yume/juniper
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
juniper/openssl_verify/index.html

164 lines
8 KiB
HTML
Raw Normal View History

Update documentation for Juniper
2016-09-11 13:41:24 -05:00
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="generator" content="rustdoc">
<meta name="description" content="API documentation for the Rust `openssl_verify` crate.">
<meta name="keywords" content="rust, rustlang, rust-lang, openssl_verify">
<title>openssl_verify - Rust</title>
<link rel="stylesheet" type="text/css" href="../rustdoc.css">
<link rel="stylesheet" type="text/css" href="../main.css">
</head>
<body class="rustdoc">
<!--[if lte IE 8]>
<div class="warning">
This old browser is unsupported and will most likely display funky
things.
</div>
<![endif]-->
<nav class="sidebar">
<p class='location'></p><script>window.sidebarCurrent = {name: 'openssl_verify', ty: 'mod', relpath: '../'};</script>
</nav>
<nav class="sub">
<form class="search-form js-only">
<div class="search-container">
<input class="search-input" name="search"
autocomplete="off"
placeholder="Click or press S to search, ? for more options…"
type="search">
</div>
</form>
</nav>
<section id='main' class="content mod">
<h1 class='fqn'><span class='in-band'>Crate <a class='mod' href=''>openssl_verify</a></span><span class='out-of-band'><span id='render-detail'>
<a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">
[<span class='inner'>&#x2212;</span>]
</a>
</span><a id='src-0' class='srclink' href='../src/openssl_verify/lib.rs.html#1-482' title='goto source code'>[src]</a></span></h1>
<div class='docblock'><p>Hostname verification for OpenSSL.</p>
<p>OpenSSL up until version 1.1.0 did not support verification that the
certificate a server presents matches the domain a client is connecting to.
This check is crucial, as an attacker otherwise needs only to obtain a
legitimately signed certificate to <em>some</em> domain to execute a
man-in-the-middle attack.</p>
<p>The implementation in this crate is based off of libcurl&#39;s.</p>
<h1 id='examples' class='section-header'><a href='#examples'>Examples</a></h1>
<p>In most cases, the <code>verify_callback</code> function should be used in OpenSSL&#39;s
verification callback:</p>
<pre class='rust rust-example-rendered'>
<span class='kw'>extern</span> <span class='kw'>crate</span> <span class='ident'>openssl</span>;
<span class='kw'>extern</span> <span class='kw'>crate</span> <span class='ident'>openssl_verify</span>;
<span class='kw'>use</span> <span class='ident'>std</span>::<span class='ident'>net</span>::<span class='ident'>TcpStream</span>;
<span class='kw'>use</span> <span class='ident'>openssl</span>::<span class='ident'>ssl</span>::{<span class='ident'>SslContext</span>, <span class='ident'>SslMethod</span>, <span class='ident'>SslStream</span>, <span class='ident'>SSL_VERIFY_PEER</span>, <span class='ident'>IntoSsl</span>};
<span class='kw'>use</span> <span class='ident'>openssl_verify</span>::<span class='ident'>verify_callback</span>;
<span class='kw'>let</span> <span class='ident'>domain</span> <span class='op'>=</span> <span class='string'>&quot;google.com&quot;</span>;
<span class='kw'>let</span> <span class='ident'>stream</span> <span class='op'>=</span> <span class='ident'>TcpStream</span>::<span class='ident'>connect</span>((<span class='ident'>domain</span>, <span class='number'>443</span>)).<span class='ident'>unwrap</span>();
<span class='kw'>let</span> <span class='kw-2'>mut</span> <span class='ident'>ctx</span> <span class='op'>=</span> <span class='ident'>SslContext</span>::<span class='ident'>new</span>(<span class='ident'>SslMethod</span>::<span class='ident'>Sslv23</span>).<span class='ident'>unwrap</span>();
<span class='ident'>ctx</span>.<span class='ident'>set_default_verify_paths</span>().<span class='ident'>unwrap</span>();
<span class='kw'>let</span> <span class='kw-2'>mut</span> <span class='ident'>ssl</span> <span class='op'>=</span> <span class='ident'>ctx</span>.<span class='ident'>into_ssl</span>().<span class='ident'>unwrap</span>();
<span class='kw'>let</span> <span class='ident'>domain</span> <span class='op'>=</span> <span class='ident'>domain</span>.<span class='ident'>to_owned</span>();
<span class='ident'>ssl</span>.<span class='ident'>set_verify_callback</span>(<span class='ident'>SSL_VERIFY_PEER</span>, <span class='kw'>move</span> <span class='op'>|</span><span class='ident'>p</span>, <span class='ident'>x</span><span class='op'>|</span> <span class='ident'>verify_callback</span>(<span class='kw-2'>&amp;</span><span class='ident'>domain</span>, <span class='ident'>p</span>, <span class='ident'>x</span>));
<span class='kw'>let</span> <span class='ident'>ssl_stream</span> <span class='op'>=</span> <span class='ident'>SslStream</span>::<span class='ident'>connect</span>(<span class='ident'>ssl</span>, <span class='ident'>stream</span>).<span class='ident'>unwrap</span>();</pre>
</div><h2 id='functions' class='section-header'><a href="#functions">Functions</a></h2>
<table>
<tr class=' module-item'>
<td><a class='fn' href='fn.verify_callback.html'
title='openssl_verify::verify_callback'>verify_callback</a></td>
<td class='docblock short'>
<p>A convenience wrapper around verify_hostname that implements the logic for
OpenSSL&#39;s certificate verification callback.</p>
</td>
</tr>
<tr class=' module-item'>
<td><a class='fn' href='fn.verify_hostname.html'
title='openssl_verify::verify_hostname'>verify_hostname</a></td>
<td class='docblock short'>
<p>Validates that the certificate matches the provided fully qualified domain
name.</p>
</td>
</tr></table></section>
<section id='search' class="content hidden"></section>
<section class="footer"></section>
<aside id="help" class="hidden">
<div>
<h1 class="hidden">Help</h1>
<div class="shortcuts">
<h2>Keyboard Shortcuts</h2>
<dl>
<dt>?</dt>
<dd>Show this help dialog</dd>
<dt>S</dt>
<dd>Focus the search field</dd>
<dt>&larrb;</dt>
<dd>Move up in search results</dd>
<dt>&rarrb;</dt>
<dd>Move down in search results</dd>
<dt>&#9166;</dt>
<dd>Go to active search result</dd>
<dt>+</dt>
<dd>Collapse/expand all sections</dd>
</dl>
</div>
<div class="infos">
<h2>Search Tricks</h2>
<p>
Prefix searches with a type followed by a colon (e.g.
<code>fn:</code>) to restrict the search to a given type.
</p>
<p>
Accepted types are: <code>fn</code>, <code>mod</code>,
<code>struct</code>, <code>enum</code>,
<code>trait</code>, <code>type</code>, <code>macro</code>,
and <code>const</code>.
</p>
<p>
Search functions by type signature (e.g.
<code>vec -> usize</code> or <code>* -> vec</code>)
</p>
</div>
</div>
</aside>
<script>
window.rootPath = "../";
window.currentCrate = "openssl_verify";
window.playgroundUrl = "";
</script>
<script src="../jquery.js"></script>
<script src="../main.js"></script>
<script defer src="../search-index.js"></script>
</body>
</html>
Reference in a new issue Copy permalink