expose DANE functions for SSL/SSL_CTX

The docs at https://www.openssl.org/docs/man1.1.1/man3/SSL_dane_clear_flags.html indicate that DANE functionality has been available since version 1.1.0
sfackler · Oct 30, 2023 · 0dc3d0f · 0dc3d0f
1 parent 8c21994
commit 0dc3d0f
Show file tree

Hide file tree

Showing 4 changed files with 488 additions and 1 deletion.
diff --git a/openssl-sys/src/handwritten/ssl.rs b/openssl-sys/src/handwritten/ssl.rs
@@ -938,3 +938,42 @@ extern "C" {
     #[cfg(any(ossl110, libressl360))]
     pub fn SSL_get_security_level(s: *const SSL) -> c_int;
 }
+
+#[cfg(ossl110)]
+extern "C" {
+    pub fn SSL_CTX_dane_enable(ctx: *mut SSL_CTX) -> c_int;
+    pub fn SSL_CTX_dane_mtype_set(
+        ctx: *mut SSL_CTX,
+        md: *const EVP_MD,
+        mtype: u8,
+        ord: u8,
+    ) -> c_int;
+    pub fn SSL_dane_enable(s: *mut SSL, basedomain: *const c_char) -> c_int;
+    pub fn SSL_dane_tlsa_add(
+        s: *mut SSL,
+        usage: u8,
+        selector: u8,
+        mtype: u8,
+        data: *const c_uchar,
+        dlen: size_t,
+    ) -> c_int;
+    pub fn SSL_get0_dane_authority(
+        s: *mut SSL,
+        mcert: *mut *mut X509,
+        mspki: *mut *mut EVP_PKEY,
+    ) -> c_int;
+    pub fn SSL_get0_dane_tlsa(
+        s: *mut SSL,
+        usage: *mut u8,
+        selector: *mut u8,
+        mtype: *mut u8,
+        data: *mut *const c_uchar,
+        dlen: *mut size_t,
+    ) -> c_int;
+
+    pub fn SSL_CTX_dane_set_flags(ctx: *mut SSL_CTX, flags: c_ulong) -> c_ulong;
+    pub fn SSL_CTX_dane_clear_flags(ctx: *mut SSL_CTX, flags: c_ulong) -> c_ulong;
+    pub fn SSL_dane_set_flags(ssl: *mut SSL, flags: c_ulong) -> c_ulong;
+    pub fn SSL_dane_clear_flags(ssl: *mut SSL, flags: c_ulong) -> c_ulong;
+    pub fn SSL_add1_host(s: *mut SSL, hostname: *const c_char) -> c_int;
+}
diff --git a/openssl-sys/src/x509_vfy.rs b/openssl-sys/src/x509_vfy.rs
@@ -91,6 +91,7 @@ cfg_if! {
         pub const X509_V_ERR_INVALID_CALL: c_int = 69;
         pub const X509_V_ERR_STORE_LOOKUP: c_int = 70;
         pub const X509_V_ERR_NO_VALID_SCTS: c_int = 71;
+        pub const DANE_FLAG_NO_DANE_EE_NAMECHECKS: c_ulong = 1;
     } else if #[cfg(ossl102h)] {
         pub const X509_V_ERR_INVALID_CALL: c_int = 65;
         pub const X509_V_ERR_STORE_LOOKUP: c_int = 66;