From a47692920e060aca4ff988da274d7940609efff1 Mon Sep 17 00:00:00 2001 From: AIkorsky Date: Wed, 25 Jan 2017 20:56:04 +0300 Subject: [PATCH] Update dependencies --- src/error.rs | 28 +++++++++++++++++++++++++++- src/io.rs | 22 +++++++++++++++------- 2 files changed, 42 insertions(+), 8 deletions(-) diff --git a/src/error.rs b/src/error.rs index a6723f2..6b61323 100644 --- a/src/error.rs +++ b/src/error.rs @@ -5,7 +5,12 @@ use std::result; use std::sync; #[cfg(all(feature = "ssl", all(unix, not(target_os = "macos"))))] -use openssl::ssl::error::SslError; +use openssl::error::{ + Error as SslError, + ErrorStack as SslErrorStack, +}; +#[cfg(all(feature = "ssl", all(unix, not(target_os = "macos"))))] +use openssl::ssl::Error as OpensslError; #[cfg(all(feature = "ssl", target_os = "macos"))] use security_framework::base::Error as SslError; @@ -118,6 +123,27 @@ impl From for Error { } } +#[cfg(all(feature = "ssl", unix, not(target_os = "macos")))] +impl From for Error { + fn from(err: SslErrorStack) -> Error { + Error::SslError(err.errors()[0].clone()) + } +} + +#[cfg(all(feature = "ssl", all(unix, not(target_os = "macos"))))] +impl From for Error { + fn from(err: OpensslError) -> Error { + match err { + OpensslError::ZeroReturn => io::Error::new(io::ErrorKind::Other, "The SSL session has been closed by the other end").into(), + OpensslError::WantRead(err) => err.into(), + OpensslError::WantWrite(err) => err.into(), + OpensslError::WantX509Lookup => io::Error::new(io::ErrorKind::Other, "The client certificate callback requested to be called again").into(), + OpensslError::Stream(err) => err.into(), + OpensslError::Ssl(err) => err.into() + } + } +} + impl From for Error { fn from(err: UrlError) -> Error { Error::UrlError(err) diff --git a/src/io.rs b/src/io.rs index 8167024..b7d972f 100644 --- a/src/io.rs +++ b/src/io.rs @@ -510,19 +510,19 @@ impl Stream { pub fn make_secure(mut self, verify_peer: bool, _: &Option, ssl_opts: &SslOpts) -> MyResult { if self.is_insecure() { - let mut ctx = try!(SslContext::new(ssl::SslMethod::Tlsv1)); + let mut ctx = try!(SslContext::builder(ssl::SslMethod::tls())); let mode = if verify_peer { ssl::SSL_VERIFY_PEER } else { ssl::SSL_VERIFY_NONE }; - ctx.set_verify(mode, None); + ctx.set_verify(mode); match *ssl_opts { - Some((ref ca_cert, None)) => try!(ctx.set_CA_file(&ca_cert)), + Some((ref ca_cert, None)) => try!(ctx.set_ca_file(&ca_cert)), Some((ref ca_cert, Some((ref client_cert, ref client_key)))) => { - try!(ctx.set_CA_file(&ca_cert)); - try!(ctx.set_certificate_file(&client_cert, x509::X509FileType::PEM)); - try!(ctx.set_private_key_file(&client_key, x509::X509FileType::PEM)); + try!(ctx.set_ca_file(&ca_cert)); + try!(ctx.set_certificate_file(&client_cert, x509::X509_FILETYPE_PEM)); + try!(ctx.set_private_key_file(&client_key, x509::X509_FILETYPE_PEM)); }, _ => unreachable!(), } @@ -531,7 +531,15 @@ impl Stream { let stream = opt_stream.take().unwrap(); match stream { TcpStream::Insecure(stream) => { - let sstream = try!(ssl::SslStream::connect(&ctx, stream.into_inner().unwrap())); + let ctx = ctx.build(); + let sstream = match try!(ssl::Ssl::new(&ctx)).connect(stream.into_inner().unwrap()) { + Ok(sstream) => sstream, + Err(handshake_err) => match handshake_err { + ssl::HandshakeError::SetupFailure(err) => return Err(err.into()), + ssl::HandshakeError::Failure(mid_stream) => return Err(mid_stream.into_error().into()), + ssl::HandshakeError::Interrupted(_) => unreachable!("Interrupted"), + }, + }; Ok(Stream::TcpStream(Some(TcpStream::Secure(BufStream::new(sstream))))) }, _ => unreachable!(),