Merge pull request sfackler#1397 from sfackler/always-unpin

Allow construction of unconnected SslStreams.
baloo · Dec 24, 2020 · 09dd721 · 09dd721
2 parents bc657d1 + 625205d
commit 09dd721
Show file tree

Hide file tree

Showing 4 changed files with 273 additions and 123 deletions.
diff --git a/openssl/src/ssl/bio.rs b/openssl/src/ssl/bio.rs
@@ -24,16 +24,16 @@ pub struct StreamState<S> {
 pub struct BioMethod(BIO_METHOD);
 
 impl BioMethod {
-    fn new<S: Read + Write>() -> BioMethod {
-        BioMethod(BIO_METHOD::new::<S>())
+    fn new<S: Read + Write>() -> Result<BioMethod, ErrorStack> {
+        BIO_METHOD::new::<S>().map(BioMethod)
     }
 }
 
 unsafe impl Sync for BioMethod {}
 unsafe impl Send for BioMethod {}
 
 pub fn new<S: Read + Write>(stream: S) -> Result<(*mut BIO, BioMethod), ErrorStack> {
-    let method = BioMethod::new::<S>();
+    let method = BioMethod::new::<S>()?;
 
     let state = Box::new(StreamState {
         stream,
@@ -191,6 +191,7 @@ unsafe extern "C" fn destroy<S>(bio: *mut BIO) -> c_int {
 cfg_if! {
     if #[cfg(any(ossl110, libressl273))] {
         use ffi::{BIO_get_data, BIO_set_data, BIO_set_flags, BIO_set_init};
+        use cvt;
 
         #[allow(bad_style)]
         unsafe fn BIO_set_num(_bio: *mut ffi::BIO, _num: c_int) {}
@@ -199,18 +200,17 @@ cfg_if! {
         struct BIO_METHOD(*mut ffi::BIO_METHOD);
 
         impl BIO_METHOD {
-            fn new<S: Read + Write>() -> BIO_METHOD {
+            fn new<S: Read + Write>() -> Result<BIO_METHOD, ErrorStack> {
                 unsafe {
-                    let ptr = ffi::BIO_meth_new(ffi::BIO_TYPE_NONE, b"rust\0".as_ptr() as *const _);
-                    assert!(!ptr.is_null());
-                    let ret = BIO_METHOD(ptr);
-                    assert!(ffi::BIO_meth_set_write(ptr, bwrite::<S>) != 0);
-                    assert!(ffi::BIO_meth_set_read(ptr, bread::<S>) != 0);
-                    assert!(ffi::BIO_meth_set_puts(ptr, bputs::<S>) != 0);
-                    assert!(ffi::BIO_meth_set_ctrl(ptr, ctrl::<S>) != 0);
-                    assert!(ffi::BIO_meth_set_create(ptr, create) != 0);
-                    assert!(ffi::BIO_meth_set_destroy(ptr, destroy::<S>) != 0);
-                    ret
+                    let ptr = cvt_p(ffi::BIO_meth_new(ffi::BIO_TYPE_NONE, b"rust\0".as_ptr() as *const _))?;
+                    let method = BIO_METHOD(ptr);
+                    cvt(ffi::BIO_meth_set_write(method.0, bwrite::<S>))?;
+                    cvt(ffi::BIO_meth_set_read(method.0, bread::<S>))?;
+                    cvt(ffi::BIO_meth_set_puts(method.0, bputs::<S>))?;
+                    cvt(ffi::BIO_meth_set_ctrl(method.0, ctrl::<S>))?;
+                    cvt(ffi::BIO_meth_set_create(method.0, create))?;
+                    cvt(ffi::BIO_meth_set_destroy(method.0, destroy::<S>))?;
+                    Ok(method)
                 }
             }
 
@@ -231,7 +231,7 @@ cfg_if! {
         struct BIO_METHOD(*mut ffi::BIO_METHOD);
 
         impl BIO_METHOD {
-            fn new<S: Read + Write>() -> BIO_METHOD {
+            fn new<S: Read + Write>() -> Result<BIO_METHOD, ErrorStack> {
                 let ptr = Box::new(ffi::BIO_METHOD {
                     type_: ffi::BIO_TYPE_NONE,
                     name: b"rust\0".as_ptr() as *const _,
@@ -245,7 +245,7 @@ cfg_if! {
                     callback_ctrl: None,
                 });
 
-                BIO_METHOD(Box::into_raw(ptr))
+                Ok(BIO_METHOD(Box::into_raw(ptr)))
             }
 
             fn get(&self) -> *mut ffi::BIO_METHOD {

diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs
@@ -168,13 +168,10 @@ impl ConnectConfiguration {
         self.verify_hostname = verify_hostname;
     }
 
-    /// Initiates a client-side TLS session on a stream.
+    /// Returns an `Ssl` configured to connect to the provided domain.
     ///
     /// The domain is used for SNI and hostname verification if enabled.
-    pub fn connect<S>(mut self, domain: &str, stream: S) -> Result<SslStream<S>, HandshakeError<S>>
-    where
-        S: Read + Write,
-    {
+    pub fn into_ssl(mut self, domain: &str) -> Result<Ssl, ErrorStack> {
         if self.sni {
             self.ssl.set_hostname(domain)?;
         }
@@ -183,7 +180,17 @@ impl ConnectConfiguration {
             setup_verify_hostname(&mut self.ssl, domain)?;
         }
 
-        self.ssl.connect(stream)
+        Ok(self.ssl)
+    }
+
+    /// Initiates a client-side TLS session on a stream.
+    ///
+    /// The domain is used for SNI and hostname verification if enabled.
+    pub fn connect<S>(self, domain: &str, stream: S) -> Result<SslStream<S>, HandshakeError<S>>
+    where
+        S: Read + Write,
+    {
+        self.into_ssl(domain)?.connect(stream)
     }
 }