1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
use mbedtls_sys::types::raw_types::{c_char,c_int};
use mbedtls_sys::*;
use error::IntoResult;
use x509::{LinkedCertificate,Crl,Profile};
define!(enum Endpoint -> c_int {
Client => SSL_IS_CLIENT,
Server => SSL_IS_SERVER,
});
define!(enum Transport -> c_int {
Stream => SSL_TRANSPORT_STREAM,
Datagram => SSL_TRANSPORT_DATAGRAM,
});
define!(enum Preset -> c_int {
Default => SSL_PRESET_DEFAULT,
SuiteB => SSL_PRESET_SUITEB,
});
define!(enum AuthMode -> c_int {
None => SSL_VERIFY_NONE,
Optional => SSL_VERIFY_OPTIONAL,
Required => SSL_VERIFY_REQUIRED,
});
callback!(DbgCallback:Sync(level: c_int, file: *const c_char, line: c_int, message: *const c_char) -> ());
define!(struct Config<'c>(ssl_config) {
fn init = ssl_config_init;
fn drop = ssl_config_free;
impl<'q> Into<*>;
});
#[cfg(feature="threading")]
unsafe impl<'c> Sync for Config<'c> {}
impl<'c> Config<'c> {
pub fn new(e: Endpoint, t: Transport, p: Preset) -> Self {
let mut c=Config::init();
unsafe{ssl_config_defaults(&mut c.inner,e.into(),t.into(),p.into());}
c
}
setter!(set_endpoint(e: Endpoint) = ssl_conf_endpoint);
setter!(set_transport(t: Transport) = ssl_conf_transport);
setter!(set_authmode(am: AuthMode) = ssl_conf_authmode);
getter!(read_timeout() -> u32 = .read_timeout);
setter!(set_read_timeout(t: u32) = ssl_conf_read_timeout);
fn check_ciphersuites(list: &[c_int]) {
assert!(list.last()==Some(&0));
}
pub fn set_ciphersuites(&mut self, list: &'c [c_int]) {
Self::check_ciphersuites(list);
unsafe{ssl_conf_ciphersuites(&mut self.inner,list.as_ptr())}
}
pub fn set_ciphersuites_for_version(&mut self, list: &'c [c_int], major: c_int, minor: c_int) {
Self::check_ciphersuites(list);
unsafe{ssl_conf_ciphersuites_for_version(&mut self.inner,list.as_ptr(),major,minor)}
}
setter!(set_cert_profile(p: &'c Profile) = ssl_conf_cert_profile);
pub fn set_ca_list<C: Into<&'c mut LinkedCertificate>>(&mut self, list: Option<C>, crl: Option<&'c mut Crl>) {
unsafe{ssl_conf_ca_chain(
&mut self.inner,
list.map(Into::into).map(Into::into).unwrap_or(::core::ptr::null_mut()),
crl.map(Into::into).unwrap_or(::core::ptr::null_mut())
)}
}
pub fn push_cert<C: Into<&'c mut LinkedCertificate>>(&mut self, chain: C, key: &'c mut ::pk::Pk) -> ::Result<()> {
unsafe{ssl_conf_own_cert(&mut self.inner,chain.into().into(),key.into()).into_result().map(|_|())}
}
}
setter_callback!(Config<'c>::set_rng(f: ::rng::Random) = ssl_conf_rng);
setter_callback!(Config<'c>::set_dbg(f: DbgCallback) = ssl_conf_dbg);