expose DANE functions for SSL/SSL_CTX #2057
Conversation
|
Can you also add some tests? |
|
I'd love some feedback on the current state of this if you can find the time over this coming weekend! |
|
Friendly ping! If there's something I need to tweak, please let me know! |
|
@sfackler I'd appreciate some feedback on this, thanks! |
|
Please let me know what I can do to help make progress here, thanks! |
|
I'd love to get this merged, please let me know how I can help make that happen! |
wez
force-pushed
the
dane
branch
2 times, most recently
from
583e74a to
94053bb
Compare
| &mut self, | ||
| md: Option<crate::md::MdRef>, | ||
| mtype: DaneMatchType, | ||
| ord: u8, |
There was a problem hiding this comment.
Are the ordinal values here supposed to just be raw integers between 0 and 255?
| /// Requires OpenSSL 1.1.0 or newer. | ||
| #[corresponds(SSL_CTX_dane_set_flags)] | ||
| #[cfg(ossl110)] | ||
| pub fn set_no_dane_ee_namechecks(&mut self) { |
There was a problem hiding this comment.
We should just provide dane_set_flags etc methods rather than separate ones per flag.
| /// Requires OpenSSL 1.1.0 or newer. | ||
| #[corresponds(SSL_add1_host)] | ||
| #[cfg(ossl110)] | ||
| pub fn add1_host(&mut self, hostname: &str) -> Result<(), ErrorStack> { |
There was a problem hiding this comment.
The 1 shouldn't be in the Rust method name - it indicates the lack of ownership transfer in the C API which isn't relevant for a Rust caller.
| )) | ||
| }?; | ||
|
|
||
| Ok(usable > 0) |
There was a problem hiding this comment.
Is an error stack not returned in the 0 case? I think this might be better off just returning Result<(), ErrorStack>.
The docs at https://www.openssl.org/docs/man1.1.1/man3/SSL_dane_clear_flags.html indicate that DANE functionality has been available since version 1.1.0
I'd like to try implementing DANE support in my tokio based program; making the functions available in the sys crate seems like the first logical step.
The docs at https://www.openssl.org/docs/man1.1.1/man3/SSL_dane_clear_flags.html indicate that DANE functionality has been available since version 1.1.0, so I've gated these to that version AFAICT.