Merge branch 'sfackler:master' into implement_crl_revoke

Author: gweisert

openssl-sys/CHANGELOG.md

@@ -2,10 +2,20 @@
 
 ## [Unreleased]
 
+## [v0.9.101] - 2024-02-21
+
+### Fixed
+
+* Fixed a bug where, when building with the `vendored` feature, this crate always needed to be rebuilt.
+
+## [v0.9.100] - 2024-02-19
+
 ### Added
 
 * Added `OSSL_PARAM`, `OSSL_PARAM_construct_uint` , `OSSL_PARAM_construct_end`.
 * Added `EVP_PKEY_CTX_set_params` and `EVP_PKEY_CTX_get_params`.
+* Added `X509_alias_get0`.
+* Added `EVP_default_properties_enable_fips`.
 
 ## [v0.9.99] - 2024-01-19
 
@@ -583,7 +593,9 @@ Fixed builds against OpenSSL built with `no-cast`.
 * Added `X509_verify` and `X509_REQ_verify`.
 * Added `EVP_MD_type` and `EVP_GROUP_get_curve_name`.
 
-[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.99..master
+[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.101..master
+[v0.9.101]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.100...openssl-sys-v0.9.101
+[v0.9.100]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.99...openssl-sys-v0.9.100
 [v0.9.99]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.98...openssl-sys-v0.9.99
 [v0.9.98]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.97...openssl-sys-v0.9.98
 [v0.9.97]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.96...openssl-sys-v0.9.97

openssl-sys/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "openssl-sys"
-version = "0.9.99"
+version = "0.9.101"
 authors = [
     "Alex Crichton <[email protected]>",
     "Steven Fackler <[email protected]>",

openssl-sys/build/main.rs

@@ -79,8 +79,14 @@ fn main() {
     let target = env::var("TARGET").unwrap();
 
     let (lib_dirs, include_dir) = find_openssl(&target);
-    if let Some(printable_include) = include_dir.join("openssl").to_str() {
-        println!("cargo:rerun-if-changed={}", printable_include);
+    // rerun-if-changed causes openssl-sys to rebuild if the openssl include
+    // dir has changed since the last build. However, this causes a rebuild
+    // every time when vendoring so we disable it.
+    let potential_path = include_dir.join("openssl");
+    if potential_path.exists() && !cfg!(feature = "vendored") {
+        if let Some(printable_include) = potential_path.to_str() {
+            println!("cargo:rerun-if-changed={}", printable_include);
+        }
     }
 
     if !lib_dirs.iter().all(|p| p.exists()) {

openssl-sys/src/handwritten/x509.rs

@@ -311,6 +311,7 @@ extern "C" {
     pub fn X509_get_version(x: *const X509) -> c_long;
     pub fn X509_set_serialNumber(x: *mut X509, sn: *mut ASN1_INTEGER) -> c_int;
     pub fn X509_get_serialNumber(x: *mut X509) -> *mut ASN1_INTEGER;
+    pub fn X509_alias_get0(x: *mut X509, len: *mut c_int) -> *mut c_uchar;
 }
 const_ptr_api! {
     extern "C" {

openssl/CHANGELOG.md

@@ -2,9 +2,13 @@
 
 ## [Unreleased]
 
+## [v0.10.64] - 2024-02-19
+
 ### Added
 
 * Added `PkeyCtxRef::{nonce_type, set_nonce_type}`.
+* Added `X509Ref::alias`.
+
 
 ## [v0.10.63] - 2024-01-19
 
@@ -888,7 +892,8 @@
 
 Look at the [release tags] for information about older releases.
 
-[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.63...master
+[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.64...master
+[v0.10.64]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.63...openssl-v0.10.64
 [v0.10.63]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.62...openssl-v0.10.63
 [v0.10.62]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.61...openssl-v0.10.62
 [v0.10.61]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.60...openssl-v0.10.61

openssl/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "openssl"
-version = "0.10.63"
+version = "0.10.64"
 authors = ["Steven Fackler <[email protected]>"]
 license = "Apache-2.0"
 description = "OpenSSL bindings"
@@ -30,7 +30,7 @@ libc = "0.2"
 once_cell = "1.5.2"
 
 openssl-macros = { version = "0.1.0", path = "../openssl-macros" }
-ffi = { package = "openssl-sys", version = "0.9.99", path = "../openssl-sys" }
+ffi = { package = "openssl-sys", version = "0.9.100", path = "../openssl-sys" }
 
 [dev-dependencies]
 hex = "0.3"

openssl/src/pkcs12.rs

@@ -304,9 +304,20 @@ mod test {
         let parsed = pkcs12.parse2("mypass").unwrap();
 
         assert_eq!(
-            hex::encode(parsed.cert.unwrap().digest(MessageDigest::sha1()).unwrap()),
+            hex::encode(
+                parsed
+                    .cert
+                    .as_ref()
+                    .unwrap()
+                    .digest(MessageDigest::sha1())
+                    .unwrap()
+            ),
             "59172d9313e84459bcff27f967e79e6e9217e584"
         );
+        assert_eq!(
+            parsed.cert.as_ref().unwrap().alias(),
+            Some(b"foobar.com" as &[u8])
+        );
 
         let chain = parsed.ca.unwrap();
         assert_eq!(chain.len(), 1);

openssl/src/x509/mod.rs

@@ -650,6 +650,24 @@ impl X509Ref {
         }
     }
 
+    /// Returns this certificate's "alias". This field is populated by
+    /// OpenSSL in some situations -- specifically OpenSSL will store a
+    /// PKCS#12 `friendlyName` in this field. This is not a part of the X.509
+    /// certificate itself, OpenSSL merely attaches it to this structure in
+    /// memory.
+    #[corresponds(X509_alias_get0)]
+    pub fn alias(&self) -> Option<&[u8]> {
+        unsafe {
+            let mut len = 0;
+            let ptr = ffi::X509_alias_get0(self.as_ptr(), &mut len);
+            if ptr.is_null() {
+                None
+            } else {
+                Some(slice::from_raw_parts(ptr, len as usize))
+            }
+        }
+    }
+
     to_pem! {
         /// Serializes the certificate into a PEM-encoded X509 structure.
         ///