Implement SSL_CTX_set_cert_store

cpu · cpu · commit 65f3a1e48b2b · 2024-05-02T14:54:07.000-04:00
diff --git a/rustls-libssl/build.rs b/rustls-libssl/build.rs
@@ -96,6 +96,7 @@ const ENTRYPOINTS: &[&str] = &[
     "SSL_CTX_set_alpn_protos",
     "SSL_CTX_set_alpn_select_cb",
     "SSL_CTX_set_cert_cb",
+    "SSL_CTX_set_cert_store",
     "SSL_CTX_set_cipher_list",
     "SSL_CTX_set_ciphersuites",
     "SSL_CTX_set_client_CA_list",
diff --git a/rustls-libssl/src/entry.rs b/rustls-libssl/src/entry.rs
@@ -297,6 +297,12 @@ entry! {
     }
 }
 
+entry! {
+    pub fn _SSL_CTX_set_cert_store(ctx: *mut SSL_CTX, store: *mut X509_STORE) {
+        try_clone_arc!(ctx).get_mut().set_x509_store(store);
+    }
+}
+
 fn load_verify_files(
     ctx: &NotThreadSafe<SSL_CTX>,
     file_names: impl Iterator<Item = PathBuf>,
diff --git a/rustls-libssl/src/lib.rs b/rustls-libssl/src/lib.rs
@@ -21,6 +21,7 @@ use rustls::{
 };
 
 use not_thread_safe::NotThreadSafe;
+use x509::OwnedX509Store;
 
 mod bio;
 mod cache;
@@ -435,7 +436,7 @@ impl SslContext {
             verify_mode: VerifyMode::default(),
             verify_depth: -1,
             verify_roots: RootCertStore::empty(),
-            verify_x509_store: x509::OwnedX509Store::new(),
+            verify_x509_store: OwnedX509Store::default(),
             alpn: vec![],
             default_cert_file: None,
             default_cert_dir: None,
@@ -615,6 +616,13 @@ impl SslContext {
         self.verify_x509_store.pointer()
     }
 
+    fn set_x509_store(&mut self, store: *mut X509_STORE) {
+        if store.is_null() {
+            return;
+        }
+        self.verify_x509_store = OwnedX509Store::new(store);
+    }
+
     fn set_alpn_offer(&mut self, alpn: Vec<Vec<u8>>) {
         self.alpn = alpn;
     }
diff --git a/rustls-libssl/src/x509.rs b/rustls-libssl/src/x509.rs
@@ -237,17 +237,24 @@ pub struct OwnedX509Store {
 }
 
 impl OwnedX509Store {
-    pub fn new() -> Self {
-        Self {
-            raw: unsafe { X509_STORE_new() },
-        }
+    /// Create a new one, from a (donated) existing ref.
+    pub fn new(store: *mut X509_STORE) -> Self {
+        Self { raw: store }
     }
 
     pub fn pointer(&self) -> *mut X509_STORE {
         self.raw
     }
 }
 
+impl Default for OwnedX509Store {
+    fn default() -> Self {
+        Self {
+            raw: unsafe { X509_STORE_new() },
+        }
+    }
+}
+
 impl Drop for OwnedX509Store {
     fn drop(&mut self) {
         unsafe {

Original file line number	Diff line number	Diff line change
`@@ -297,6 +297,12 @@ entry! {`
`297`	`297`	`}`
`298`	`298`	`}`
`299`	`299`
	`300`	`+entry! {`
	`301`	`+ pub fn _SSL_CTX_set_cert_store(ctx: mut SSL_CTX, store: mut X509_STORE) {`
	`302`	`+ try_clone_arc!(ctx).get_mut().set_x509_store(store);`
	`303`	`+ }`
	`304`	`+}`
	`305`	`+`
`300`	`306`	`fn load_verify_files(`
`301`	`307`	`ctx: &NotThreadSafe<SSL_CTX>,`
`302`	`308`	`file_names: impl Iterator<Item = PathBuf>,`