]> git.proxmox.com Git - cargo.git/blobdiff - vendor/openssl/src/x509/store.rs
projects / cargo.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
New upstream version 0.52.0
[cargo.git] / vendor / openssl / src / x509 / store.rs
diff --git a/vendor/openssl/src/x509/store.rs b/vendor/openssl/src/x509/store.rs
index 2ccc78d7e14872b7e513d80a8b9ed4436355a3d8..10cdc2d474a1ea86244746d20cefc8acfc3bbc67 100644 (file)
--- a/vendor/openssl/src/x509/store.rs
+++ b/vendor/openssl/src/x509/store.rs
@@ -6,9 +6,6 @@
 //! # Example
 //!
 //! ```rust
-//!
-//! extern crate openssl;
-//!
 //! use openssl::x509::store::{X509StoreBuilder, X509Store};
 //! use openssl::x509::{X509, X509Name};
 //! use openssl::pkey::PKey;
@@ -16,38 +13,38 @@
 //! use openssl::rsa::Rsa;
 //! use openssl::nid::Nid;
 //!
-//! fn main() {
-//!     let rsa = Rsa::generate(2048).unwrap();
-//!     let pkey = PKey::from_rsa(rsa).unwrap();
+//! let rsa = Rsa::generate(2048).unwrap();
+//! let pkey = PKey::from_rsa(rsa).unwrap();
 //!
-//!     let mut name = X509Name::builder().unwrap();
-//!     name.append_entry_by_nid(Nid::COMMONNAME, "foobar.com").unwrap();
-//!     let name = name.build();
+//! let mut name = X509Name::builder().unwrap();
+//! name.append_entry_by_nid(Nid::COMMONNAME, "foobar.com").unwrap();
+//! let name = name.build();
 //!
-//!     let mut builder = X509::builder().unwrap();
-//!     builder.set_version(2).unwrap();
-//!     builder.set_subject_name(&name).unwrap();
-//!     builder.set_issuer_name(&name).unwrap();
-//!     builder.set_pubkey(&pkey).unwrap();
-//!     builder.sign(&pkey, MessageDigest::sha256()).unwrap();
+//! let mut builder = X509::builder().unwrap();
+//! builder.set_version(2).unwrap();
+//! builder.set_subject_name(&name).unwrap();
+//! builder.set_issuer_name(&name).unwrap();
+//! builder.set_pubkey(&pkey).unwrap();
+//! builder.sign(&pkey, MessageDigest::sha256()).unwrap();
 //!
-//!     let certificate: X509 = builder.build();
+//! let certificate: X509 = builder.build();
 //!
-//!     let mut builder = X509StoreBuilder::new().unwrap();
-//!     let _ = builder.add_cert(certificate);
+//! let mut builder = X509StoreBuilder::new().unwrap();
+//! let _ = builder.add_cert(certificate);
 //!
-//!     let store: X509Store = builder.build();
-//! }
+//! let store: X509Store = builder.build();
 //! ```
 
-use ffi;
+use cfg_if::cfg_if;
 use foreign_types::ForeignTypeRef;
 use std::mem;
 
-use error::ErrorStack;
-use stack::StackRef;
-use x509::{X509Object, X509};
-use {cvt, cvt_p};
+use crate::error::ErrorStack;
+use crate::stack::StackRef;
+#[cfg(any(ossl102, libressl261))]
+use crate::x509::verify::X509VerifyFlags;
+use crate::x509::{X509Object, X509};
+use crate::{cvt, cvt_p};
 
 foreign_type_and_impl_send_sync! {
     type CType = ffi::X509_STORE;
@@ -94,6 +91,92 @@ impl X509StoreBuilderRef {
     pub fn set_default_paths(&mut self) -> Result<(), ErrorStack> {
         unsafe { cvt(ffi::X509_STORE_set_default_paths(self.as_ptr())).map(|_| ()) }
     }
+
+    /// Adds a lookup method to the store.
+    ///
+    /// This corresponds to [`X509_STORE_add_lookup`].
+    ///
+    /// [`X509_STORE_add_lookup`]: https://www.openssl.org/docs/man1.1.1/man3/X509_STORE_add_lookup.html
+    pub fn add_lookup<T>(
+        &mut self,
+        method: &'static X509LookupMethodRef<T>,
+    ) -> Result<&mut X509LookupRef<T>, ErrorStack> {
+        let lookup = unsafe { ffi::X509_STORE_add_lookup(self.as_ptr(), method.as_ptr()) };
+        cvt_p(lookup).map(|ptr| unsafe { X509LookupRef::from_ptr_mut(ptr) })
+    }
+
+    /// Sets certificate chain validation related flags.
+    ///
+    /// This corresponds to [`X509_STORE_set_flags`].
+    ///
+    /// [`X509_STORE_set_flags`]: https://www.openssl.org/docs/man1.1.1/man3/X509_STORE_set_flags.html
+    #[cfg(any(ossl102, libressl261))]
+    pub fn set_flags(&mut self, flags: X509VerifyFlags) -> Result<(), ErrorStack> {
+        unsafe { cvt(ffi::X509_STORE_set_flags(self.as_ptr(), flags.bits())).map(|_| ()) }
+    }
+}
+
+generic_foreign_type_and_impl_send_sync! {
+    type CType = ffi::X509_LOOKUP;
+    fn drop = ffi::X509_LOOKUP_free;
+
+    /// Information used by an `X509Store` to look up certificates and CRLs.
+    pub struct X509Lookup<T>;
+    /// Reference to an `X509Lookup`.
+    pub struct X509LookupRef<T>;
+}
+
+/// Marker type corresponding to the [`X509_LOOKUP_hash_dir`] lookup method.
+///
+/// [`X509_LOOKUP_hash_dir`]: https://www.openssl.org/docs/man1.1.0/crypto/X509_LOOKUP_hash_dir.html
+pub struct HashDir;
+
+impl X509Lookup<HashDir> {
+    /// Lookup method that loads certificates and CRLs on demand and caches
+    /// them in memory once they are loaded. It also checks for newer CRLs upon
+    /// each lookup, so that newer CRLs are used as soon as they appear in the
+    /// directory.
+    ///
+    /// This corresponds to [`X509_LOOKUP_hash_dir`].
+    ///
+    /// [`X509_LOOKUP_hash_dir`]: https://www.openssl.org/docs/man1.1.0/crypto/X509_LOOKUP_hash_dir.html
+    pub fn hash_dir() -> &'static X509LookupMethodRef<HashDir> {
+        unsafe { X509LookupMethodRef::from_ptr(ffi::X509_LOOKUP_hash_dir()) }
+    }
+}
+
+impl X509LookupRef<HashDir> {
+    /// Specifies a directory from which certificates and CRLs will be loaded
+    /// on-demand. Must be used with `X509Lookup::hash_dir`.
+    ///
+    /// This corresponds to [`X509_LOOKUP_add_dir`].
+    ///
+    /// [`X509_LOOKUP_add_dir`]: https://www.openssl.org/docs/man1.1.1/man3/X509_LOOKUP_add_dir.html
+    pub fn add_dir(
+        &mut self,
+        name: &str,
+        file_type: crate::ssl::SslFiletype,
+    ) -> Result<(), ErrorStack> {
+        let name = std::ffi::CString::new(name).unwrap();
+        unsafe {
+            cvt(ffi::X509_LOOKUP_add_dir(
+                self.as_ptr(),
+                name.as_ptr(),
+                file_type.as_raw(),
+            ))
+            .map(|_| ())
+        }
+    }
+}
+
+generic_foreign_type_and_impl_send_sync! {
+    type CType = ffi::X509_LOOKUP_METHOD;
+    fn drop = X509_LOOKUP_meth_free;
+
+    /// Method used to look up certificates and CRLs.
+    pub struct X509LookupMethod<T>;
+    /// Reference to an `X509LookupMethod`.
+    pub struct X509LookupMethodRef<T>;
 }
 
 foreign_type_and_impl_send_sync! {
@@ -123,3 +206,12 @@ cfg_if! {
         }
     }
 }
+
+cfg_if! {
+    if #[cfg(ossl110)] {
+        use ffi::X509_LOOKUP_meth_free;
+    } else {
+        #[allow(bad_style)]
+        unsafe fn X509_LOOKUP_meth_free(_x: *mut ffi::X509_LOOKUP_METHOD) {}
+    }
+}
backport for Debian buster