Update to openssl 0.9

2016-11-05 21:01:26 -07:00 · 2016-11-05 21:01:26 -07:00 · fe0e1ad5a2
commit fe0e1ad5a2
parent 7d96c13198
3 changed files with 30 additions and 32 deletions
--- a/Cargo.toml
+++ b/Cargo.toml
@ -24,7 +24,7 @@ path = "tests/test.rs"
 with-bit-vec = ["bit-vec"]
 with-chrono = ["chrono"]
 with-eui48 = ["eui48"]
-with-openssl = ["openssl", "openssl-verify"]
+with-openssl = ["openssl"]
 with-rustc-serialize = ["rustc-serialize"]
 with-security-framework = ["security-framework"]
 with-serde_json = ["serde_json"]
@ -41,8 +41,7 @@ postgres-protocol = "0.1"
 bit-vec = { version = "0.4", optional = true }
 chrono = { version = "0.2.14", optional = true }
 eui48 = { version = "0.1", optional = true }
-openssl-verify = { version = "0.2", optional = true }
+openssl = { version = "0.9", optional = true }
 openssl = { version = "0.8", optional = true }
 rustc-serialize = { version = "0.3", optional = true }
 security-framework = { version = "0.1.2", optional = true }
 serde_json = { version = ">= 0.6, < 0.9", optional = true }
--- a/src/tls/openssl.rs
+++ b/src/tls/openssl.rs
@ -1,13 +1,11 @@
 //! OpenSSL support.
 extern crate openssl;
 extern crate openssl_verify;
 use std::error::Error;
 use std::fmt;
 use self::openssl::error::ErrorStack;
-use self::openssl::ssl::{IntoSsl, SslContext, SslStream, SslMethod, SSL_VERIFY_PEER,
+use self::openssl::ssl::{SslMethod, SslConnector, SslConnectorBuilder, SslStream};
                         SSL_OP_NO_SSLV2, SSL_OP_NO_SSLV3, SSL_OP_NO_COMPRESSION};
 use self::openssl_verify::verify_callback;
 use tls::{TlsStream, Stream, TlsHandshake};
 impl TlsStream for SslStream<Stream> {
@ -23,35 +21,35 @@ impl TlsStream for SslStream<Stream> {
 /// A `TlsHandshake` implementation that uses OpenSSL.
 ///
 /// Requires the `with-openssl` feature.
-#[derive(Debug)]
+pub struct OpenSsl(SslConnector);
-pub struct OpenSsl(SslContext);
+
 impl fmt::Debug for OpenSsl {
    fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result {
        fmt.debug_struct("OpenSsl").finish()
    }
 }
 impl OpenSsl {
-    /// Creates a `OpenSsl` with a reasonable default configuration.
+    /// Creates a `OpenSsl` with `SslConnector`'s default configuration.
    ///
    /// The configuration is modeled after libcurl's and is subject to change.
    pub fn new() -> Result<OpenSsl, ErrorStack> {
-        let mut ctx = try!(SslContext::new(SslMethod::Sslv23));
+        let connector = try!(SslConnectorBuilder::new(SslMethod::tls())).build();
-        try!(ctx.set_default_verify_paths());
+        Ok(OpenSsl(connector))
        ctx.set_options(SSL_OP_NO_SSLV2 | SSL_OP_NO_SSLV3 | SSL_OP_NO_COMPRESSION);
        try!(ctx.set_cipher_list("ALL!EXPORT!EXPORT40!EXPORT56!aNULL!LOW!RC4@STRENGTH"));
        Ok(ctx.into())
    }
-    /// Returns a reference to the associated `SslContext`.
+    /// Returns a reference to the inner `SslConnector`.
-    pub fn context(&self) -> &SslContext {
+    pub fn connector(&self) -> &SslConnector {
        &self.0
    }
-    /// Returns a mutable reference to the associated `SslContext`.
+    /// Returns a mutable reference to the inner `SslConnector`.
-    pub fn context_mut(&mut self) -> &mut SslContext {
+    pub fn connector_mut(&mut self) -> &mut SslConnector {
        &mut self.0
    }
 }
-impl From<SslContext> for OpenSsl {
+impl From<SslConnector> for OpenSsl {
-    fn from(ctx: SslContext) -> OpenSsl {
+    fn from(connector: SslConnector) -> OpenSsl {
-        OpenSsl(ctx)
+        OpenSsl(connector)
    }
 }
@ -60,10 +58,7 @@ impl TlsHandshake for OpenSsl {
                     domain: &str,
                     stream: Stream)
                     -> Result<Box<TlsStream>, Box<Error + Send + Sync>> {
-        let domain = domain.to_owned();
+        let stream = try!(self.0.connect(domain, stream));
        let mut ssl = try!(self.0.into_ssl());
        ssl.set_verify_callback(SSL_VERIFY_PEER, move |p, x| verify_callback(&domain, p, x));
        let stream = try!(SslStream::connect(ssl, stream));
        Ok(Box::new(stream))
    }
 }
--- a/tests/test.rs
+++ b/tests/test.rs
@ -664,10 +664,12 @@ fn test_cancel_query() {
 #[test]
 #[cfg(feature = "with-openssl")]
 fn test_require_ssl_conn() {
    use openssl::ssl::{SslMethod, SslConnectorBuilder};
    use postgres::tls::openssl::OpenSsl;
-    let mut negotiator = OpenSsl::new().unwrap();
+    let mut builder = SslConnectorBuilder::new(SslMethod::tls()).unwrap();
-    negotiator.context_mut().set_CA_file(".travis/server.crt").unwrap();
+    builder.builder_mut().set_ca_file(".travis/server.crt").unwrap();
    let negotiator = OpenSsl::from(builder.build());
    let conn = or_panic!(Connection::connect("postgres://postgres@localhost",
                                             TlsMode::Require(&negotiator)));
    or_panic!(conn.execute("SELECT 1::VARCHAR", &[]));
@ -676,10 +678,12 @@ fn test_require_ssl_conn() {
 #[test]
 #[cfg(feature = "with-openssl")]
 fn test_prefer_ssl_conn() {
    use openssl::ssl::{SslMethod, SslConnectorBuilder};
    use postgres::tls::openssl::OpenSsl;
-    let mut negotiator = OpenSsl::new().unwrap();
+    let mut builder = SslConnectorBuilder::new(SslMethod::tls()).unwrap();
-    negotiator.context_mut().set_CA_file(".travis/server.crt").unwrap();
+    builder.builder_mut().set_ca_file(".travis/server.crt").unwrap();
    let negotiator = OpenSsl::from(builder.build());
    let conn = or_panic!(Connection::connect("postgres://postgres@localhost",
                                             TlsMode::Require(&negotiator)));
    or_panic!(conn.execute("SELECT 1::VARCHAR", &[]));