diff --git a/boring/src/ssl/mod.rs b/boring/src/ssl/mod.rs index 57340d39..83b616a6 100644 --- a/boring/src/ssl/mod.rs +++ b/boring/src/ssl/mod.rs @@ -3007,10 +3007,8 @@ impl SslRef { ); unsafe { - let ptr = cert_store.as_ptr(); - cvt(ffi::SSL_set0_verify_cert_store(self.as_ptr(), ptr) as c_int)?; + cvt(ffi::SSL_set0_verify_cert_store(self.as_ptr(), cert_store.as_ptr()) as c_int)?; mem::forget(cert_store); - Ok(()) } } @@ -3855,10 +3853,8 @@ impl SslRef { "This API is not supported for RPK" ); - unsafe { - ffi::SSL_set_client_CA_list(self.as_ptr(), list.as_ptr()); - mem::forget(list); - } + unsafe { ffi::SSL_set_client_CA_list(self.as_ptr(), list.as_ptr()) } + mem::forget(list); } /// Sets the private key. diff --git a/boring/src/util.rs b/boring/src/util.rs index 21591d2f..d852a4b9 100644 --- a/boring/src/util.rs +++ b/boring/src/util.rs @@ -1,10 +1,10 @@ +use crate::error::ErrorStack; +use foreign_types::{ForeignType, ForeignTypeRef}; use libc::{c_char, c_int, c_void}; use std::any::Any; use std::panic::{self, AssertUnwindSafe}; use std::slice; -use crate::error::ErrorStack; - /// Wraps a user-supplied callback and a slot for panics thrown inside the callback (while FFI /// frames are on the stack). /// @@ -65,3 +65,29 @@ where } } } + +pub trait ForeignTypeExt: ForeignType { + unsafe fn from_ptr_opt(ptr: *mut Self::CType) -> Option { + if ptr.is_null() { + None + } else { + Some(Self::from_ptr(ptr)) + } + } +} +impl ForeignTypeExt for FT {} + +pub trait ForeignTypeRefExt: ForeignTypeRef { + unsafe fn from_const_ptr<'a>(ptr: *const Self::CType) -> &'a Self { + Self::from_ptr(ptr as *mut Self::CType) + } + + unsafe fn from_const_ptr_opt<'a>(ptr: *const Self::CType) -> Option<&'a Self> { + if ptr.is_null() { + None + } else { + Some(Self::from_const_ptr(ptr as *mut Self::CType)) + } + } +} +impl ForeignTypeRefExt for FT {} diff --git a/boring/src/x509/mod.rs b/boring/src/x509/mod.rs index 1ef04454..db87da9f 100644 --- a/boring/src/x509/mod.rs +++ b/boring/src/x509/mod.rs @@ -36,6 +36,7 @@ use crate::pkey::{HasPrivate, HasPublic, PKey, PKeyRef, Public}; use crate::ssl::SslRef; use crate::stack::{Stack, StackRef, Stackable}; use crate::string::OpensslString; +use crate::util::{ForeignTypeExt, ForeignTypeRefExt}; use crate::x509::verify::X509VerifyParamRef; use crate::{cvt, cvt_n, cvt_p}; @@ -474,27 +475,19 @@ impl X509Ref { } } - /// Returns this certificate's subject key id. - /// - /// This corresponds to [`X509_get0_subject_key_id`]. - /// - /// [`X509_get0_subject_key_id`]: https://docs.openssl.org/1.1.1/man3/X509_get_extension_flags/ - pub fn subject_key_id(&self) -> &Asn1StringRef { + /// Returns this certificate's subject key id, if it exists. + pub fn subject_key_id(&self) -> Option<&Asn1StringRef> { unsafe { - let name = ffi::X509_get0_subject_key_id(self.as_ptr()); - Asn1StringRef::from_ptr(name as _) + let data = ffi::X509_get0_subject_key_id(self.as_ptr()); + Asn1StringRef::from_const_ptr_opt(data) } } - /// Returns this certificate's authority key id. - /// - /// This corresponds to [`X509_get0_authority_key_id`]. - /// - /// [`X509_get0_authority_key_id`]: https://docs.openssl.org/1.1.1/man3/X509_get_extension_flags/ - pub fn authority_key_id(&self) -> &Asn1StringRef { + /// Returns this certificate's authority key id, if it exists. + pub fn authority_key_id(&self) -> Option<&Asn1StringRef> { unsafe { - let name = ffi::X509_get0_authority_key_id(self.as_ptr()); - Asn1StringRef::from_ptr(name as _) + let data = ffi::X509_get0_authority_key_id(self.as_ptr()); + Asn1StringRef::from_const_ptr_opt(data) } }