From c3e2615ad50f9ec2045273f08b5901bf30cdf209 Mon Sep 17 00:00:00 2001 From: sergej jurecko Date: Wed, 6 Feb 2019 13:02:23 +0100 Subject: [PATCH 01/19] get cert SubjectPublicKeyInfo --- Cargo.toml | 6 +- src/imp/openssl.rs | 6 ++ src/imp/security_framework.rs | 133 +++++++++++++++++++++++++++++++++- src/lib.rs | 6 ++ 4 files changed, 148 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 6cd6d177..6b998521 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,8 +11,10 @@ readme = "README.md" vendored = ["openssl/vendored"] [target.'cfg(any(target_os = "macos", target_os = "ios"))'.dependencies] -security-framework = "0.2.1" -security-framework-sys = "0.2.1" +security-framework = {path = "../rust-security-framework/security-framework"} +security-framework-sys = {path = "../rust-security-framework/security-framework-sys", features = ["OSX_10_13"]} +core-foundation-sys = "0.6.2" +core-foundation = "0.6.3" lazy_static = "1.0" libc = "0.2" tempfile = "3.0" diff --git a/src/imp/openssl.rs b/src/imp/openssl.rs index 75264d24..53456c87 100644 --- a/src/imp/openssl.rs +++ b/src/imp/openssl.rs @@ -177,6 +177,12 @@ impl Certificate { let der = self.0.to_der()?; Ok(der) } + + pub fn public_key_der(&self) -> Result, Error> { + let pk = self.0.public_key()?; + let der = pk.public_key_to_der()?; + Ok(der) + } } pub struct MidHandshakeTlsStream(MidHandshakeSslStream); diff --git a/src/imp/security_framework.rs b/src/imp/security_framework.rs index f23fe131..97785428 100644 --- a/src/imp/security_framework.rs +++ b/src/imp/security_framework.rs @@ -1,8 +1,17 @@ +extern crate core_foundation; +extern crate core_foundation_sys; extern crate libc; extern crate security_framework; extern crate security_framework_sys; extern crate tempfile; +use self::core_foundation::base::TCFType; +use self::core_foundation_sys::base::{CFComparisonResult, CFRelease}; +use self::core_foundation_sys::data::{CFDataGetBytePtr, CFDataGetLength}; +use self::core_foundation_sys::dictionary::{CFDictionaryGetValueIfPresent, CFDictionaryRef}; +use self::core_foundation_sys::error::CFErrorRef; +use self::core_foundation_sys::number::{kCFNumberSInt32Type, CFNumberGetValue}; +use self::core_foundation_sys::string::{CFStringCompareFlags, CFStringRef}; use self::security_framework::base; use self::security_framework::certificate::SecCertificate; use self::security_framework::identity::SecIdentity; @@ -10,11 +19,19 @@ use self::security_framework::import_export::{ImportedIdentity, Pkcs12ImportOpti use self::security_framework::secure_transport::{ self, ClientBuilder, SslConnectionType, SslContext, SslProtocol, SslProtocolSide, }; -use self::security_framework_sys::base::errSecIO; +use self::security_framework_sys::base::{errSecIO, SecKeyRef, SecPolicyRef}; +use self::security_framework_sys::item::*; +use self::security_framework_sys::key::{SecKeyCopyAttributes, SecKeyCopyExternalRepresentation}; +use self::security_framework_sys::policy::SecPolicyCreateBasicX509; +use self::security_framework_sys::trust::{ + SecTrustCopyPublicKey, SecTrustCreateWithCertificates, SecTrustEvaluate, SecTrustRef, + SecTrustResultType, +}; use self::tempfile::TempDir; use std::error; use std::fmt; use std::io; +use std::ptr; use std::sync::Mutex; use std::sync::{Once, ONCE_INIT}; @@ -174,6 +191,77 @@ impl Certificate { pub fn to_der(&self) -> Result, Error> { Ok(self.0.to_der()) } + + pub fn public_key_der(&self) -> Result, Error> { + unsafe { + let k = self.copy_public_key_from_certificate(); + let mut error: CFErrorRef = std::ptr::null_mut(); + let public_key_data = SecKeyCopyExternalRepresentation(k, &mut error); + if public_key_data == ptr::null_mut() { + CFRelease(k as _); + return Err(Error::from(base::Error::from_code(0))); + } + let public_key_attributes = SecKeyCopyAttributes(k); + + let mut public_key_type: *const std::os::raw::c_void = ptr::null(); + CFDictionaryGetValueIfPresent( + public_key_attributes, + kSecAttrKeyType as _, + &mut public_key_type as _, + ); + let mut public_keysize: *const std::os::raw::c_void = ptr::null(); + CFDictionaryGetValueIfPresent( + public_key_attributes, + kSecAttrKeySizeInBits as _, + &mut public_keysize as *mut *const std::os::raw::c_void, + ); + CFRelease(public_key_attributes as _); + let mut public_keysize_val: u32 = 0; + let public_keysize_val_ptr: *mut u32 = &mut public_keysize_val; + CFNumberGetValue( + public_keysize as _, + kCFNumberSInt32Type, + public_keysize_val_ptr as _, + ); + let hdr_bytes = get_asn1_header_bytes(public_key_type as _, public_keysize_val); + if hdr_bytes.len() == 0 { + return Err(Error::from(base::Error::from_code(0))); + } + CFRelease(k as _); + let key_data_len = CFDataGetLength(public_key_data) as usize; + let key_data_slice = std::slice::from_raw_parts( + CFDataGetBytePtr(public_key_data) as *const u8, + key_data_len, + ); + let mut out = Vec::with_capacity(hdr_bytes.len() + key_data_len); + out.extend_from_slice(hdr_bytes); + out.extend_from_slice(key_data_slice); + + CFRelease(public_key_data as _); + Ok(out) + } + } + + fn copy_public_key_from_certificate(&self) -> SecKeyRef { + unsafe { + // Create an X509 trust using the using the certificate + let mut trust: SecTrustRef = ptr::null_mut(); + let policy: SecPolicyRef = SecPolicyCreateBasicX509(); + SecTrustCreateWithCertificates( + self.0.as_concrete_TypeRef() as _, + policy as _, + &mut trust, + ); + + // Get a public key reference for the certificate from the trust + let mut result: SecTrustResultType = 0; + SecTrustEvaluate(trust, &mut result); + let public_key = SecTrustCopyPublicKey(trust); + CFRelease(policy as _); + CFRelease(trust as _); + public_key + } + } } pub enum HandshakeError { @@ -535,4 +623,47 @@ extern "C" { fn CC_SHA256(data: *const u8, len: CC_LONG, md: *mut u8) -> *mut u8; fn CC_SHA384(data: *const u8, len: CC_LONG, md: *mut u8) -> *mut u8; fn CC_SHA512(data: *const u8, len: CC_LONG, md: *mut u8) -> *mut u8; + fn CFStringCompare( + theString1: CFStringRef, + theString2: CFStringRef, + compareOptions: CFStringCompareFlags, + ) -> CFComparisonResult; } + +fn get_asn1_header_bytes(pkt: CFStringRef, ksz: u32) -> &'static [u8] { + unsafe { + if CFStringCompare(pkt, kSecAttrKeyTypeRSA, 0) as i64 == 0 && ksz == 2048 { + return &RSA_2048_ASN1_HEADER; + } + if CFStringCompare(pkt, kSecAttrKeyTypeRSA, 0) as i64 == 0 && ksz == 4096 { + return &RSA_4096_ASN1_HEADER; + } + if CFStringCompare(pkt, kSecAttrKeyTypeECSECPrimeRandom, 0) as i64 == 0 && ksz == 256 { + return &EC_DSA_SECP_256_R1_ASN1_HEADER; + } + if CFStringCompare(pkt, kSecAttrKeyTypeECSECPrimeRandom, 0) as i64 == 0 && ksz == 384 { + return &EC_DSA_SECP_384_R1_ASN1_HEADER; + } + } + &[] +} + +const RSA_2048_ASN1_HEADER: [u8; 24] = [ + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, +]; + +const RSA_4096_ASN1_HEADER: [u8; 24] = [ + 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, +]; + +const EC_DSA_SECP_256_R1_ASN1_HEADER: [u8; 26] = [ + 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, + 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, +]; + +const EC_DSA_SECP_384_R1_ASN1_HEADER: [u8; 23] = [ + 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, + 0x81, 0x04, 0x00, 0x22, 0x03, 0x62, 0x00, +]; diff --git a/src/lib.rs b/src/lib.rs index 5efb08fc..51991b0b 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -206,6 +206,12 @@ impl Certificate { let der = self.0.to_der()?; Ok(der) } + + /// Returns der encoded SubjectPublicKeyInfo. + pub fn public_key_der(&self) -> Result> { + let der = self.0.public_key_der()?; + Ok(der) + } } /// A TLS stream which has been interrupted midway through the handshake process. From d5caf1213e3af8f3fefa5a1c22309c89f91b3d18 Mon Sep 17 00:00:00 2001 From: Sergej Jurecko Date: Wed, 6 Feb 2019 14:37:12 +0100 Subject: [PATCH 02/19] schannel public_key_der --- Cargo.toml | 2 +- src/imp/schannel.rs | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 6b998521..318c91e0 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -20,7 +20,7 @@ libc = "0.2" tempfile = "3.0" [target.'cfg(target_os = "windows")'.dependencies] -schannel = "0.1.13" +schannel = {path = "../schannel-rs"} [target.'cfg(not(any(target_os = "windows", target_os = "macos", target_os = "ios")))'.dependencies] log = "0.4.5" diff --git a/src/imp/schannel.rs b/src/imp/schannel.rs index fee17e89..dba36c11 100644 --- a/src/imp/schannel.rs +++ b/src/imp/schannel.rs @@ -122,6 +122,10 @@ impl Certificate { pub fn to_der(&self) -> Result, Error> { Ok(self.0.to_der().to_vec()) } + + pub fn public_key_der(&self) -> Result, Error> { + Ok(self.0.subject_public_key_info_der()) + } } pub struct MidHandshakeTlsStream(tls_stream::MidHandshakeTlsStream); From 3982c58c6a7250fe94f2db88a1390feaf86dca04 Mon Sep 17 00:00:00 2001 From: sergej jurecko Date: Thu, 7 Feb 2019 07:19:35 +0100 Subject: [PATCH 03/19] use git forks temporarily --- Cargo.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 318c91e0..612eaa3e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,8 +11,8 @@ readme = "README.md" vendored = ["openssl/vendored"] [target.'cfg(any(target_os = "macos", target_os = "ios"))'.dependencies] -security-framework = {path = "../rust-security-framework/security-framework"} -security-framework-sys = {path = "../rust-security-framework/security-framework-sys", features = ["OSX_10_13"]} +security-framework = {git = "https://github.com/SergejJurecko/rust-security-framework"} +security-framework-sys = {git = "https://github.com/SergejJurecko/rust-security-framework", features = ["OSX_10_13"]} core-foundation-sys = "0.6.2" core-foundation = "0.6.3" lazy_static = "1.0" From c978e57729bb1ac28f2220df9bbd987a5512ce5a Mon Sep 17 00:00:00 2001 From: sergej jurecko Date: Thu, 7 Feb 2019 07:19:44 +0100 Subject: [PATCH 04/19] use git forks temporarily --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 612eaa3e..c0033446 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -20,7 +20,7 @@ libc = "0.2" tempfile = "3.0" [target.'cfg(target_os = "windows")'.dependencies] -schannel = {path = "../schannel-rs"} +schannel = {path = "https://github.com/SergejJurecko/schannel-rs"} [target.'cfg(not(any(target_os = "windows", target_os = "macos", target_os = "ios")))'.dependencies] log = "0.4.5" From 6de69bd275a98f4b587840565ad6dd43eb83cbbc Mon Sep 17 00:00:00 2001 From: sergej jurecko Date: Thu, 7 Feb 2019 07:20:01 +0100 Subject: [PATCH 05/19] use git forks temporarily --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index c0033446..afeb4d2c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -20,7 +20,7 @@ libc = "0.2" tempfile = "3.0" [target.'cfg(target_os = "windows")'.dependencies] -schannel = {path = "https://github.com/SergejJurecko/schannel-rs"} +schannel = {git = "https://github.com/SergejJurecko/schannel-rs"} [target.'cfg(not(any(target_os = "windows", target_os = "macos", target_os = "ios")))'.dependencies] log = "0.4.5" From ee90227855c0aa9aa6c43d9bab1b7af52cc15504 Mon Sep 17 00:00:00 2001 From: Sergej Jurecko Date: Mon, 11 Feb 2019 07:49:40 +0100 Subject: [PATCH 06/19] published security framework --- Cargo.toml | 4 ++-- src/imp/schannel.rs | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index afeb4d2c..ed4bd0e2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,8 +11,8 @@ readme = "README.md" vendored = ["openssl/vendored"] [target.'cfg(any(target_os = "macos", target_os = "ios"))'.dependencies] -security-framework = {git = "https://github.com/SergejJurecko/rust-security-framework"} -security-framework-sys = {git = "https://github.com/SergejJurecko/rust-security-framework", features = ["OSX_10_13"]} +security-framework = "0.2.4-beta" +security-framework-sys = {version = "0.2.4-beta", features = ["OSX_10_13"]} core-foundation-sys = "0.6.2" core-foundation = "0.6.3" lazy_static = "1.0" diff --git a/src/imp/schannel.rs b/src/imp/schannel.rs index dba36c11..306acc2b 100644 --- a/src/imp/schannel.rs +++ b/src/imp/schannel.rs @@ -124,7 +124,7 @@ impl Certificate { } pub fn public_key_der(&self) -> Result, Error> { - Ok(self.0.subject_public_key_info_der()) + Ok(self.0.subject_public_key_info_der()?) } } From bdfb49eee7147a8c0fac329d90ac52d91d83a469 Mon Sep 17 00:00:00 2001 From: sergej jurecko Date: Tue, 12 Feb 2019 07:31:02 +0100 Subject: [PATCH 07/19] certificate_chain iterator, apple version --- src/imp/security_framework.rs | 40 +++++++++++++++++++++++++++++++++-- src/lib.rs | 14 ++++++++++++ 2 files changed, 52 insertions(+), 2 deletions(-) diff --git a/src/imp/security_framework.rs b/src/imp/security_framework.rs index 97785428..d840d6cf 100644 --- a/src/imp/security_framework.rs +++ b/src/imp/security_framework.rs @@ -8,17 +8,17 @@ extern crate tempfile; use self::core_foundation::base::TCFType; use self::core_foundation_sys::base::{CFComparisonResult, CFRelease}; use self::core_foundation_sys::data::{CFDataGetBytePtr, CFDataGetLength}; -use self::core_foundation_sys::dictionary::{CFDictionaryGetValueIfPresent, CFDictionaryRef}; +use self::core_foundation_sys::dictionary::CFDictionaryGetValueIfPresent; use self::core_foundation_sys::error::CFErrorRef; use self::core_foundation_sys::number::{kCFNumberSInt32Type, CFNumberGetValue}; use self::core_foundation_sys::string::{CFStringCompareFlags, CFStringRef}; -use self::security_framework::base; use self::security_framework::certificate::SecCertificate; use self::security_framework::identity::SecIdentity; use self::security_framework::import_export::{ImportedIdentity, Pkcs12ImportOptions}; use self::security_framework::secure_transport::{ self, ClientBuilder, SslConnectionType, SslContext, SslProtocol, SslProtocolSide, }; +use self::security_framework::{base, trust::SecTrust}; use self::security_framework_sys::base::{errSecIO, SecKeyRef, SecPolicyRef}; use self::security_framework_sys::item::*; use self::security_framework_sys::key::{SecKeyCopyAttributes, SecKeyCopyExternalRepresentation}; @@ -192,6 +192,8 @@ impl Certificate { Ok(self.0.to_der()) } + // Ported from TrustKit pinning implementation + // https://github.com/datatheorem/TrustKit/blob/master/TrustKit/Pinning/TSKSPKIHashCache.m pub fn public_key_der(&self) -> Result, Error> { unsafe { let k = self.copy_public_key_from_certificate(); @@ -439,6 +441,23 @@ impl TlsAcceptor { } } +pub struct ChainIterator { + trust: Option, + pos: usize, +} +impl<'a> Iterator for ChainIterator { + type Item = Certificate; + + fn next(&mut self) -> Option { + if let Some(trust) = self.trust.as_ref() { + let pos = self.pos; + self.pos += 1; + return trust.certificate_at_index(pos as _).map(Certificate); + } + None + } +} + pub struct TlsStream { stream: secure_transport::SslStream, cert: Option, @@ -473,6 +492,23 @@ impl TlsStream { Ok(trust.certificate_at_index(0).map(Certificate)) } + pub fn certificate_chain(&self) -> Result { + let trust = match self.stream.context().peer_trust2()? { + Some(trust) => trust, + None => { + return Ok(ChainIterator { + trust: None, + pos: 0, + }); + } + }; + trust.evaluate()?; + Ok(ChainIterator { + trust: Some(trust), + pos: 0, + }) + } + #[cfg(target_os = "ios")] pub fn tls_server_end_point(&self) -> Result>, Error> { Ok(None) diff --git a/src/lib.rs b/src/lib.rs index 51991b0b..93273e23 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -214,6 +214,15 @@ impl Certificate { } } +pub struct ChainIterator(imp::ChainIterator); +impl Iterator for ChainIterator { + type Item = Certificate; + + fn next(&mut self) -> Option { + self.0.next().map(Certificate) + } +} + /// A TLS stream which has been interrupted midway through the handshake process. pub struct MidHandshakeTlsStream(imp::MidHandshakeTlsStream); @@ -636,6 +645,11 @@ impl TlsStream { Ok(self.0.peer_certificate()?.map(Certificate)) } + /// Returns an iterator over certificate chain, if available. + pub fn certificate_chain(&self) -> Result { + Ok(ChainIterator(self.0.certificate_chain()?)) + } + /// Returns the tls-server-end-point channel binding data as defined in [RFC 5929]. /// /// [RFC 5929]: https://tools.ietf.org/html/rfc5929 From 7c44234ccdadc8018ba55ccc9f97a2ba11749176 Mon Sep 17 00:00:00 2001 From: sergej jurecko Date: Tue, 12 Feb 2019 09:42:48 +0100 Subject: [PATCH 08/19] openssl certificate_chain --- src/imp/openssl.rs | 23 ++++++++++++++++++++++- src/imp/security_framework.rs | 9 ++++++--- src/lib.rs | 8 +++++--- 3 files changed, 33 insertions(+), 7 deletions(-) diff --git a/src/imp/openssl.rs b/src/imp/openssl.rs index 53456c87..676b866b 100644 --- a/src/imp/openssl.rs +++ b/src/imp/openssl.rs @@ -9,7 +9,8 @@ use self::openssl::ssl::{ self, MidHandshakeSslStream, SslAcceptor, SslConnector, SslContextBuilder, SslMethod, SslVerifyMode, }; -use self::openssl::x509::{X509, X509VerifyResult}; +use self::openssl::stack; +use self::openssl::x509::{X509VerifyResult, X509}; use std::error; use std::fmt; use std::io; @@ -330,6 +331,19 @@ impl TlsAcceptor { } } +pub struct ChainIterator<'a, S: 'a>(Option>, &'a TlsStream); + +impl<'a, S> Iterator for ChainIterator<'a, S> { + type Item = Certificate; + + fn next(&mut self) -> Option { + if let Some(i) = self.0.as_mut() { + return i.next().map(|c| Certificate(c.to_owned())); + } + None + } +} + pub struct TlsStream(ssl::SslStream); impl fmt::Debug for TlsStream { @@ -355,6 +369,13 @@ impl TlsStream { Ok(self.0.ssl().peer_certificate().map(Certificate)) } + pub fn certificate_chain(&self) -> Result, Error> { + Ok(ChainIterator( + self.0.ssl().peer_cert_chain().map(|stack| stack.iter()), + self, + )) + } + pub fn tls_server_end_point(&self) -> Result>, Error> { let cert = if self.0.ssl().is_server() { self.0.ssl().certificate().map(|x| x.to_owned()) diff --git a/src/imp/security_framework.rs b/src/imp/security_framework.rs index d840d6cf..81db8c05 100644 --- a/src/imp/security_framework.rs +++ b/src/imp/security_framework.rs @@ -441,11 +441,12 @@ impl TlsAcceptor { } } -pub struct ChainIterator { +pub struct ChainIterator<'a, S: 'a> { trust: Option, pos: usize, + _stream: &'a TlsStream, } -impl<'a> Iterator for ChainIterator { +impl<'a, S> Iterator for ChainIterator<'a, S> { type Item = Certificate; fn next(&mut self) -> Option { @@ -492,13 +493,14 @@ impl TlsStream { Ok(trust.certificate_at_index(0).map(Certificate)) } - pub fn certificate_chain(&self) -> Result { + pub fn certificate_chain(&self) -> Result, Error> { let trust = match self.stream.context().peer_trust2()? { Some(trust) => trust, None => { return Ok(ChainIterator { trust: None, pos: 0, + _stream: self, }); } }; @@ -506,6 +508,7 @@ impl TlsStream { Ok(ChainIterator { trust: Some(trust), pos: 0, + _stream: self, }) } diff --git a/src/lib.rs b/src/lib.rs index 93273e23..f1bf8127 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -214,8 +214,10 @@ impl Certificate { } } -pub struct ChainIterator(imp::ChainIterator); -impl Iterator for ChainIterator { +/// An iterator over a certificate chain. +pub struct ChainIterator<'a, S: 'a>(imp::ChainIterator<'a, S>); + +impl<'a, S> Iterator for ChainIterator<'a, S> { type Item = Certificate; fn next(&mut self) -> Option { @@ -646,7 +648,7 @@ impl TlsStream { } /// Returns an iterator over certificate chain, if available. - pub fn certificate_chain(&self) -> Result { + pub fn certificate_chain(&self) -> Result> { Ok(ChainIterator(self.0.certificate_chain()?)) } From 5777ab21d59df5259e69210fb5202727f186e516 Mon Sep 17 00:00:00 2001 From: Sergej Jurecko Date: Tue, 12 Feb 2019 14:08:14 +0100 Subject: [PATCH 09/19] schannel certiface_chain implementation --- src/imp/openssl.rs | 2 +- src/imp/schannel.rs | 49 ++++++++++++++++++++++++++++++----- src/imp/security_framework.rs | 2 +- src/lib.rs | 2 +- 4 files changed, 45 insertions(+), 10 deletions(-) diff --git a/src/imp/openssl.rs b/src/imp/openssl.rs index 676b866b..207a1526 100644 --- a/src/imp/openssl.rs +++ b/src/imp/openssl.rs @@ -369,7 +369,7 @@ impl TlsStream { Ok(self.0.ssl().peer_certificate().map(Certificate)) } - pub fn certificate_chain(&self) -> Result, Error> { + pub fn certificate_chain(&mut self) -> Result, Error> { Ok(ChainIterator( self.0.ssl().peer_cert_chain().map(|stack| stack.iter()), self, diff --git a/src/imp/schannel.rs b/src/imp/schannel.rs index 306acc2b..e33d5d42 100644 --- a/src/imp/schannel.rs +++ b/src/imp/schannel.rs @@ -1,7 +1,7 @@ extern crate schannel; use self::schannel::cert_context::{CertContext, HashAlgorithm}; -use self::schannel::cert_store::{CertAdd, CertStore, Memory, PfxImportOptions}; +use self::schannel::cert_store::{CertAdd, CertStore, Certs, Memory, PfxImportOptions}; use self::schannel::schannel_cred::{Direction, Protocol, SchannelCred}; use self::schannel::tls_stream; use std::error; @@ -89,7 +89,8 @@ impl Identity { return Err(io::Error::new( io::ErrorKind::InvalidInput, "No identity found in PKCS #12 archive", - ).into()); + ) + .into()); } }; @@ -115,7 +116,8 @@ impl Certificate { Err(_) => Err(io::Error::new( io::ErrorKind::InvalidInput, "PEM representation contains non-UTF-8 bytes", - ).into()), + ) + .into()), } } @@ -153,7 +155,7 @@ where pub fn handshake(self) -> Result, HandshakeError> { match self.0.handshake() { - Ok(s) => Ok(TlsStream(s)), + Ok(s) => Ok(TlsStream(s, None)), Err(e) => Err(e.into()), } } @@ -231,7 +233,7 @@ impl TlsConnector { builder.verify_callback(|_| Ok(())); } match builder.connect(cred, stream) { - Ok(s) => Ok(TlsStream(s)), + Ok(s) => Ok(TlsStream(s, None)), Err(e) => Err(e.into()), } } @@ -263,13 +265,28 @@ impl TlsAcceptor { // FIXME we're probably missing the certificate chain? let cred = builder.acquire(Direction::Inbound)?; match tls_stream::Builder::new().accept(cred, stream) { - Ok(s) => Ok(TlsStream(s)), + Ok(s) => Ok(TlsStream(s, None)), Err(e) => Err(e.into()), } } } -pub struct TlsStream(tls_stream::TlsStream); +pub struct ChainIterator<'a, S: 'a> { + certs: Option>, + _stream: &'a TlsStream, +} +impl<'a, S> Iterator for ChainIterator<'a, S> { + type Item = Certificate; + + fn next(&mut self) -> Option { + if let Some(certs) = self.certs.as_mut() { + return certs.next().map(Certificate); + } + None + } +} + +pub struct TlsStream(tls_stream::TlsStream, Option); impl fmt::Debug for TlsStream { fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result { @@ -298,6 +315,24 @@ impl TlsStream { } } + pub fn certificate_chain(&mut self) -> Result, Error> { + if self.1.is_none() { + match self.0.peer_certificate() { + Ok(cert) => { + self.1 = cert.cert_store(); + } + Err(ref e) if e.raw_os_error() == Some(SEC_E_NO_CREDENTIALS as i32) => { + self.1 = None; + } + Err(e) => return Err(Error(e)), + } + } + Ok(ChainIterator { + certs: self.1.as_ref().map(|c| c.certs()), + _stream: self, + }) + } + pub fn tls_server_end_point(&self) -> Result>, Error> { let cert = if self.0.is_server() { self.0.certificate() diff --git a/src/imp/security_framework.rs b/src/imp/security_framework.rs index 81db8c05..5ad50698 100644 --- a/src/imp/security_framework.rs +++ b/src/imp/security_framework.rs @@ -493,7 +493,7 @@ impl TlsStream { Ok(trust.certificate_at_index(0).map(Certificate)) } - pub fn certificate_chain(&self) -> Result, Error> { + pub fn certificate_chain(&mut self) -> Result, Error> { let trust = match self.stream.context().peer_trust2()? { Some(trust) => trust, None => { diff --git a/src/lib.rs b/src/lib.rs index f1bf8127..73a3e41b 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -648,7 +648,7 @@ impl TlsStream { } /// Returns an iterator over certificate chain, if available. - pub fn certificate_chain(&self) -> Result> { + pub fn certificate_chain(&mut self) -> Result> { Ok(ChainIterator(self.0.certificate_chain()?)) } From cc76bf174685e73275f63187c2cbaeda50a8bb3e Mon Sep 17 00:00:00 2001 From: sergej jurecko Date: Wed, 13 Feb 2019 09:04:10 +0100 Subject: [PATCH 10/19] move public_key_info_der to security framework --- Cargo.toml | 4 +- src/imp/openssl.rs | 2 +- src/imp/schannel.rs | 2 +- src/imp/security_framework.rs | 135 ++-------------------------------- src/lib.rs | 6 +- 5 files changed, 12 insertions(+), 137 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index ed4bd0e2..40a89d43 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,8 +11,8 @@ readme = "README.md" vendored = ["openssl/vendored"] [target.'cfg(any(target_os = "macos", target_os = "ios"))'.dependencies] -security-framework = "0.2.4-beta" -security-framework-sys = {version = "0.2.4-beta", features = ["OSX_10_13"]} +security-framework = {git = "https://github.com/sergejjurecko/rust-security-framework/", features = ["OSX_10_12"]} +security-framework-sys = {git = "https://github.com/sergejjurecko/rust-security-framework/", features = ["OSX_10_12"]} core-foundation-sys = "0.6.2" core-foundation = "0.6.3" lazy_static = "1.0" diff --git a/src/imp/openssl.rs b/src/imp/openssl.rs index 207a1526..34a0582e 100644 --- a/src/imp/openssl.rs +++ b/src/imp/openssl.rs @@ -179,7 +179,7 @@ impl Certificate { Ok(der) } - pub fn public_key_der(&self) -> Result, Error> { + pub fn public_key_info_der(&self) -> Result, Error> { let pk = self.0.public_key()?; let der = pk.public_key_to_der()?; Ok(der) diff --git a/src/imp/schannel.rs b/src/imp/schannel.rs index e33d5d42..b5b0c077 100644 --- a/src/imp/schannel.rs +++ b/src/imp/schannel.rs @@ -125,7 +125,7 @@ impl Certificate { Ok(self.0.to_der().to_vec()) } - pub fn public_key_der(&self) -> Result, Error> { + pub fn public_key_info_der(&self) -> Result, Error> { Ok(self.0.subject_public_key_info_der()?) } } diff --git a/src/imp/security_framework.rs b/src/imp/security_framework.rs index 5ad50698..99ab1c86 100644 --- a/src/imp/security_framework.rs +++ b/src/imp/security_framework.rs @@ -5,13 +5,6 @@ extern crate security_framework; extern crate security_framework_sys; extern crate tempfile; -use self::core_foundation::base::TCFType; -use self::core_foundation_sys::base::{CFComparisonResult, CFRelease}; -use self::core_foundation_sys::data::{CFDataGetBytePtr, CFDataGetLength}; -use self::core_foundation_sys::dictionary::CFDictionaryGetValueIfPresent; -use self::core_foundation_sys::error::CFErrorRef; -use self::core_foundation_sys::number::{kCFNumberSInt32Type, CFNumberGetValue}; -use self::core_foundation_sys::string::{CFStringCompareFlags, CFStringRef}; use self::security_framework::certificate::SecCertificate; use self::security_framework::identity::SecIdentity; use self::security_framework::import_export::{ImportedIdentity, Pkcs12ImportOptions}; @@ -19,19 +12,13 @@ use self::security_framework::secure_transport::{ self, ClientBuilder, SslConnectionType, SslContext, SslProtocol, SslProtocolSide, }; use self::security_framework::{base, trust::SecTrust}; -use self::security_framework_sys::base::{errSecIO, SecKeyRef, SecPolicyRef}; -use self::security_framework_sys::item::*; -use self::security_framework_sys::key::{SecKeyCopyAttributes, SecKeyCopyExternalRepresentation}; -use self::security_framework_sys::policy::SecPolicyCreateBasicX509; -use self::security_framework_sys::trust::{ - SecTrustCopyPublicKey, SecTrustCreateWithCertificates, SecTrustEvaluate, SecTrustRef, - SecTrustResultType, -}; +use self::security_framework_sys::base::errSecIO; + use self::tempfile::TempDir; use std::error; use std::fmt; use std::io; -use std::ptr; + use std::sync::Mutex; use std::sync::{Once, ONCE_INIT}; @@ -192,77 +179,8 @@ impl Certificate { Ok(self.0.to_der()) } - // Ported from TrustKit pinning implementation - // https://github.com/datatheorem/TrustKit/blob/master/TrustKit/Pinning/TSKSPKIHashCache.m - pub fn public_key_der(&self) -> Result, Error> { - unsafe { - let k = self.copy_public_key_from_certificate(); - let mut error: CFErrorRef = std::ptr::null_mut(); - let public_key_data = SecKeyCopyExternalRepresentation(k, &mut error); - if public_key_data == ptr::null_mut() { - CFRelease(k as _); - return Err(Error::from(base::Error::from_code(0))); - } - let public_key_attributes = SecKeyCopyAttributes(k); - - let mut public_key_type: *const std::os::raw::c_void = ptr::null(); - CFDictionaryGetValueIfPresent( - public_key_attributes, - kSecAttrKeyType as _, - &mut public_key_type as _, - ); - let mut public_keysize: *const std::os::raw::c_void = ptr::null(); - CFDictionaryGetValueIfPresent( - public_key_attributes, - kSecAttrKeySizeInBits as _, - &mut public_keysize as *mut *const std::os::raw::c_void, - ); - CFRelease(public_key_attributes as _); - let mut public_keysize_val: u32 = 0; - let public_keysize_val_ptr: *mut u32 = &mut public_keysize_val; - CFNumberGetValue( - public_keysize as _, - kCFNumberSInt32Type, - public_keysize_val_ptr as _, - ); - let hdr_bytes = get_asn1_header_bytes(public_key_type as _, public_keysize_val); - if hdr_bytes.len() == 0 { - return Err(Error::from(base::Error::from_code(0))); - } - CFRelease(k as _); - let key_data_len = CFDataGetLength(public_key_data) as usize; - let key_data_slice = std::slice::from_raw_parts( - CFDataGetBytePtr(public_key_data) as *const u8, - key_data_len, - ); - let mut out = Vec::with_capacity(hdr_bytes.len() + key_data_len); - out.extend_from_slice(hdr_bytes); - out.extend_from_slice(key_data_slice); - - CFRelease(public_key_data as _); - Ok(out) - } - } - - fn copy_public_key_from_certificate(&self) -> SecKeyRef { - unsafe { - // Create an X509 trust using the using the certificate - let mut trust: SecTrustRef = ptr::null_mut(); - let policy: SecPolicyRef = SecPolicyCreateBasicX509(); - SecTrustCreateWithCertificates( - self.0.as_concrete_TypeRef() as _, - policy as _, - &mut trust, - ); - - // Get a public key reference for the certificate from the trust - let mut result: SecTrustResultType = 0; - SecTrustEvaluate(trust, &mut result); - let public_key = SecTrustCopyPublicKey(trust); - CFRelease(policy as _); - CFRelease(trust as _); - public_key - } + pub fn public_key_info_der(&self) -> Result, Error> { + Ok(self.0.public_key_info_der()?.unwrap_or(Vec::new())) } } @@ -662,47 +580,4 @@ extern "C" { fn CC_SHA256(data: *const u8, len: CC_LONG, md: *mut u8) -> *mut u8; fn CC_SHA384(data: *const u8, len: CC_LONG, md: *mut u8) -> *mut u8; fn CC_SHA512(data: *const u8, len: CC_LONG, md: *mut u8) -> *mut u8; - fn CFStringCompare( - theString1: CFStringRef, - theString2: CFStringRef, - compareOptions: CFStringCompareFlags, - ) -> CFComparisonResult; } - -fn get_asn1_header_bytes(pkt: CFStringRef, ksz: u32) -> &'static [u8] { - unsafe { - if CFStringCompare(pkt, kSecAttrKeyTypeRSA, 0) as i64 == 0 && ksz == 2048 { - return &RSA_2048_ASN1_HEADER; - } - if CFStringCompare(pkt, kSecAttrKeyTypeRSA, 0) as i64 == 0 && ksz == 4096 { - return &RSA_4096_ASN1_HEADER; - } - if CFStringCompare(pkt, kSecAttrKeyTypeECSECPrimeRandom, 0) as i64 == 0 && ksz == 256 { - return &EC_DSA_SECP_256_R1_ASN1_HEADER; - } - if CFStringCompare(pkt, kSecAttrKeyTypeECSECPrimeRandom, 0) as i64 == 0 && ksz == 384 { - return &EC_DSA_SECP_384_R1_ASN1_HEADER; - } - } - &[] -} - -const RSA_2048_ASN1_HEADER: [u8; 24] = [ - 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, -]; - -const RSA_4096_ASN1_HEADER: [u8; 24] = [ - 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, -]; - -const EC_DSA_SECP_256_R1_ASN1_HEADER: [u8; 26] = [ - 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, - 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, -]; - -const EC_DSA_SECP_384_R1_ASN1_HEADER: [u8; 23] = [ - 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, - 0x81, 0x04, 0x00, 0x22, 0x03, 0x62, 0x00, -]; diff --git a/src/lib.rs b/src/lib.rs index 73a3e41b..cba7ec87 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -207,9 +207,9 @@ impl Certificate { Ok(der) } - /// Returns der encoded SubjectPublicKeyInfo. - pub fn public_key_der(&self) -> Result> { - let der = self.0.public_key_der()?; + /// Returns der encoded subjectPublicKeyInfo. + pub fn public_key_info_der(&self) -> Result> { + let der = self.0.public_key_info_der()?; Ok(der) } } From 0cf03721f1efc7b930bae421de19602d22161acf Mon Sep 17 00:00:00 2001 From: sergej jurecko Date: Fri, 15 Feb 2019 12:44:57 +0100 Subject: [PATCH 11/19] refactor for clearer code --- src/imp/schannel.rs | 39 +++++++++++++++++++---------------- src/imp/security_framework.rs | 14 +++++-------- 2 files changed, 26 insertions(+), 27 deletions(-) diff --git a/src/imp/schannel.rs b/src/imp/schannel.rs index b5b0c077..de10e8e0 100644 --- a/src/imp/schannel.rs +++ b/src/imp/schannel.rs @@ -286,29 +286,32 @@ impl<'a, S> Iterator for ChainIterator<'a, S> { } } -pub struct TlsStream(tls_stream::TlsStream, Option); +pub struct TlsStream { + stream: tls_stream::TlsStream, + store: Option, +} impl fmt::Debug for TlsStream { fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result { - fmt::Debug::fmt(&self.0, fmt) + fmt::Debug::fmt(&self.stream, fmt) } } impl TlsStream { pub fn get_ref(&self) -> &S { - self.0.get_ref() + self.stream.get_ref() } pub fn get_mut(&mut self) -> &mut S { - self.0.get_mut() + self.stream.get_mut() } pub fn buffered_read_size(&self) -> Result { - Ok(self.0.get_buf().len()) + Ok(self.stream.get_buf().len()) } pub fn peer_certificate(&self) -> Result, Error> { - match self.0.peer_certificate() { + match self.stream.peer_certificate() { Ok(cert) => Ok(Some(Certificate(cert))), Err(ref e) if e.raw_os_error() == Some(SEC_E_NO_CREDENTIALS as i32) => Ok(None), Err(e) => Err(Error(e)), @@ -316,28 +319,28 @@ impl TlsStream { } pub fn certificate_chain(&mut self) -> Result, Error> { - if self.1.is_none() { - match self.0.peer_certificate() { + if self.store.is_none() { + match self.stream.peer_certificate() { Ok(cert) => { - self.1 = cert.cert_store(); + self.store = cert.cert_store(); } Err(ref e) if e.raw_os_error() == Some(SEC_E_NO_CREDENTIALS as i32) => { - self.1 = None; + self.store = None; } Err(e) => return Err(Error(e)), } } Ok(ChainIterator { - certs: self.1.as_ref().map(|c| c.certs()), + certs: self.store.as_ref().map(|c| c.certs()), _stream: self, }) } pub fn tls_server_end_point(&self) -> Result>, Error> { - let cert = if self.0.is_server() { - self.0.certificate() + let cert = if self.stream.is_server() { + self.stream.certificate() } else { - self.0.peer_certificate() + self.stream.peer_certificate() }; let cert = match cert { @@ -359,23 +362,23 @@ impl TlsStream { } pub fn shutdown(&mut self) -> io::Result<()> { - self.0.shutdown()?; + self.stream.shutdown()?; Ok(()) } } impl io::Read for TlsStream { fn read(&mut self, buf: &mut [u8]) -> io::Result { - self.0.read(buf) + self.stream.read(buf) } } impl io::Write for TlsStream { fn write(&mut self, buf: &[u8]) -> io::Result { - self.0.write(buf) + self.stream.write(buf) } fn flush(&mut self) -> io::Result<()> { - self.0.flush() + self.stream.flush() } } diff --git a/src/imp/security_framework.rs b/src/imp/security_framework.rs index 99ab1c86..08f1b213 100644 --- a/src/imp/security_framework.rs +++ b/src/imp/security_framework.rs @@ -413,18 +413,14 @@ impl TlsStream { pub fn certificate_chain(&mut self) -> Result, Error> { let trust = match self.stream.context().peer_trust2()? { - Some(trust) => trust, - None => { - return Ok(ChainIterator { - trust: None, - pos: 0, - _stream: self, - }); + Some(trust) => { + trust.evaluate()?; + Some(trust) } + None => None, }; - trust.evaluate()?; Ok(ChainIterator { - trust: Some(trust), + trust, pos: 0, _stream: self, }) From d3a69251d833d650e9fc2224f4f7c49159515e00 Mon Sep 17 00:00:00 2001 From: Sergej Jurecko Date: Fri, 15 Feb 2019 12:49:26 +0100 Subject: [PATCH 12/19] forgot about constructors --- src/imp/schannel.rs | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/src/imp/schannel.rs b/src/imp/schannel.rs index de10e8e0..fb059301 100644 --- a/src/imp/schannel.rs +++ b/src/imp/schannel.rs @@ -155,7 +155,10 @@ where pub fn handshake(self) -> Result, HandshakeError> { match self.0.handshake() { - Ok(s) => Ok(TlsStream(s, None)), + Ok(stream) => Ok(TlsStream { + stream, + store: None, + }), Err(e) => Err(e.into()), } } @@ -233,7 +236,10 @@ impl TlsConnector { builder.verify_callback(|_| Ok(())); } match builder.connect(cred, stream) { - Ok(s) => Ok(TlsStream(s, None)), + Ok(stream) => Ok(TlsStream { + stream, + store: None, + }), Err(e) => Err(e.into()), } } @@ -265,7 +271,10 @@ impl TlsAcceptor { // FIXME we're probably missing the certificate chain? let cred = builder.acquire(Direction::Inbound)?; match tls_stream::Builder::new().accept(cred, stream) { - Ok(s) => Ok(TlsStream(s, None)), + Ok(stream) => Ok(TlsStream { + stream, + store: None, + }), Err(e) => Err(e.into()), } } From 05cc92fca3dfddecb36169029fa56b7420c269cc Mon Sep 17 00:00:00 2001 From: Sergej Jurecko Date: Fri, 15 Feb 2019 12:53:55 +0100 Subject: [PATCH 13/19] A clearer explanation --- src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib.rs b/src/lib.rs index cba7ec87..bb08914e 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -647,7 +647,7 @@ impl TlsStream { Ok(self.0.peer_certificate()?.map(Certificate)) } - /// Returns an iterator over certificate chain, if available. + /// Returns an iterator over certificate chain. It may be an empty iterator if chain not available. pub fn certificate_chain(&mut self) -> Result> { Ok(ChainIterator(self.0.certificate_chain()?)) } From fec0d5106fbdae8937ab54b563a1e2c78354d302 Mon Sep 17 00:00:00 2001 From: sergej jurecko Date: Thu, 28 Feb 2019 07:38:22 +0100 Subject: [PATCH 14/19] update dependencies as their respective PRs have been merged --- Cargo.toml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 40a89d43..0efe271c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,8 +11,8 @@ readme = "README.md" vendored = ["openssl/vendored"] [target.'cfg(any(target_os = "macos", target_os = "ios"))'.dependencies] -security-framework = {git = "https://github.com/sergejjurecko/rust-security-framework/", features = ["OSX_10_12"]} -security-framework-sys = {git = "https://github.com/sergejjurecko/rust-security-framework/", features = ["OSX_10_12"]} +security-framework = {version = "0.2.4-beta.2", features = ["OSX_10_12"]} +security-framework-sys = {version = "0.2.4-beta.2", features = ["OSX_10_12"]} core-foundation-sys = "0.6.2" core-foundation = "0.6.3" lazy_static = "1.0" @@ -20,7 +20,7 @@ libc = "0.2" tempfile = "3.0" [target.'cfg(target_os = "windows")'.dependencies] -schannel = {git = "https://github.com/SergejJurecko/schannel-rs"} +schannel = {version = "0.1.15"} [target.'cfg(not(any(target_os = "windows", target_os = "macos", target_os = "ios")))'.dependencies] log = "0.4.5" From bfbbb0f14498a2ab3796171028966025076b2ec1 Mon Sep 17 00:00:00 2001 From: sergej jurecko Date: Thu, 28 Feb 2019 07:51:52 +0100 Subject: [PATCH 15/19] bump rust version because of lazy_static --- .travis.yml | 2 +- appveyor.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 66de1e20..295c7e8d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,7 +1,7 @@ language: rust cache: cargo os: osx -rust: 1.21.0 +rust: 1.24.1 matrix: include: - env: TEST_IOS=true RUST_BACKTRACE=1 RUST_TEST_THREADS=1 diff --git a/appveyor.yml b/appveyor.yml index 3952cb99..8e1dd275 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -1,5 +1,5 @@ environment: - RUST_VERSION: 1.21.0 + RUST_VERSION: 1.24.1 TARGET: x86_64-pc-windows-msvc install: - ps: Start-FileDownload "https://static.rust-lang.org/dist/rust-${env:RUST_VERSION}-${env:TARGET}.exe" From 6c441af1d53591a1ea6aeb4f7fc753f4d4a17b17 Mon Sep 17 00:00:00 2001 From: sergej jurecko Date: Sat, 2 Mar 2019 17:57:19 +0100 Subject: [PATCH 16/19] set security framework version --- Cargo.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 0efe271c..0aa872f5 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,8 +11,8 @@ readme = "README.md" vendored = ["openssl/vendored"] [target.'cfg(any(target_os = "macos", target_os = "ios"))'.dependencies] -security-framework = {version = "0.2.4-beta.2", features = ["OSX_10_12"]} -security-framework-sys = {version = "0.2.4-beta.2", features = ["OSX_10_12"]} +security-framework = {version = "0.2.4", features = ["OSX_10_12"]} +security-framework-sys = {version = "0.2.4", features = ["OSX_10_12"]} core-foundation-sys = "0.6.2" core-foundation = "0.6.3" lazy_static = "1.0" From deefe6bccb52f6d5da78af9a23199145c32285ad Mon Sep 17 00:00:00 2001 From: sergej jurecko Date: Sat, 2 Mar 2019 19:03:30 +0100 Subject: [PATCH 17/19] set security framework version --- Cargo.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 0aa872f5..a58c4a41 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,8 +11,8 @@ readme = "README.md" vendored = ["openssl/vendored"] [target.'cfg(any(target_os = "macos", target_os = "ios"))'.dependencies] -security-framework = {version = "0.2.4", features = ["OSX_10_12"]} -security-framework-sys = {version = "0.2.4", features = ["OSX_10_12"]} +security-framework = {version = "0.3.0", features = ["OSX_10_12"]} +security-framework-sys = {version = "0.3.0", features = ["OSX_10_12"]} core-foundation-sys = "0.6.2" core-foundation = "0.6.3" lazy_static = "1.0" From 3016bc238588fd336ad4d16429da6aa29ccac6ef Mon Sep 17 00:00:00 2001 From: sergej jurecko Date: Tue, 30 Apr 2019 08:56:28 +0200 Subject: [PATCH 18/19] missed merge conflicts --- Cargo.toml | 11 ++--------- src/imp/security_framework.rs | 2 -- 2 files changed, 2 insertions(+), 11 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 342d9277..09308c42 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,15 +11,8 @@ readme = "README.md" vendored = ["openssl/vendored"] [target.'cfg(any(target_os = "macos", target_os = "ios"))'.dependencies] -<<<<<<< HEAD -security-framework = {version = "0.3.0", features = ["OSX_10_12"]} -security-framework-sys = {version = "0.3.0", features = ["OSX_10_12"]} -core-foundation-sys = "0.6.2" -core-foundation = "0.6.3" -======= -security-framework = "0.3.1" -security-framework-sys = "0.3.1" ->>>>>>> 4a4f36cf1dea11ce5df3c607bf67149a050a4bae +security-framework = {version = "0.3.1", features = ["OSX_10_12"]} +security-framework-sys = {version = "0.3.1", features = ["OSX_10_12"]} lazy_static = "1.0" libc = "0.2" tempfile = "3.0" diff --git a/src/imp/security_framework.rs b/src/imp/security_framework.rs index 08f1b213..f9bd897b 100644 --- a/src/imp/security_framework.rs +++ b/src/imp/security_framework.rs @@ -1,5 +1,3 @@ -extern crate core_foundation; -extern crate core_foundation_sys; extern crate libc; extern crate security_framework; extern crate security_framework_sys; From ff5fb6231405a514c2fa85254f5639a620ac21f3 Mon Sep 17 00:00:00 2001 From: sergej jurecko Date: Tue, 30 Apr 2019 08:58:54 +0200 Subject: [PATCH 19/19] another --- appveyor.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/appveyor.yml b/appveyor.yml index 60fba948..7618b1ce 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -1,9 +1,5 @@ environment: -<<<<<<< HEAD - RUST_VERSION: 1.24.1 -======= RUST_VERSION: 1.26.2 ->>>>>>> 4a4f36cf1dea11ce5df3c607bf67149a050a4bae TARGET: x86_64-pc-windows-msvc install: - ps: Start-FileDownload "https://static.rust-lang.org/dist/rust-${env:RUST_VERSION}-${env:TARGET}.exe"