yume/juniper
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
juniper/openssl_verify/index.html
Juniper Documentation Builder 95d942c9d4 Update documentation for Juniper
2016-09-11 18:41:24 +00:00

164 lines
No EOL
8 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="generator" content="rustdoc">
<meta name="description" content="API documentation for the Rust `openssl_verify` crate.">
<meta name="keywords" content="rust, rustlang, rust-lang, openssl_verify">
<title>openssl_verify - Rust</title>
<link rel="stylesheet" type="text/css" href="../rustdoc.css">
<link rel="stylesheet" type="text/css" href="../main.css">
</head>
<body class="rustdoc">
<!--[if lte IE 8]>
<div class="warning">
This old browser is unsupported and will most likely display funky
things.
</div>
<![endif]-->
<nav class="sidebar">
<p class='location'></p><script>window.sidebarCurrent = {name: 'openssl_verify', ty: 'mod', relpath: '../'};</script>
</nav>
<nav class="sub">
<form class="search-form js-only">
<div class="search-container">
<input class="search-input" name="search"
autocomplete="off"
placeholder="Click or press S to search, ? for more options…"
type="search">
</div>
</form>
</nav>
<section id='main' class="content mod">
<h1 class='fqn'><span class='in-band'>Crate <a class='mod' href=''>openssl_verify</a></span><span class='out-of-band'><span id='render-detail'>
<a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">
[<span class='inner'>&#x2212;</span>]
</a>
</span><a id='src-0' class='srclink' href='../src/openssl_verify/lib.rs.html#1-482' title='goto source code'>[src]</a></span></h1>
<div class='docblock'><p>Hostname verification for OpenSSL.</p>
<p>OpenSSL up until version 1.1.0 did not support verification that the
certificate a server presents matches the domain a client is connecting to.
This check is crucial, as an attacker otherwise needs only to obtain a
legitimately signed certificate to <em>some</em> domain to execute a
man-in-the-middle attack.</p>
<p>The implementation in this crate is based off of libcurl&#39;s.</p>
<h1 id='examples' class='section-header'><a href='#examples'>Examples</a></h1>
<p>In most cases, the <code>verify_callback</code> function should be used in OpenSSL&#39;s
verification callback:</p>
<pre class='rust rust-example-rendered'>
<span class='kw'>extern</span> <span class='kw'>crate</span> <span class='ident'>openssl</span>;
<span class='kw'>extern</span> <span class='kw'>crate</span> <span class='ident'>openssl_verify</span>;
<span class='kw'>use</span> <span class='ident'>std</span>::<span class='ident'>net</span>::<span class='ident'>TcpStream</span>;
<span class='kw'>use</span> <span class='ident'>openssl</span>::<span class='ident'>ssl</span>::{<span class='ident'>SslContext</span>, <span class='ident'>SslMethod</span>, <span class='ident'>SslStream</span>, <span class='ident'>SSL_VERIFY_PEER</span>, <span class='ident'>IntoSsl</span>};
<span class='kw'>use</span> <span class='ident'>openssl_verify</span>::<span class='ident'>verify_callback</span>;
<span class='kw'>let</span> <span class='ident'>domain</span> <span class='op'>=</span> <span class='string'>&quot;google.com&quot;</span>;
<span class='kw'>let</span> <span class='ident'>stream</span> <span class='op'>=</span> <span class='ident'>TcpStream</span>::<span class='ident'>connect</span>((<span class='ident'>domain</span>, <span class='number'>443</span>)).<span class='ident'>unwrap</span>();
<span class='kw'>let</span> <span class='kw-2'>mut</span> <span class='ident'>ctx</span> <span class='op'>=</span> <span class='ident'>SslContext</span>::<span class='ident'>new</span>(<span class='ident'>SslMethod</span>::<span class='ident'>Sslv23</span>).<span class='ident'>unwrap</span>();
<span class='ident'>ctx</span>.<span class='ident'>set_default_verify_paths</span>().<span class='ident'>unwrap</span>();
<span class='kw'>let</span> <span class='kw-2'>mut</span> <span class='ident'>ssl</span> <span class='op'>=</span> <span class='ident'>ctx</span>.<span class='ident'>into_ssl</span>().<span class='ident'>unwrap</span>();
<span class='kw'>let</span> <span class='ident'>domain</span> <span class='op'>=</span> <span class='ident'>domain</span>.<span class='ident'>to_owned</span>();
<span class='ident'>ssl</span>.<span class='ident'>set_verify_callback</span>(<span class='ident'>SSL_VERIFY_PEER</span>, <span class='kw'>move</span> <span class='op'>|</span><span class='ident'>p</span>, <span class='ident'>x</span><span class='op'>|</span> <span class='ident'>verify_callback</span>(<span class='kw-2'>&amp;</span><span class='ident'>domain</span>, <span class='ident'>p</span>, <span class='ident'>x</span>));
<span class='kw'>let</span> <span class='ident'>ssl_stream</span> <span class='op'>=</span> <span class='ident'>SslStream</span>::<span class='ident'>connect</span>(<span class='ident'>ssl</span>, <span class='ident'>stream</span>).<span class='ident'>unwrap</span>();</pre>
</div><h2 id='functions' class='section-header'><a href="#functions">Functions</a></h2>
<table>
<tr class=' module-item'>
<td><a class='fn' href='fn.verify_callback.html'
title='openssl_verify::verify_callback'>verify_callback</a></td>
<td class='docblock short'>
<p>A convenience wrapper around verify_hostname that implements the logic for
OpenSSL&#39;s certificate verification callback.</p>
</td>
</tr>
<tr class=' module-item'>
<td><a class='fn' href='fn.verify_hostname.html'
title='openssl_verify::verify_hostname'>verify_hostname</a></td>
<td class='docblock short'>
<p>Validates that the certificate matches the provided fully qualified domain
name.</p>
</td>
</tr></table></section>
<section id='search' class="content hidden"></section>
<section class="footer"></section>
<aside id="help" class="hidden">
<div>
<h1 class="hidden">Help</h1>
<div class="shortcuts">
<h2>Keyboard Shortcuts</h2>
<dl>
<dt>?</dt>
<dd>Show this help dialog</dd>
<dt>S</dt>
<dd>Focus the search field</dd>
<dt>&larrb;</dt>
<dd>Move up in search results</dd>
<dt>&rarrb;</dt>
<dd>Move down in search results</dd>
<dt>&#9166;</dt>
<dd>Go to active search result</dd>
<dt>+</dt>
<dd>Collapse/expand all sections</dd>
</dl>
</div>
<div class="infos">
<h2>Search Tricks</h2>
<p>
Prefix searches with a type followed by a colon (e.g.
<code>fn:</code>) to restrict the search to a given type.
</p>
<p>
Accepted types are: <code>fn</code>, <code>mod</code>,
<code>struct</code>, <code>enum</code>,
<code>trait</code>, <code>type</code>, <code>macro</code>,
and <code>const</code>.
</p>
<p>
Search functions by type signature (e.g.
<code>vec -> usize</code> or <code>* -> vec</code>)
</p>
</div>
</div>
</aside>
<script>
window.rootPath = "../";
window.currentCrate = "openssl_verify";
window.playgroundUrl = "";
</script>
<script src="../jquery.js"></script>
<script src="../main.js"></script>
<script defer src="../search-index.js"></script>
</body>
</html>
Reference in a new issue View git blame Copy permalink