feat(net): Allow more generic SSL verification (fixes #244)
This commit is contained in:
Manish Goregaokar
@@ -25,12 +25,10 @@ use std::iter::Extend;
|
||||
use url::UrlParser;
|
||||
use url::ParseError as UrlError;
|
||||
|
||||
use openssl::ssl::VerifyCallback;
|
||||
|
||||
use header::{Headers, Header, HeaderFormat};
|
||||
use header::common::{ContentLength, Location};
|
||||
use method::Method;
|
||||
use net::{NetworkConnector, HttpConnector};
|
||||
use net::{NetworkConnector, HttpConnector, ContextVerifier};
|
||||
use status::StatusClass::Redirection;
|
||||
use {Url, Port, HttpResult};
|
||||
use HttpError::HttpUriError;
|
||||
@@ -57,7 +55,7 @@ impl Client<HttpConnector> {
|
||||
}
|
||||
|
||||
/// Set the SSL verifier callback for use with OpenSSL.
|
||||
pub fn set_ssl_verifier(&mut self, verifier: VerifyCallback) {
|
||||
pub fn set_ssl_verifier(&mut self, verifier: ContextVerifier) {
|
||||
self.connector = HttpConnector(Some(verifier));
|
||||
}
|
||||
|
||||
|
||||
13
src/net.rs
13
src/net.rs
@@ -11,8 +11,8 @@ use std::raw::{self, TraitObject};
|
||||
use std::sync::Arc;
|
||||
|
||||
use uany::UnsafeAnyExt;
|
||||
use openssl::ssl::{Ssl, SslStream, SslContext, VerifyCallback};
|
||||
use openssl::ssl::SslVerifyMode::{SslVerifyPeer, SslVerifyNone};
|
||||
use openssl::ssl::{Ssl, SslStream, SslContext};
|
||||
use openssl::ssl::SslVerifyMode::SslVerifyNone;
|
||||
use openssl::ssl::SslMethod::Sslv23;
|
||||
use openssl::ssl::error::{SslError, StreamError, OpenSslErrors, SslSessionClosed};
|
||||
use openssl::x509::X509FileType;
|
||||
@@ -309,7 +309,10 @@ impl NetworkStream for HttpStream {
|
||||
|
||||
/// A connector that will produce HttpStreams.
|
||||
#[allow(missing_copy_implementations)]
|
||||
pub struct HttpConnector(pub Option<VerifyCallback>);
|
||||
pub struct HttpConnector(pub Option<ContextVerifier>);
|
||||
|
||||
/// A method that can set verification methods on an SSL context
|
||||
pub type ContextVerifier = for <'a> fn(&'a mut SslContext) -> ();
|
||||
|
||||
impl NetworkConnector for HttpConnector {
|
||||
type Stream = HttpStream;
|
||||
@@ -325,7 +328,9 @@ impl NetworkConnector for HttpConnector {
|
||||
debug!("https scheme");
|
||||
let stream = try!(TcpStream::connect(addr));
|
||||
let mut context = try!(SslContext::new(Sslv23).map_err(lift_ssl_error));
|
||||
self.0.as_ref().map(|cb| context.set_verify(SslVerifyPeer, Some(*cb)));
|
||||
if let Some(ref v) = self.0 {
|
||||
v(&mut context);
|
||||
}
|
||||
let ssl = try!(Ssl::new(&context).map_err(lift_ssl_error));
|
||||
try!(ssl.set_hostname(host).map_err(lift_ssl_error));
|
||||
let stream = try!(SslStream::new(&context, stream).map_err(lift_ssl_error));
|
||||
|
||||
Reference in New Issue
Block a user