diff --git a/openssl-sys/src/handwritten/x509.rs b/openssl-sys/src/handwritten/x509.rs index f5e3c24289..c5419ed6eb 100644 --- a/openssl-sys/src/handwritten/x509.rs +++ b/openssl-sys/src/handwritten/x509.rs @@ -644,6 +644,8 @@ const_ptr_api! { extern "C" { #[cfg(any(ossl110, libressl270))] pub fn X509_STORE_get0_objects(ctx: #[const_ptr_if(ossl300)] X509_STORE) -> *mut stack_st_X509_OBJECT; + #[cfg(ossl300)] + pub fn X509_STORE_get1_all_certs(ctx: *mut X509_STORE) -> *mut stack_st_X509; } } diff --git a/openssl/src/cipher_ctx.rs b/openssl/src/cipher_ctx.rs index 1769ee9716..58e789b044 100644 --- a/openssl/src/cipher_ctx.rs +++ b/openssl/src/cipher_ctx.rs @@ -581,7 +581,8 @@ impl CipherCtxRef { /// output size check removed. It can be used when the exact /// buffer size control is maintained by the caller. /// - /// SAFETY: The caller is expected to provide `output` buffer + /// # Safety + /// The caller is expected to provide `output` buffer /// large enough to contain correct number of bytes. For streaming /// ciphers the output buffer size should be at least as big as /// the input buffer. For block ciphers the size of the output @@ -693,7 +694,8 @@ impl CipherCtxRef { /// This function is the same as [`Self::cipher_final`] but with /// the output buffer size check removed. /// - /// SAFETY: The caller is expected to provide `output` buffer + /// # Safety + /// The caller is expected to provide `output` buffer /// large enough to contain correct number of bytes. For streaming /// ciphers the output buffer can be empty, for block ciphers the /// output buffer should be at least as big as the block. diff --git a/openssl/src/lib.rs b/openssl/src/lib.rs index 4b9ee80454..5c9ccf7a05 100644 --- a/openssl/src/lib.rs +++ b/openssl/src/lib.rs @@ -119,7 +119,7 @@ //! ``` #![doc(html_root_url = "https://docs.rs/openssl/0.10")] #![warn(rust_2018_idioms)] -#![allow(clippy::uninlined_format_args)] +#![allow(clippy::uninlined_format_args, clippy::needless_doctest_main)] #[doc(inline)] pub use ffi::init; diff --git a/openssl/src/x509/store.rs b/openssl/src/x509/store.rs index a90bf3515f..40cf1b49a2 100644 --- a/openssl/src/x509/store.rs +++ b/openssl/src/x509/store.rs @@ -42,13 +42,13 @@ //! ``` use cfg_if::cfg_if; -use foreign_types::ForeignTypeRef; +use foreign_types::{ForeignType, ForeignTypeRef}; use std::mem; use crate::error::ErrorStack; #[cfg(not(boringssl))] use crate::ssl::SslFiletype; -use crate::stack::StackRef; +use crate::stack::{Stack, StackRef}; #[cfg(any(ossl102, libressl261))] use crate::x509::verify::{X509VerifyFlags, X509VerifyParamRef}; use crate::x509::{X509Object, X509PurposeId, X509}; @@ -260,10 +260,24 @@ foreign_type_and_impl_send_sync! { impl X509StoreRef { /// Get a reference to the cache of certificates in this store. + /// + /// This method is deprecated. It is **unsound** and will be removed in a + /// future version of rust-openssl. `X509StoreRef::all_certificates` + /// should be used instead. + #[deprecated( + note = "This method is unsound, and will be removed in a future version of rust-openssl. X509StoreRef::all_certificates should be used instead." + )] #[corresponds(X509_STORE_get0_objects)] pub fn objects(&self) -> &StackRef { unsafe { StackRef::from_ptr(X509_STORE_get0_objects(self.as_ptr())) } } + + /// Returns a stack of all the certificates in this store. + #[corresponds(X509_STORE_get1_all_certs)] + #[cfg(ossl300)] + pub fn all_certificates(&self) -> Stack { + unsafe { Stack::from_ptr(ffi::X509_STORE_get1_all_certs(self.as_ptr())) } + } } cfg_if! { diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index a4a3de970c..0444a067dd 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -1177,3 +1177,18 @@ fn test_dist_point_null() { let cert = X509::from_pem(cert).unwrap(); assert!(cert.crl_distribution_points().is_none()); } + +#[test] +#[cfg(ossl300)] +fn test_store_all_certificates() { + let cert = include_bytes!("../../test/cert.pem"); + let cert = X509::from_pem(cert).unwrap(); + + let store = { + let mut b = X509StoreBuilder::new().unwrap(); + b.add_cert(cert).unwrap(); + b.build() + }; + + assert_eq!(store.all_certificates().len(), 1); +}