upgrade openssl 0.9 -> 0.10

COREMultichain · Oct 15, 2018 · 90ab38d · 90ab38d
1 parent 26b0467
commit 90ab38d
Show file tree

Hide file tree

Showing 7 changed files with 103 additions and 130 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -37,7 +37,7 @@ version = "1.0.18"
 
 [dependencies.openssl]
 optional = true
-version = "0.9"
+version = "0.10"
 
 [dependencies.native-tls]
 optional = true

diff --git a/examples/ssl-server.rs b/examples/ssl-server.rs
@@ -22,9 +22,9 @@ use std::rc::Rc;
 #[cfg(feature = "ssl")]
 use openssl::pkey::PKey;
 #[cfg(feature = "ssl")]
-use openssl::ssl::{SslAcceptor, SslAcceptorBuilder, SslMethod, SslStream};
+use openssl::ssl::{SslAcceptor, SslMethod, SslStream};
 #[cfg(feature = "ssl")]
-use openssl::x509::{X509, X509Ref};
+use openssl::x509::X509;
 
 #[cfg(feature = "ssl")]
 use ws::util::TcpStream;
@@ -86,15 +86,13 @@ fn main() {
         PKey::private_key_from_pem(data.as_ref()).unwrap()
     };
 
-    let acceptor = Rc::new(
-        SslAcceptorBuilder::mozilla_intermediate(
-            SslMethod::tls(),
-            &pkey,
-            &cert,
-            std::iter::empty::<X509Ref>(),
-        ).unwrap()
-            .build(),
-    );
+    let acceptor = Rc::new({
+        let mut builder = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
+        builder.set_private_key(&pkey).unwrap();
+        builder.set_certificate(&cert).unwrap();
+
+        builder.build()
+    });
 
     ws::Builder::new()
         .with_settings(ws::Settings {

diff --git a/examples/unsafe-ssl-client.rs b/examples/unsafe-ssl-client.rs
@@ -5,7 +5,7 @@ extern crate url;
 extern crate ws;
 
 #[cfg(feature = "ssl")]
-use openssl::ssl::{SslConnectorBuilder, SslMethod, SslStream, SslVerifyMode};
+use openssl::ssl::{SslConnector, SslMethod, SslStream, SslVerifyMode};
 #[cfg(feature = "ssl")]
 use ws::util::TcpStream;
 
@@ -26,19 +26,21 @@ impl ws::Handler for Client {
         sock: TcpStream,
         _: &url::Url,
     ) -> ws::Result<SslStream<TcpStream>> {
-        let mut builder = SslConnectorBuilder::new(SslMethod::tls()).map_err(|e| {
+        let mut builder = SslConnector::builder(SslMethod::tls()).map_err(|e| {
             ws::Error::new(
                 ws::ErrorKind::Internal,
                 format!("Failed to upgrade client to SSL: {}", e),
             )
         })?;
-        builder.builder_mut().set_verify(SslVerifyMode::empty());
+        builder.set_verify(SslVerifyMode::empty());
 
         let connector = builder.build();
         connector
-            .danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication(
-                sock,
-            )
+            .configure()
+            .unwrap()
+            .use_server_name_indication(false)
+            .verify_hostname(false)
+            .connect("", sock)
             .map_err(From::from)
     }
 }
@@ -55,7 +57,7 @@ fn main() {
             println!("Client sent message 'Hello WebSocket'. ")
         }
 
-        Client { out: out }
+        Client { out }
     }) {
         println!("Failed to create WebSocket due to: {:?}", error);
     }

diff --git a/src/connection.rs b/src/connection.rs
@@ -10,10 +10,10 @@ use mio::{Ready, Token};
 use mio_extras::timer::Timeout;
 use url;
 
-#[cfg(feature = "ssl")]
-use openssl::ssl::HandshakeError;
 #[cfg(feature = "nativetls")]
 use native_tls::HandshakeError;
+#[cfg(feature = "ssl")]
+use openssl::ssl::HandshakeError;
 
 use frame::Frame;
 use handler::Handler;
@@ -169,7 +169,7 @@ where
                 HandshakeError::SetupFailure(_) => {
                     Err(Error::new(Kind::SslHandshake(handshake_err), details))
                 }
-                HandshakeError::Failure(mid) | HandshakeError::Interrupted(mid) => {
+                HandshakeError::Failure(mid) | HandshakeError::WouldBlock(mid) => {
                     self.socket = Stream::tls(mid);
                     Ok(())
                 }
@@ -239,7 +239,7 @@ where
                                 HandshakeError::SetupFailure(_) => {
                                     Err(Error::new(Kind::SslHandshake(handshake_err), details))
                                 }
-                                HandshakeError::Failure(mid) | HandshakeError::Interrupted(mid) => {
+                                HandshakeError::Failure(mid) | HandshakeError::WouldBlock(mid) => {
                                     self.socket = Stream::tls(mid);
                                     Ok(())
                                 }

diff --git a/src/handler.rs b/src/handler.rs
@@ -1,8 +1,8 @@
 use log::Level::Error as ErrorLevel;
-#[cfg(feature = "ssl")]
-use openssl::ssl::{SslConnectorBuilder, SslMethod, SslStream};
 #[cfg(feature = "nativetls")]
 use native_tls::{TlsConnector, TlsStream as SslStream};
+#[cfg(feature = "ssl")]
+use openssl::ssl::{SslConnector, SslMethod, SslStream};
 use url;
 
 use frame::Frame;
@@ -295,7 +295,7 @@ pub trait Handler {
             Kind::Protocol,
             format!("Unable to parse domain from {}. Needed for SSL.", url),
         ))?;
-        let connector = SslConnectorBuilder::new(SslMethod::tls())
+        let connector = SslConnector::builder(SslMethod::tls())
             .map_err(|e| {
                 Error::new(
                     Kind::Internal,

diff --git a/src/io.rs b/src/io.rs
@@ -11,8 +11,6 @@ use mio_extras;
 
 use url::Url;
 
-#[cfg(feature = "ssl")]
-use openssl::ssl::Error as SslError;
 #[cfg(feature = "native_tls")]
 use native_tls::Error as SslError;
 
@@ -214,16 +212,18 @@ where
             while let Err(ssl_error) = self.connections[tok.into()].encrypt() {
                 match ssl_error.kind {
                     #[cfg(feature = "ssl")]
-                    Kind::Ssl(SslError::Stream(ref io_error)) => {
-                        if let Some(errno) = io_error.raw_os_error() {
-                            if errno == CONNECTION_REFUSED {
-                                if let Err(reset_error) = self.connections[tok.into()].reset() {
-                                    trace!(
-                                        "Encountered error while trying to reset connection: {:?}",
-                                        reset_error
-                                    );
-                                } else {
-                                    continue;
+                    Kind::Ssl(ref inner_ssl_error) => {
+                        if let Some(io_error) = inner_ssl_error.io_error() {
+                            if let Some(errno) = io_error.raw_os_error() {
+                                if errno == CONNECTION_REFUSED {
+                                    if let Err(reset_error) = self.connections[tok.into()].reset() {
+                                        trace!(
+                                            "Encountered error while trying to reset connection: {:?}",
+                                            reset_error
+                                        );
+                                    } else {
+                                        continue;
+                                    }
                                 }
                             }
                         }

diff --git a/src/stream.rs b/src/stream.rs
@@ -6,11 +6,12 @@ use std::net::SocketAddr;
 
 use bytes::{Buf, BufMut};
 use mio::tcp::TcpStream;
-#[cfg(feature = "ssl")]
-use openssl::ssl::{Error as SslError, HandshakeError, MidHandshakeSslStream, SslStream};
 #[cfg(feature = "nativetls")]
-use native_tls::{HandshakeError, MidHandshakeTlsStream as MidHandshakeSslStream, TlsStream as SslStream};
-
+use native_tls::{
+    HandshakeError, MidHandshakeTlsStream as MidHandshakeSslStream, TlsStream as SslStream,
+};
+#[cfg(feature = "ssl")]
+use openssl::ssl::{ErrorCode as SslErrorCode, HandshakeError, MidHandshakeSslStream, SslStream};
 
 use result::{Error, Kind, Result};
 
@@ -171,27 +172,24 @@ impl io::Read for Stream {
                         }
                         #[cfg(feature = "ssl")]
                         Err(HandshakeError::Failure(mid))
-                        | Err(HandshakeError::Interrupted(mid)) => {
-                            let err = match *mid.error() {
-                                SslError::WantWrite(_) => {
-                                    negotiating = true;
-                                    Err(io::Error::new(
-                                        io::ErrorKind::WouldBlock,
-                                        "SSL wants writing",
-                                    ))
-                                }
-                                SslError::WantRead(_) => Err(io::Error::new(
-                                    io::ErrorKind::WouldBlock,
-                                    "SSL wants reading",
-                                )),
-                                SslError::Stream(ref e) => Err(From::from(e.kind())),
-                                ref err => {
-                                    Err(io::Error::new(io::ErrorKind::Other, format!("{}", err)))
-                                }
+                        | Err(HandshakeError::WouldBlock(mid)) => {
+                            if mid.error().code() == SslErrorCode::WANT_READ {
+                                negotiating = true;
+                            }
+                            let err = if let Some(io_error) = mid.error().io_error() {
+                                Err(io::Error::new(
+                                    io_error.kind(),
+                                    format!("{:?}", io_error.get_ref()),
+                                ))
+                            } else {
+                                Err(io::Error::new(
+                                    io::ErrorKind::Other,
+                                    format!("{}", mid.error()),
+                                ))
                             };
                             *tls_stream = TlsStream::Handshake {
                                 sock: mid,
-                                negotiating: negotiating,
+                                negotiating,
                             };
                             err
                         }
@@ -202,17 +200,11 @@ impl io::Read for Stream {
                                 sock: mid,
                                 negotiating: negotiating,
                             };
-                            Err(io::Error::new(
-                                io::ErrorKind::WouldBlock,
-                                "SSL would block",
-                            ))
+                            Err(io::Error::new(io::ErrorKind::WouldBlock, "SSL would block"))
                         }
                         #[cfg(feature = "nativetls")]
                         Err(HandshakeError::Failure(err)) => {
-                            Err(io::Error::new(
-                                io::ErrorKind::Other,
-                                format!("{}", err),
-                            ))
+                            Err(io::Error::new(io::ErrorKind::Other, format!("{}", err)))
                         }
                     },
                 }
@@ -235,75 +227,56 @@ impl io::Write for Stream {
                     TlsStream::Handshake {
                         sock,
                         mut negotiating,
-                    } => {
-                        match sock.handshake() {
-                            Ok(mut sock) => {
-                                trace!("Completed SSL Handshake");
-                                let res = sock.write(buf);
-                                *tls_stream = TlsStream::Live(sock);
-                                res
-                            }
-                            #[cfg(feature = "ssl")]
-                            Err(HandshakeError::SetupFailure(err)) => {
-                                Err(io::Error::new(io::ErrorKind::Other, err))
-                            }
-                            #[cfg(feature = "ssl")]
-                            Err(HandshakeError::Failure(mid))
-                            | Err(HandshakeError::Interrupted(mid)) => {
-                                let err = match *mid.error() {
-                                    SslError::WantRead(_) => {
-                                        negotiating = true;
-                                        Err(io::Error::new(
-                                            io::ErrorKind::WouldBlock,
-                                            "SSL wants reading",
-                                        ))
-                                    }
-                                    SslError::WantWrite(_) => {
-                                        negotiating = false;
-                                        Err(io::Error::new(
-                                            io::ErrorKind::WouldBlock,
-                                            "SSL wants writing",
-                                        ))
-                                    }
-                                    SslError::Stream(ref e) => {
-                                        negotiating = false;
-                                        Err(From::from(e.kind()))
-                                    }
-                                    ref err => {
-                                        negotiating = false;
-                                        Err(io::Error::new(
-                                            io::ErrorKind::Other,
-                                            format!("{}", err),
-                                        ))
-                                    }
-                                };
-                                *tls_stream = TlsStream::Handshake {
-                                    sock: mid,
-                                    negotiating: negotiating,
-                                };
-                                err
-                            }
-                            #[cfg(feature = "nativetls")]
-                            Err(HandshakeError::Interrupted(mid)) => {
+                    } => match sock.handshake() {
+                        Ok(mut sock) => {
+                            trace!("Completed SSL Handshake");
+                            let res = sock.write(buf);
+                            *tls_stream = TlsStream::Live(sock);
+                            res
+                        }
+                        #[cfg(feature = "ssl")]
+                        Err(HandshakeError::SetupFailure(err)) => {
+                            Err(io::Error::new(io::ErrorKind::Other, err))
+                        }
+                        #[cfg(feature = "ssl")]
+                        Err(HandshakeError::Failure(mid))
+                        | Err(HandshakeError::WouldBlock(mid)) => {
+                            if mid.error().code() == SslErrorCode::WANT_READ {
                                 negotiating = true;
-                                *tls_stream = TlsStream::Handshake {
-                                    sock: mid,
-                                    negotiating: negotiating,
-                                };
+                            } else {
+                                negotiating = false;
+                            }
+                            let err = if let Some(io_error) = mid.error().io_error() {
                                 Err(io::Error::new(
-                                    io::ErrorKind::WouldBlock,
-                                    "SSL would block",
+                                    io_error.kind(),
+                                    format!("{:?}", io_error.get_ref()),
                                 ))
-                            }
-                            #[cfg(feature = "nativetls")]
-                            Err(HandshakeError::Failure(err)) => {
+                            } else {
                                 Err(io::Error::new(
                                     io::ErrorKind::Other,
-                                    format!("{}", err),
+                                    format!("{}", mid.error()),
                                 ))
-                            }
+                            };
+                            *tls_stream = TlsStream::Handshake {
+                                sock: mid,
+                                negotiating,
+                            };
+                            err
                         }
-                    }
+                        #[cfg(feature = "nativetls")]
+                        Err(HandshakeError::Interrupted(mid)) => {
+                            negotiating = true;
+                            *tls_stream = TlsStream::Handshake {
+                                sock: mid,
+                                negotiating: negotiating,
+                            };
+                            Err(io::Error::new(io::ErrorKind::WouldBlock, "SSL would block"))
+                        }
+                        #[cfg(feature = "nativetls")]
+                        Err(HandshakeError::Failure(err)) => {
+                            Err(io::Error::new(io::ErrorKind::Other, format!("{}", err)))
+                        }
+                    },
                 }
             }
         }