cert = Some(identity.cert);
Ok(())
}
@@ -264,9 +264,9 @@ pub struct TlsAcceptor {
}
impl TlsAcceptor {
pub fn builder(pkcs12: Pkcs12) -> Result<TlsAcceptorBuilder, Error> {
pub fn builder(identity: Identity) -> Result<TlsAcceptorBuilder, Error> {
Ok(TlsAcceptorBuilder(TlsAcceptor {
cert: pkcs12.cert,
cert: identity.cert,
protocols: vec![Protocol::Tls10, Protocol::Tls11, Protocol::Tls12],
}))
}
@@ -329,46 +329,3 @@ impl<S: io::Read + io::Write> io::Write for TlsStream<S> {
self.0.flush()
}
}
/// SChannel-specific extensions to `TlsStream`.
pub trait TlsStreamExt<S> {
/// Returns a shared reference to the SChannel `TlsStream`.
fn raw_stream(&self) -> &tls_stream::TlsStream<S>;
/// Returns a mutable reference to the SChannel `TlsStream`.
fn raw_stream_mut(&mut self) -> &mut tls_stream::TlsStream<S>;
}
impl<S> TlsStreamExt<S> for ::TlsStream<S> {
fn raw_stream(&self) -> &tls_stream::TlsStream<S> {
&(self.0).0
}
fn raw_stream_mut(&mut self) -> &mut tls_stream::TlsStream<S> {
&mut (self.0).0
}
}
/// SChannel-specific extensions to `Error`
pub trait ErrorExt {
/// Extract the underlying SChannel error for inspection.
fn schannel_error(&self) -> &io::Error;
}
impl ErrorExt for ::Error {
fn schannel_error(&self) -> &io::Error {
&(self.0).0
}
}
/// SChannel-specific extensions to `Certificate`.
pub trait CertificateExt {
/// builds a native_Tls `Certificate` from an schannel `CertContext`
fn from_cert_context(CertContext) -> ::Certificate;
}
impl CertificateExt for ::Certificate {
fn from_cert_context(cert: CertContext) -> ::Certificate {
::Certificate(Certificate(cert))
}
}
+18 -62
View File
@@ -7,8 +7,9 @@ use self::security_framework::base;
use self::security_framework::certificate::SecCertificate;
use self::security_framework::identity::SecIdentity;
use self::security_framework::import_export::{ImportedIdentity, Pkcs12ImportOptions};
use self::security_framework::secure_transport::{self, ClientBuilder, SslConnectionType,
SslContext, SslProtocol, SslProtocolSide};
use self::security_framework::secure_transport::{
self, ClientBuilder, SslConnectionType, SslContext, SslProtocol, SslProtocolSide,
};
use self::security_framework_sys::base::errSecIO;
use self::tempfile::TempDir;
use std::error;
@@ -88,14 +89,14 @@ impl From<base::Error> for Error {
}
#[derive(Clone)]
pub struct Pkcs12 {
pub struct Identity {
identity: SecIdentity,
chain: Vec<SecCertificate>,
}
impl Pkcs12 {
pub fn from_der(buf: &[u8], pass: &str) -> Result<Pkcs12, Error> {
let mut imports = Pkcs12::import_options(buf, pass)?;
impl Identity {
pub fn from_pkcs12(buf: &[u8], pass: &str) -> Result<Identity, Error> {
let mut imports = Identity::import_options(buf, pass)?;
let import = imports.pop().unwrap();
let identity = import
@@ -105,7 +106,7 @@ impl Pkcs12 {
// FIXME: Compare the certificates for equality using CFEqual
let identity_cert = identity.certificate()?.to_der();
Ok(Pkcs12 {
Ok(Identity {
identity: identity,
chain: import
.cert_chain
@@ -264,8 +265,8 @@ where
pub struct TlsConnectorBuilder(TlsConnector);
impl TlsConnectorBuilder {
pub fn identity(&mut self, pkcs12: Pkcs12) -> Result<(), Error> {
self.0.pkcs12 = Some(pkcs12);
pub fn identity(&mut self, identity: Identity) -> Result<(), Error> {
self.0.identity = Some(identity);
Ok(())
}
@@ -298,7 +299,7 @@ impl TlsConnectorBuilder {
#[derive(Clone)]
pub struct TlsConnector {
pkcs12: Option<Pkcs12>,
identity: Option<Identity>,
protocols: Vec<Protocol>,
roots: Vec<SecCertificate>,
use_sni: bool,
@@ -309,7 +310,7 @@ pub struct TlsConnector {
impl TlsConnector {
pub fn builder() -> Result<TlsConnectorBuilder, Error> {
Ok(TlsConnectorBuilder(TlsConnector {
pkcs12: None,
identity: None,
protocols: vec![Protocol::Tlsv10, Protocol::Tlsv11, Protocol::Tlsv12],
roots: vec![],
use_sni: true,
@@ -326,8 +327,8 @@ impl TlsConnector {
let (min, max) = protocol_min_max(&self.protocols);
builder.protocol_min(min);
builder.protocol_max(max);
if let Some(pkcs12) = self.pkcs12.as_ref() {
builder.identity(&pkcs12.identity, &pkcs12.chain);
if let Some(identity) = self.identity.as_ref() {
builder.identity(&identity.identity, &identity.chain);
}
builder.anchor_certificates(&self.roots);
builder.use_sni(self.use_sni);
@@ -356,14 +357,14 @@ impl TlsAcceptorBuilder {
#[derive(Clone)]
pub struct TlsAcceptor {
pkcs12: Pkcs12,
identity: Identity,
protocols: Vec<Protocol>,
}
impl TlsAcceptor {
pub fn builder(pkcs12: Pkcs12) -> Result<TlsAcceptorBuilder, Error> {
pub fn builder(identity: Identity) -> Result<TlsAcceptorBuilder, Error> {
Ok(TlsAcceptorBuilder(TlsAcceptor {
pkcs12: pkcs12,
identity,
protocols: vec![Protocol::Tlsv10, Protocol::Tlsv11, Protocol::Tlsv12],
}))
}
@@ -377,7 +378,7 @@ impl TlsAcceptor {
let (min, max) = protocol_min_max(&self.protocols);
ctx.set_protocol_version_min(min)?;
ctx.set_protocol_version_max(max)?;
ctx.set_certificate(&self.pkcs12.identity, &self.pkcs12.chain)?;
ctx.set_certificate(&self.identity.identity, &self.identity.chain)?;
match ctx.handshake(stream) {
Ok(s) => Ok(TlsStream(s)),
Err(e) => Err(e.into()),
@@ -427,48 +428,3 @@ impl<S: io::Read + io::Write> io::Write for TlsStream<S> {
self.0.flush()
}
}
/// Security Framework-specific extensions to `TlsStream`.
pub trait TlsStreamExt<S> {
/// Returns a shared reference to the Security Framework `SslStream`.
fn raw_stream(&self) -> &secure_transport::SslStream<S>;
/// Returns a mutable reference to the Security Framework `SslStream`.
fn raw_stream_mut(&mut self) -> &mut secure_transport::SslStream<S>;
}
impl<S> TlsStreamExt<S> for ::TlsStream<S> {
fn raw_stream(&self) -> &secure_transport::SslStream<S> {
&(self.0).0
}
fn raw_stream_mut(&mut self) -> &mut secure_transport::SslStream<S> {
&mut (self.0).0
}
}
/// Security Framework-specific extensions to `TlsConnectorBuilder`.
pub trait TlsConnectorBuilderExt {
/// Deprecated
#[deprecated(since = "0.1.2", note = "use add_root_certificate")]
fn anchor_certificates(&mut self, certs: &[SecCertificate]) -> &mut Self;
}
impl TlsConnectorBuilderExt for ::TlsConnectorBuilder {
fn anchor_certificates(&mut self, certs: &[SecCertificate]) -> &mut Self {
(self.0).0.roots = certs.to_owned();
self
}
}
/// Security Framework-specific extensions to `Error`
pub trait ErrorExt {
/// Extract the underlying Security Framework error for inspection.
fn security_framework_error(&self) -> &base::Error;
}
impl ErrorExt for ::Error {
fn security_framework_error(&self) -> &base::Error {
&(self.0).0
}
}
+23 -22
View File
@@ -69,7 +69,7 @@
//! To accept connections as a server from remote clients:
//!
//! ```rust,no_run
//! use native_tls::{Pkcs12, TlsAcceptor, TlsStream};
//! use native_tls::{Identity, TlsAcceptor, TlsStream};
//! use std::fs::File;
//! use std::io::{Read};
//! use std::net::{TcpListener, TcpStream};
@@ -77,12 +77,12 @@
//! use std::thread;
//!
//! let mut file = File::open("identity.pfx").unwrap();
//! let mut pkcs12 = vec![];
//! file.read_to_end(&mut pkcs12).unwrap();
//! let pkcs12 = Pkcs12::from_der(&pkcs12, "hunter2").unwrap();
//! let mut identity = vec![];
//! file.read_to_end(&mut identity).unwrap();
//! let identity = Identity::from_pkcs12(&identity, "hunter2").unwrap();
//!
//! let listener = TcpListener::bind("0.0.0.0:8443").unwrap();
//! let acceptor = TlsAcceptor::builder(pkcs12).unwrap().build().unwrap();
//! let acceptor = TlsAcceptor::builder(identity).unwrap().build().unwrap();
//! let acceptor = Arc::new(acceptor);
//!
//! fn handle_client(stream: TlsStream<TcpStream>) {
@@ -116,8 +116,6 @@ use std::fmt;
use std::io;
use std::result;
pub mod backend;
#[cfg(any(target_os = "macos", target_os = "ios"))]
#[path = "imp/security_framework.rs"]
mod imp;
@@ -165,10 +163,13 @@ impl<T: Into<imp::Error>> From<T> for Error {
}
}
/// A PKCS #12 archive.
pub struct Pkcs12(imp::Pkcs12);
/// A cryptographic identity.
///
/// An identity is an X509 certificate along with its corresponding private key and chain of certificates to a trusted
/// root.
pub struct Identity(imp::Identity);
impl Pkcs12 {
impl Identity {
/// Parses a DER-formatted PKCS #12 archive, using the specified password to decrypt the key.
///
/// The archive should contain a leaf certificate and its private key, as well any intermediate
@@ -181,9 +182,9 @@ impl Pkcs12 {
/// ```bash
/// openssl pkcs12 -export -out identity.pfx -inkey key.pem -in cert.pem -certfile chain_certs.pem
/// ```
pub fn from_der(der: &[u8], password: &str) -> Result<Pkcs12> {
let pkcs12 = imp::Pkcs12::from_der(der, password)?;
Ok(Pkcs12(pkcs12))
pub fn from_pkcs12(der: &[u8], password: &str) -> Result<Identity> {
let identity = imp::Identity::from_pkcs12(der, password)?;
Ok(Identity(identity))
}
}
@@ -330,8 +331,8 @@ pub struct TlsConnectorBuilder(imp::TlsConnectorBuilder);
impl TlsConnectorBuilder {
/// Sets the identity to be used for client certificate authentication.
pub fn identity(&mut self, pkcs12: Pkcs12) -> Result<&mut TlsConnectorBuilder> {
self.0.identity(pkcs12.0)?;
pub fn identity(&mut self, identity: Identity) -> Result<&mut TlsConnectorBuilder> {
self.0.identity(identity.0)?;
Ok(self)
}
@@ -475,7 +476,7 @@ impl TlsAcceptorBuilder {
/// # Examples
///
/// ```rust,no_run
/// use native_tls::{Pkcs12, TlsAcceptor, TlsStream};
/// use native_tls::{Identity, TlsAcceptor, TlsStream};
/// use std::fs::File;
/// use std::io::{Read};
/// use std::net::{TcpListener, TcpStream};
@@ -483,12 +484,12 @@ impl TlsAcceptorBuilder {
/// use std::thread;
///
/// let mut file = File::open("identity.pfx").unwrap();
/// let mut pkcs12 = vec![];
/// file.read_to_end(&mut pkcs12).unwrap();
/// let pkcs12 = Pkcs12::from_der(&pkcs12, "hunter2").unwrap();
/// let mut identity = vec![];
/// file.read_to_end(&mut identity).unwrap();
/// let identity = Identity::from_pkcs12(&identity, "hunter2").unwrap();
///
/// let listener = TcpListener::bind("0.0.0.0:8443").unwrap();
/// let acceptor = TlsAcceptor::builder(pkcs12).unwrap().build().unwrap();
/// let acceptor = TlsAcceptor::builder(identity).unwrap().build().unwrap();
/// let acceptor = Arc::new(acceptor);
///
/// fn handle_client(stream: TlsStream<TcpStream>) {
@@ -517,8 +518,8 @@ impl TlsAcceptor {
/// This builder is created with a key/certificate pair in the `pkcs12`
/// archived passed in. The returned builder will use that key/certificate
/// to send to clients which it connects to.
pub fn builder(pkcs12: Pkcs12) -> Result<TlsAcceptorBuilder> {
let builder = imp::TlsAcceptor::builder(pkcs12.0)?;
pub fn builder(identity: Identity) -> Result<TlsAcceptorBuilder> {
let builder = imp::TlsAcceptor::builder(identity.0)?;
Ok(TlsAcceptorBuilder(builder))
}
+16 -16
View File
@@ -54,8 +54,8 @@ mod tests {
#[test]
fn server() {
let buf = include_bytes!("../test/identity.p12");
let pkcs12 = p!(Pkcs12::from_der(buf, "mypass"));
let builder = p!(TlsAcceptor::builder(pkcs12));
let identity = p!(Identity::from_pkcs12(buf, "mypass"));
let builder = p!(TlsAcceptor::builder(identity));
let builder = p!(builder.build());
let listener = p!(TcpListener::bind("0.0.0.0:0"));
@@ -93,8 +93,8 @@ mod tests {
#[cfg(not(target_os = "ios"))]
fn server_pem() {
let buf = include_bytes!("../test/identity.p12");
let pkcs12 = p!(Pkcs12::from_der(buf, "mypass"));
let builder = p!(TlsAcceptor::builder(pkcs12));
let identity = p!(Identity::from_pkcs12(buf, "mypass"));
let builder = p!(TlsAcceptor::builder(identity));
let builder = p!(builder.build());
let listener = p!(TcpListener::bind("0.0.0.0:0"));
@@ -131,8 +131,8 @@ mod tests {
#[test]
fn server_tls11_only() {
let buf = include_bytes!("../test/identity.p12");
let pkcs12 = p!(Pkcs12::from_der(buf, "mypass"));
let mut builder = p!(TlsAcceptor::builder(pkcs12));
let identity = p!(Identity::from_pkcs12(buf, "mypass"));
let mut builder = p!(TlsAcceptor::builder(identity));
p!(builder.supported_protocols(&[Protocol::Tlsv11]));
let builder = p!(builder.build());
@@ -171,8 +171,8 @@ mod tests {
#[test]
fn server_no_shared_protocol() {
let buf = include_bytes!("../test/identity.p12");
let pkcs12 = p!(Pkcs12::from_der(buf, "mypass"));
let mut builder = p!(TlsAcceptor::builder(pkcs12));
let identity = p!(Identity::from_pkcs12(buf, "mypass"));
let mut builder = p!(TlsAcceptor::builder(identity));
p!(builder.supported_protocols(&[Protocol::Tlsv12]));
let builder = p!(builder.build());
@@ -200,8 +200,8 @@ mod tests {
#[test]
fn server_untrusted() {
let buf = include_bytes!("../test/identity.p12");
let pkcs12 = p!(Pkcs12::from_der(buf, "mypass"));
let builder = p!(TlsAcceptor::builder(pkcs12));
let identity = p!(Identity::from_pkcs12(buf, "mypass"));
let builder = p!(TlsAcceptor::builder(identity));
let builder = p!(builder.build());
let listener = p!(TcpListener::bind("0.0.0.0:0"));
@@ -225,8 +225,8 @@ mod tests {
#[test]
fn server_untrusted_unverified() {
let buf = include_bytes!("../test/identity.p12");
let pkcs12 = p!(Pkcs12::from_der(buf, "mypass"));
let builder = p!(TlsAcceptor::builder(pkcs12));
let identity = p!(Identity::from_pkcs12(buf, "mypass"));
let builder = p!(TlsAcceptor::builder(identity));
let builder = p!(builder.build());
let listener = p!(TcpListener::bind("0.0.0.0:0"));
@@ -260,15 +260,15 @@ mod tests {
#[test]
fn import_same_identity_multiple_times() {
let buf = include_bytes!("../test/identity.p12");
let _ = p!(Pkcs12::from_der(buf, "mypass"));
let _ = p!(Pkcs12::from_der(buf, "mypass"));
let _ = p!(Identity::from_pkcs12(buf, "mypass"));
let _ = p!(Identity::from_pkcs12(buf, "mypass"));
}
#[test]
fn shutdown() {
let buf = include_bytes!("../test/identity.p12");
let pkcs12 = p!(Pkcs12::from_der(buf, "mypass"));
let builder = p!(TlsAcceptor::builder(pkcs12));
let identity = p!(Identity::from_pkcs12(buf, "mypass"));
let builder = p!(TlsAcceptor::builder(identity));
let builder = p!(builder.build());
let listener = p!(TcpListener::bind("0.0.0.0:0"));