Files

aho_corasick

packed

teddy

compile.rsmod.rsruntime.rs

api.rsmod.rspattern.rsrabinkarp.rsvector.rs

ahocorasick.rsautomaton.rsbuffer.rsbyte_frequencies.rsclasses.rsdfa.rserror.rslib.rsnfa.rsprefilter.rsstate_id.rs

atty

lib.rs

beef

generic.rslean.rslib.rstraits.rswide.rs

bitflags

lib.rs

bstr

byteset

mod.rsscalar.rs

search

byte_frequencies.rsmod.rsprefilter.rstwoway.rs

unicode

fsm

grapheme_break_fwd.rsgrapheme_break_rev.rsmod.rsregional_indicator_rev.rssentence_break_fwd.rssimple_word_fwd.rswhitespace_anchored_fwd.rswhitespace_anchored_rev.rsword_break_fwd.rs

grapheme.rsmod.rssentence.rswhitespace.rsword.rs

ascii.rsbstr.rsbstring.rscow.rsext_slice.rsext_vec.rsimpls.rsio.rslib.rsutf8.rs

byteorder

io.rslib.rs

cfg_if

lib.rs

clap

build

app

debug_asserts.rsmod.rssettings.rs

arg

mod.rssettings.rsvalue_hint.rs

arg_group.rsmacros.rsmod.rsusage_parser.rs

output

fmt.rshelp.rsmod.rsusage.rs

parse

features

mod.rssuggestions.rs

matches

arg_matches.rsmatched_arg.rsmod.rs

arg_matcher.rserrors.rsmod.rsparser.rsvalidator.rs

util

argstr.rsfnv.rsgraph.rsid.rsmod.rs

derive.rslib.rsmacros.rsmkeymap.rs

clap_derive

derives

arg_enum.rsclap.rsfrom_arg_matches.rsinto_app.rsmod.rssubcommand.rs

utils

doc_comments.rsmod.rsspanned.rsty.rs

attrs.rsdummies.rslib.rsparse.rs

codespan

file.rsindex.rslib.rslocation.rsspan.rs

codespan_reporting

term

config.rsrenderer.rsviews.rs

diagnostic.rsfiles.rslib.rsterm.rs

crc_any

constants

crc_u16.rscrc_u32.rscrc_u64.rscrc_u8.rsmod.rs

crc_u16.rscrc_u32.rscrc_u64.rscrc_u8.rslib.rs

crypto_hash

imp

openssl.rs

lib.rs

csv

byte_record.rscookbook.rsdeserializer.rserror.rslib.rsreader.rsserializer.rsstring_record.rstutorial.rswriter.rs

csv_core

lib.rsreader.rswriter.rs

debug_helper

lib.rs

filepath

lib.rs

fixed

types

extra.rsmod.rs

arith.rscmp.rsconsts.rsconvert.rsdisplay.rsfloat_helper.rsfrom_str.rshelpers.rsint_helper.rslib.rslog10.rsmacros.rsmacros_const.rsmacros_frac.rsmacros_from_to.rsmacros_no_frac.rsmacros_round.rstraits.rsunwrapped.rswide_div.rswrapping.rs

fixed_macro

lib.rs

fixed_macro_impl

dispatch.rslib.rs

fixed_macro_types

lib.rs

fnv

lib.rs

foreign_types

lib.rs

foreign_types_shared

lib.rs

getrandom

error.rserror_impls.rslib.rslinux_android.rsuse_file.rsutil.rsutil_libc.rs

glob

lib.rs

hashbrown

external_trait_impls

mod.rs

raw

bitmask.rsmod.rssse2.rs

lib.rsmacros.rsmap.rsscopeguard.rsset.rs

heck

camel.rskebab.rslib.rsmixed.rsshouty_kebab.rsshouty_snake.rssnake.rstitle.rs

hex

lib.rs

indexmap

map

core

raw.rs

core.rs

equivalent.rslib.rsmacros.rsmap.rsmutable_keys.rsset.rsutil.rs

itoa

lib.rs

lazy_static

inline_lazy.rslib.rs

libc

unix

linux_like

linux

gnu

b64

x86_64

align.rsmod.rsnot_x32.rs

mod.rs

align.rsmod.rs

align.rsmod.rs

mod.rs

align.rsmod.rs

fixed_width_ints.rslib.rsmacros.rs

linked_hash_map

lib.rs

linked_hash_set

lib.rs

logos

internal.rslexer.rslib.rssource.rs

logos_derive

generator

context.rsfork.rsleaf.rsmod.rsrope.rstables.rs

graph

fork.rsimpls.rsmeta.rsmod.rsrange.rsregex.rsrope.rs

parser

definition.rsmod.rsnested.rssubpattern.rstype_params.rs

error.rsleaf.rslib.rsmir.rsutil.rs

lrl_test_compiler

config_binary

mod.rssections.rs

environment

calibration.rsconfig.rsdrivers.rsmod.rs

mission_control

mod.rs

result

diagnostic.rsmod.rsstringable.rs

test_assembly

disassembly.rsmod.rs

test_binary

instructions.rsmod.rssegments.rs

test_descriptor

ast.rsconcrete_test.rsmod.rs

timeline

mod.rsrelays.rssensors.rs

bits.rslib.rstest_builder.rs

maplit

lib.rs

memchr

x86

avx.rsmod.rssse2.rs

fallback.rsiter.rslib.rsnaive.rs

memoffset

lib.rsoffset_of.rsraw_field.rsspan_of.rs

once_cell

imp_std.rslib.rsrace.rs

openssl

ssl

bio.rscallbacks.rsconnector.rserror.rsmod.rs

x509

extension.rsmod.rsstore.rsverify.rs

aes.rsasn1.rsbase64.rsbio.rsbn.rscms.rsconf.rsderive.rsdh.rsdsa.rsec.rsecdsa.rsencrypt.rsenvelope.rserror.rsex_data.rsfips.rshash.rslib.rsmacros.rsmemcmp.rsnid.rsocsp.rspkcs12.rspkcs5.rspkcs7.rspkey.rsrand.rsrsa.rssha.rssign.rssrtp.rsstack.rsstring.rssymm.rsutil.rsversion.rs

openssl_sys

aes.rsasn1.rsbio.rsbn.rscms.rsconf.rscrypto.rsdh.rsdsa.rsdtls1.rsec.rserr.rsevp.rshmac.rslib.rsmacros.rsobj_mac.rsobject.rsocsp.rsossl_typ.rspem.rspkcs12.rspkcs7.rsrand.rsrsa.rssafestack.rssha.rssrtp.rsssl.rsssl3.rsstack.rstls1.rsx509.rsx509_vfy.rsx509v3.rs

os_str_bytes

common

mod.rsraw.rs

lib.rsraw.rs

paste

attr.rserror.rslib.rssegment.rs

pest

iterators

flat_pairs.rsmod.rspair.rspairs.rsqueueable_token.rstokens.rs

unicode

binary.rscategory.rsmod.rs

error.rslib.rsmacros.rsparser.rsparser_state.rsposition.rsprec_climber.rsspan.rsstack.rstoken.rs

pest_derive

lib.rs

pest_generator

generator.rslib.rsmacros.rs

pest_meta

optimizer

concatenator.rsfactorizer.rsmod.rsrestorer.rsrotater.rsskipper.rsunroller.rs

ast.rsgrammar.rslib.rsparser.rsvalidator.rs

phf

lib.rsmap.rsordered_map.rsordered_set.rsset.rs

phf_generator

lib.rs

phf_macros

lib.rs

phf_shared

lib.rs

ppv_lite86

x86_64

mod.rssse2.rs

lib.rssoft.rstypes.rs

proc_macro2

detection.rsfallback.rslib.rsmarker.rsparse.rswrapper.rs

proc_macro_error

imp

fallback.rs

diagnostic.rsdummy.rslib.rsmacros.rssealed.rs

proc_macro_error_attr

lib.rsparse.rssettings.rs

proc_macro_hack

error.rsiter.rslib.rsparse.rsquote.rs

quote

ext.rsformat.rsident_fragment.rslib.rsruntime.rsspanned.rsto_tokens.rs

rand

distributions

bernoulli.rsfloat.rsinteger.rsmod.rsother.rsuniform.rsutils.rsweighted.rsweighted_index.rs

rngs

adapter

mod.rsread.rsreseeding.rs

mock.rsmod.rssmall.rsstd.rsthread.rsxoshiro256plusplus.rs

seq

index.rsmod.rs

lib.rsprelude.rsrng.rs

rand_chacha

chacha.rsguts.rslib.rs

rand_core

block.rserror.rsimpls.rsle.rslib.rsos.rs

regex

literal

imp.rsmod.rs

backtrack.rscompile.rsdfa.rserror.rsexec.rsexpand.rsfind_byte.rsfreqs.rsinput.rslib.rspikevm.rspool.rsprog.rsre_builder.rsre_bytes.rsre_set.rsre_trait.rsre_unicode.rssparse.rsutf8.rs

regex_automata

classes.rsdense.rsdfa.rslib.rsregex.rssparse.rsstate_id.rs

regex_syntax

ast

mod.rsparse.rsprint.rsvisitor.rs

hir

literal

mod.rs

interval.rsmod.rsprint.rstranslate.rsvisitor.rs

unicode_tables

age.rscase_folding_simple.rsgeneral_category.rsgrapheme_cluster_break.rsmod.rsperl_word.rsproperty_bool.rsproperty_names.rsproperty_values.rsscript.rsscript_extension.rssentence_break.rsword_break.rs

either.rserror.rslib.rsparser.rsunicode.rsutf8.rs

remove_dir_all

lib.rs

ring

aead

gcm

gcm_nohw.rs

aes.rsaes_gcm.rsblock.rschacha.rschacha20_poly1305.rschacha20_poly1305_openssh.rscounter.rsgcm.rsiv.rsnonce.rspoly1305.rsquic.rsshift.rs

arithmetic

bigint.rsconstant.rsmontgomery.rs

digest

sha1.rssha2.rs

ec

curve25519

ed25519

signing.rsverification.rs

ed25519.rsops.rsscalar.rsx25519.rs

suite_b

ecdsa

digest_scalar.rssigning.rsverification.rs

ops

elem.rsp256.rsp384.rs

curve.rsecdh.rsecdsa.rsops.rsprivate_key.rspublic_key.rs

curve25519.rskeys.rssuite_b.rs

io

der.rsder_writer.rspositive.rswriter.rs

rsa

padding.rssigning.rsverification.rs

aead.rsagreement.rsarithmetic.rsbits.rsbssl.rsc.rsconstant_time.rscpu.rsdebug.rsdigest.rsec.rsendian.rserror.rshkdf.rshmac.rsio.rslib.rslimb.rspbkdf2.rspkcs8.rspolyfill.rsrand.rsrsa.rssignature.rstest.rs

rowan

green

builder.rselement.rsnode.rstoken.rs

api.rscow_mut.rscursor.rsgreen.rslib.rssyntax_text.rsutility_types.rs

rustc_hash

lib.rs

ryu

buffer

mod.rs

pretty

exponent.rsmantissa.rsmod.rs

common.rsd2s.rsd2s_full_table.rsd2s_intrinsics.rsdigit_table.rsf2s.rsf2s_intrinsics.rslib.rs

semver

lib.rsversion.rsversion_req.rs

semver_parser

generated.rslexer.rslib.rsparser.rsrange.rsrange_set.rsversion.rs

serde

de

ignored_any.rsimpls.rsmod.rsseed.rsutf8.rsvalue.rs

private

de.rsdoc.rsmod.rsser.rssize_hint.rs

ser

fmt.rsimpls.rsimpossible.rsmod.rs

integer128.rslib.rsmacros.rs

serde_derive

internals

ast.rsattr.rscase.rscheck.rsctxt.rsmod.rsreceiver.rsrespan.rssymbol.rs

bound.rsde.rsdummy.rsfragment.rslib.rspretend.rsser.rstry.rs

serde_json

features_check

mod.rs

io

mod.rs

value

de.rsfrom.rsindex.rsmod.rspartial_eq.rsser.rs

de.rserror.rsiter.rslib.rsmacros.rsmap.rsnumber.rsread.rsser.rs

siphasher

lib.rssip.rssip128.rs

smallvec

lib.rs

smawk

lib.rsmonge.rs

smol_str

lib.rs

spin

lib.rsmutex.rsonce.rsrw_lock.rs

stable_deref_trait

lib.rs

strsim

lib.rs

syn

gen

clone.rsdebug.rseq.rsgen_helper.rshash.rsvisit.rs

attr.rsawait.rsbigint.rsbuffer.rscustom_keyword.rscustom_punctuation.rsdata.rsderive.rsdiscouraged.rserror.rsexport.rsexpr.rsext.rsfile.rsgenerics.rsgroup.rsident.rsitem.rslib.rslifetime.rslit.rslookahead.rsmac.rsmacros.rsop.rsparse.rsparse_macro_input.rsparse_quote.rspat.rspath.rsprint.rspunctuated.rsreserved.rssealed.rsspan.rsspanned.rsstmt.rsthread.rstoken.rstt.rsty.rsverbatim.rswhitespace.rs

taplo

dom

macros.rsmod.rs

formatter

macros.rsmod.rs

parser

macros.rsmod.rs

util

coords.rsescape.rsmod.rssyntax.rs

analytics.rslib.rssyntax.rsvalue.rs

tempfile

file

imp

mod.rsunix.rs

mod.rs

dir.rserror.rslib.rsspooled.rsutil.rs

termcolor

lib.rs

text_size

lib.rsrange.rssize.rstraits.rs

textwrap

wrap_algorithms

optimal_fit.rs

core.rsindentation.rslib.rsword_separators.rsword_splitters.rswrap_algorithms.rs

toml

datetime.rsde.rslib.rsmacros.rsmap.rsser.rsspanned.rstokens.rsvalue.rs

triomphe

arc.rsarc_borrow.rsarc_union.rsheader.rslib.rsoffset_arc.rsthin_arc.rsunique_arc.rs

typenum

array.rsbit.rsint.rslib.rsmarker_traits.rsoperator_aliases.rsprivate.rstype_operators.rsuint.rs

ucd_trie

lib.rsowned.rs

unicode_linebreak

lib.rsshared.rs

unicode_segmentation

grapheme.rslib.rssentence.rstables.rsword.rs

unicode_width

lib.rstables.rs

unicode_xid

lib.rstables.rs

untrusted

untrusted.rs

utf8_ranges

char_utf8.rslib.rs

vec_map

lib.rs

>

//! Describe a context in which to verify an `X509` certificate.
//!
//! The `X509` certificate store holds trusted CA certificates used to verify
//! peer certificates.
//!
//! # Example
//!
//! ```rust
//! use openssl::x509::store::{X509StoreBuilder, X509Store};
//! use openssl::x509::{X509, X509Name};
//! use openssl::pkey::PKey;
//! use openssl::hash::MessageDigest;
//! use openssl::rsa::Rsa;
//! use openssl::nid::Nid;
//!
//! let rsa = Rsa::generate(2048).unwrap();
//! let pkey = PKey::from_rsa(rsa).unwrap();
//!
//! let mut name = X509Name::builder().unwrap();
//! name.append_entry_by_nid(Nid::COMMONNAME, "foobar.com").unwrap();
//! let name = name.build();
//!
//! let mut builder = X509::builder().unwrap();
//! builder.set_version(2).unwrap();
//! builder.set_subject_name(&name).unwrap();
//! builder.set_issuer_name(&name).unwrap();
//! builder.set_pubkey(&pkey).unwrap();
//! builder.sign(&pkey, MessageDigest::sha256()).unwrap();
//!
//! let certificate: X509 = builder.build();
//!
//! let mut builder = X509StoreBuilder::new().unwrap();
//! let _ = builder.add_cert(certificate);
//!
//! let store: X509Store = builder.build();
//! ```

use cfg_if::cfg_if;
use foreign_types::ForeignTypeRef;
use std::mem;

use crate::error::ErrorStack;
use crate::stack::StackRef;
use crate::x509::{X509Object, X509};
use crate::{cvt, cvt_p};

foreign_type_and_impl_send_sync! {
    type CType = ffi::X509_STORE;
    fn drop = ffi::X509_STORE_free;

    /// A builder type used to construct an `X509Store`.
    pub struct X509StoreBuilder;
    /// Reference to an `X509StoreBuilder`.
    pub struct X509StoreBuilderRef;
}

impl X509StoreBuilder {
    /// Returns a builder for a certificate store.
    ///
    /// The store is initially empty.
    pub fn new() -> Result<X509StoreBuilder, ErrorStack> {
        unsafe {
            ffi::init();

            cvt_p(ffi::X509_STORE_new()).map(X509StoreBuilder)
        }
    }

    /// Constructs the `X509Store`.
    pub fn build(self) -> X509Store {
        let store = X509Store(self.0);
        mem::forget(self);
        store
    }
}

impl X509StoreBuilderRef {
    /// Adds a certificate to the certificate store.
    // FIXME should take an &X509Ref
    pub fn add_cert(&mut self, cert: X509) -> Result<(), ErrorStack> {
        unsafe { cvt(ffi::X509_STORE_add_cert(self.as_ptr(), cert.as_ptr())).map(|_| ()) }
    }

    /// Load certificates from their default locations.
    ///
    /// These locations are read from the `SSL_CERT_FILE` and `SSL_CERT_DIR`
    /// environment variables if present, or defaults specified at OpenSSL
    /// build time otherwise.
    pub fn set_default_paths(&mut self) -> Result<(), ErrorStack> {
        unsafe { cvt(ffi::X509_STORE_set_default_paths(self.as_ptr())).map(|_| ()) }
    }

    /// Adds a lookup method to the store.
    ///
    /// This corresponds to [`X509_STORE_add_lookup`].
    ///
    /// [`X509_STORE_add_lookup`]: https://www.openssl.org/docs/man1.1.1/man3/X509_STORE_add_lookup.html
    pub fn add_lookup<T>(
        &mut self,
        method: &'static X509LookupMethodRef<T>,
    ) -> Result<&mut X509LookupRef<T>, ErrorStack> {
        let lookup = unsafe { ffi::X509_STORE_add_lookup(self.as_ptr(), method.as_ptr()) };
        cvt_p(lookup).map(|ptr| unsafe { X509LookupRef::from_ptr_mut(ptr) })
    }
}

generic_foreign_type_and_impl_send_sync! {
    type CType = ffi::X509_LOOKUP;
    fn drop = ffi::X509_LOOKUP_free;

    /// Information used by an `X509Store` to look up certificates and CRLs.
    pub struct X509Lookup<T>;
    /// Reference to an `X509Lookup`.
    pub struct X509LookupRef<T>;
}

/// Marker type corresponding to the [`X509_LOOKUP_hash_dir`] lookup method.
///
/// [`X509_LOOKUP_hash_dir`]: https://www.openssl.org/docs/man1.1.0/crypto/X509_LOOKUP_hash_dir.html
pub struct HashDir;

impl X509Lookup<HashDir> {
    /// Lookup method that loads certificates and CRLs on demand and caches
    /// them in memory once they are loaded. It also checks for newer CRLs upon
    /// each lookup, so that newer CRLs are used as soon as they appear in the
    /// directory.
    ///
    /// This corresponds to [`X509_LOOKUP_hash_dir`].
    ///
    /// [`X509_LOOKUP_hash_dir`]: https://www.openssl.org/docs/man1.1.0/crypto/X509_LOOKUP_hash_dir.html
    pub fn hash_dir() -> &'static X509LookupMethodRef<HashDir> {
        unsafe { X509LookupMethodRef::from_ptr(ffi::X509_LOOKUP_hash_dir()) }
    }
}

impl X509LookupRef<HashDir> {
    /// Specifies a directory from which certificates and CRLs will be loaded
    /// on-demand. Must be used with `X509Lookup::hash_dir`.
    ///
    /// This corresponds to [`X509_LOOKUP_add_dir`].
    ///
    /// [`X509_LOOKUP_add_dir`]: https://www.openssl.org/docs/man1.1.1/man3/X509_LOOKUP_add_dir.html
    pub fn add_dir(
        &mut self,
        name: &str,
        file_type: crate::ssl::SslFiletype,
    ) -> Result<(), ErrorStack> {
        let name = std::ffi::CString::new(name).unwrap();
        unsafe {
            cvt(ffi::X509_LOOKUP_add_dir(
                self.as_ptr(),
                name.as_ptr(),
                file_type.as_raw(),
            ))
            .map(|_| ())
        }
    }
}

generic_foreign_type_and_impl_send_sync! {
    type CType = ffi::X509_LOOKUP_METHOD;
    fn drop = |_method| {
        #[cfg(ossl110)]
        ffi::X509_LOOKUP_meth_free(_method);
    };

    /// Method used to look up certificates and CRLs.
    pub struct X509LookupMethod<T>;
    /// Reference to an `X509LookupMethod`.
    pub struct X509LookupMethodRef<T>;
}

foreign_type_and_impl_send_sync! {
    type CType = ffi::X509_STORE;
    fn drop = ffi::X509_STORE_free;

    /// A certificate store to hold trusted `X509` certificates.
    pub struct X509Store;
    /// Reference to an `X509Store`.
    pub struct X509StoreRef;
}

impl X509StoreRef {
    /// Get a reference to the cache of certificates in this store.
    pub fn objects(&self) -> &StackRef<X509Object> {
        unsafe { StackRef::from_ptr(X509_STORE_get0_objects(self.as_ptr())) }
    }
}

cfg_if! {
    if #[cfg(any(ossl110, libressl270))] {
        use ffi::X509_STORE_get0_objects;
    } else {
        #[allow(bad_style)]
        unsafe fn X509_STORE_get0_objects(x: *mut ffi::X509_STORE) -> *mut ffi::stack_st_X509_OBJECT {
            (*x).objs
        }
    }
}