Update to openssl 0.9

Author: sfackler

Cargo.toml

@@ -24,7 +24,7 @@ path = "tests/test.rs"
 with-bit-vec = ["bit-vec"]
 with-chrono = ["chrono"]
 with-eui48 = ["eui48"]
-with-openssl = ["openssl", "openssl-verify"]
+with-openssl = ["openssl"]
 with-rustc-serialize = ["rustc-serialize"]
 with-security-framework = ["security-framework"]
 with-serde_json = ["serde_json"]
@@ -41,8 +41,7 @@ postgres-protocol = "0.1"
 bit-vec = { version = "0.4", optional = true }
 chrono = { version = "0.2.14", optional = true }
 eui48 = { version = "0.1", optional = true }
-openssl-verify = { version = "0.2", optional = true }
-openssl = { version = "0.8", optional = true }
+openssl = { version = "0.9", optional = true }
 rustc-serialize = { version = "0.3", optional = true }
 security-framework = { version = "0.1.2", optional = true }
 serde_json = { version = ">= 0.6, < 0.9", optional = true }

src/tls/openssl.rs

@@ -1,13 +1,11 @@
 //! OpenSSL support.
 extern crate openssl;
-extern crate openssl_verify;
 
 use std::error::Error;
+use std::fmt;
 
 use self::openssl::error::ErrorStack;
-use self::openssl::ssl::{IntoSsl, SslContext, SslStream, SslMethod, SSL_VERIFY_PEER,
-                         SSL_OP_NO_SSLV2, SSL_OP_NO_SSLV3, SSL_OP_NO_COMPRESSION};
-use self::openssl_verify::verify_callback;
+use self::openssl::ssl::{SslMethod, SslConnector, SslConnectorBuilder, SslStream};
 use tls::{TlsStream, Stream, TlsHandshake};
 
 impl TlsStream for SslStream<Stream> {
@@ -23,35 +21,35 @@ impl TlsStream for SslStream<Stream> {
 /// A `TlsHandshake` implementation that uses OpenSSL.
 ///
 /// Requires the `with-openssl` feature.
-#[derive(Debug)]
-pub struct OpenSsl(SslContext);
+pub struct OpenSsl(SslConnector);
+
+impl fmt::Debug for OpenSsl {
+    fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result {
+        fmt.debug_struct("OpenSsl").finish()
+    }
+}
 
 impl OpenSsl {
-    /// Creates a `OpenSsl` with a reasonable default configuration.
-    ///
-    /// The configuration is modeled after libcurl's and is subject to change.
+    /// Creates a `OpenSsl` with `SslConnector`'s default configuration.
     pub fn new() -> Result<OpenSsl, ErrorStack> {
-        let mut ctx = try!(SslContext::new(SslMethod::Sslv23));
-        try!(ctx.set_default_verify_paths());
-        ctx.set_options(SSL_OP_NO_SSLV2 | SSL_OP_NO_SSLV3 | SSL_OP_NO_COMPRESSION);
-        try!(ctx.set_cipher_list("ALL!EXPORT!EXPORT40!EXPORT56!aNULL!LOW!RC4@STRENGTH"));
-        Ok(ctx.into())
+        let connector = try!(SslConnectorBuilder::new(SslMethod::tls())).build();
+        Ok(OpenSsl(connector))
     }
 
-    /// Returns a reference to the associated `SslContext`.
-    pub fn context(&self) -> &SslContext {
+    /// Returns a reference to the inner `SslConnector`.
+    pub fn connector(&self) -> &SslConnector {
         &self.0
     }
 
-    /// Returns a mutable reference to the associated `SslContext`.
-    pub fn context_mut(&mut self) -> &mut SslContext {
+    /// Returns a mutable reference to the inner `SslConnector`.
+    pub fn connector_mut(&mut self) -> &mut SslConnector {
         &mut self.0
     }
 }
 
-impl From<SslContext> for OpenSsl {
-    fn from(ctx: SslContext) -> OpenSsl {
-        OpenSsl(ctx)
+impl From<SslConnector> for OpenSsl {
+    fn from(connector: SslConnector) -> OpenSsl {
+        OpenSsl(connector)
     }
 }
 
@@ -60,10 +58,7 @@ impl TlsHandshake for OpenSsl {
                      domain: &str,
                      stream: Stream)
                      -> Result<Box<TlsStream>, Box<Error + Send + Sync>> {
-        let domain = domain.to_owned();
-        let mut ssl = try!(self.0.into_ssl());
-        ssl.set_verify_callback(SSL_VERIFY_PEER, move |p, x| verify_callback(&domain, p, x));
-        let stream = try!(SslStream::connect(ssl, stream));
+        let stream = try!(self.0.connect(domain, stream));
         Ok(Box::new(stream))
     }
 }

tests/test.rs

@@ -664,10 +664,12 @@ fn test_cancel_query() {
 #[test]
 #[cfg(feature = "with-openssl")]
 fn test_require_ssl_conn() {
+    use openssl::ssl::{SslMethod, SslConnectorBuilder};
     use postgres::tls::openssl::OpenSsl;
 
-    let mut negotiator = OpenSsl::new().unwrap();
-    negotiator.context_mut().set_CA_file(".travis/server.crt").unwrap();
+    let mut builder = SslConnectorBuilder::new(SslMethod::tls()).unwrap();
+    builder.builder_mut().set_ca_file(".travis/server.crt").unwrap();
+    let negotiator = OpenSsl::from(builder.build());
     let conn = or_panic!(Connection::connect("postgres://postgres@localhost",
                                              TlsMode::Require(&negotiator)));
     or_panic!(conn.execute("SELECT 1::VARCHAR", &[]));
@@ -676,10 +678,12 @@ fn test_require_ssl_conn() {
 #[test]
 #[cfg(feature = "with-openssl")]
 fn test_prefer_ssl_conn() {
+    use openssl::ssl::{SslMethod, SslConnectorBuilder};
     use postgres::tls::openssl::OpenSsl;
 
-    let mut negotiator = OpenSsl::new().unwrap();
-    negotiator.context_mut().set_CA_file(".travis/server.crt").unwrap();
+    let mut builder = SslConnectorBuilder::new(SslMethod::tls()).unwrap();
+    builder.builder_mut().set_ca_file(".travis/server.crt").unwrap();
+    let negotiator = OpenSsl::from(builder.build());
     let conn = or_panic!(Connection::connect("postgres://postgres@localhost",
                                              TlsMode::Require(&negotiator)));
     or_panic!(conn.execute("SELECT 1::VARCHAR", &[]));