Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement SSL_CONF_cmd VerifyMode command. #31

Merged
merged 4 commits into from
Jun 26, 2024
Merged

Implement SSL_CONF_cmd VerifyMode command. #31

merged 4 commits into from
Jun 26, 2024

Conversation

cpu
Copy link
Member

@cpu cpu commented Jun 25, 2024
edited
Loading

This branch follows #29, extending the existing SSL_CONF_xxx API to support the "VerifyMode" sub-command. See man 3 SSL_CONF_cmd & ctrl-f "VerifyMode" (my kingdom for an anchor tag 🙄), for more information.

Similar to the existing support for SSL_CTX_set_verify and SSL_set_verify we support Peer, Request and Require but not Once, RequestPostHandshake or RequiresPostHandshake.

Along the way I also:

  • Added a SSL_CONF_CTX_clear_flags entrypoint. The implementation landed in Start of SSL_CONF_* API support, Ubuntu 24.04 in CI #29 but wasn't being demangled by the linker build script to expose it. It's now used in the config.c unit test so we won't regress by mistake.
  • Added SSL_get_verify_mode. We already implemented SSL_CTX_get_verify_mode and had all the pieces
    laying around for the SSL equiv. I also needed this for the update to the config.c unit tests.

There's no nginx integration test for this one because I believe we need #15 to get that working.

Updates #22

cpu added 4 commits June 25, 2024 15:03
@cpu
conf: tidy/tighten some dead_code allows
9387f5d
@cpu
build: add SSL_CONF_CTX_clear_flags entrypoint
d61bbd5 
We define a `_SSL_CONF_CTX_clear_flags` entrypoint, but weren't using it
prior to this commit.
@cpu
implement SSL_get_verify_mode
16380fc 
We already implemented `SSL_CTX_get_verify_mode` and had all the pieces
laying around for the `SSL` equiv. Implementing this for `SSL` objects
will make writing a unit test for a piece of the `SSL_CONF_` API easier.
@cpu
conf: implement VerifyMode command
1bcfb4f 
An nginx integration test is blocked on implementing
`SSL_CTX_set_verify`.
@cpu cpu self-assigned this Jun 25, 2024
This was referenced Jun 25, 2024
Merged
Merged
@cpu cpu merged commit 7cf7898 into rustls:main Jun 26, 2024
14 checks passed
@cpu cpu deleted the cpu-ssl-conf-verify-mode branch June 26, 2024 13:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ctz ctz ctz approved these changes

Assignees

@cpu cpu

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cpu @ctz