Skip to content

Commit

Permalink
Merge pull request #2099 from alex/deprecate-store-ref-objects
Browse files Browse the repository at this point in the history
fixes #2096 -- deprecate `X509StoreRef::objects`, it is unsound
  • Loading branch information
sfackler authored Nov 22, 2023
2 parents a8413b8 + cf9681a commit f456b60
Show file tree
Hide file tree
Showing 3 changed files with 34 additions and 1 deletion.
2 changes: 2 additions & 0 deletions openssl-sys/src/handwritten/x509.rs
Original file line number Diff line number Diff line change
Expand Up @@ -644,6 +644,8 @@ const_ptr_api! {
extern "C" {
#[cfg(any(ossl110, libressl270))]
pub fn X509_STORE_get0_objects(ctx: #[const_ptr_if(ossl300)] X509_STORE) -> *mut stack_st_X509_OBJECT;
#[cfg(ossl300)]
pub fn X509_STORE_get1_all_certs(ctx: *mut X509_STORE) -> *mut stack_st_X509;
}
}

Expand Down
18 changes: 17 additions & 1 deletion openssl/src/x509/store.rs
Original file line number Diff line number Diff line change
Expand Up @@ -42,12 +42,14 @@
//! ```

use cfg_if::cfg_if;
use foreign_types::ForeignTypeRef;
use foreign_types::{ForeignType, ForeignTypeRef};
use std::mem;

use crate::error::ErrorStack;
#[cfg(not(boringssl))]
use crate::ssl::SslFiletype;
#[cfg(ossl300)]
use crate::stack::Stack;
use crate::stack::StackRef;
#[cfg(any(ossl102, libressl261))]
use crate::x509::verify::{X509VerifyFlags, X509VerifyParamRef};
Expand Down Expand Up @@ -260,10 +262,24 @@ foreign_type_and_impl_send_sync! {

impl X509StoreRef {
/// Get a reference to the cache of certificates in this store.
///
/// This method is deprecated. It is **unsound** and will be removed in a
/// future version of rust-openssl. `X509StoreRef::all_certificates`
/// should be used instead.
#[deprecated(
note = "This method is unsound, and will be removed in a future version of rust-openssl. X509StoreRef::all_certificates should be used instead."
)]
#[corresponds(X509_STORE_get0_objects)]
pub fn objects(&self) -> &StackRef<X509Object> {
unsafe { StackRef::from_ptr(X509_STORE_get0_objects(self.as_ptr())) }
}

/// Returns a stack of all the certificates in this store.
#[corresponds(X509_STORE_get1_all_certs)]
#[cfg(ossl300)]
pub fn all_certificates(&self) -> Stack<X509> {
unsafe { Stack::from_ptr(ffi::X509_STORE_get1_all_certs(self.as_ptr())) }
}
}

cfg_if! {
Expand Down
15 changes: 15 additions & 0 deletions openssl/src/x509/tests.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1177,3 +1177,18 @@ fn test_dist_point_null() {
let cert = X509::from_pem(cert).unwrap();
assert!(cert.crl_distribution_points().is_none());
}

#[test]
#[cfg(ossl300)]
fn test_store_all_certificates() {
let cert = include_bytes!("../../test/cert.pem");
let cert = X509::from_pem(cert).unwrap();

let store = {
let mut b = X509StoreBuilder::new().unwrap();
b.add_cert(cert).unwrap();
b.build()
};

assert_eq!(store.all_certificates().len(), 1);
}

0 comments on commit f456b60

Please sign in to comment.