2 unstable releases

Uses old Rust 2015

0.2.0 Aug 12, 2016
0.1.0 May 6, 2016

#18 in #hostname

Download history 382/week @ 2023-11-23 187/week @ 2023-11-30 303/week @ 2023-12-07 458/week @ 2023-12-14 285/week @ 2023-12-21 272/week @ 2023-12-28 264/week @ 2024-01-04 414/week @ 2024-01-11 342/week @ 2024-01-18 278/week @ 2024-01-25 164/week @ 2024-02-01 451/week @ 2024-02-08 569/week @ 2024-02-15 454/week @ 2024-02-22 470/week @ 2024-02-29 390/week @ 2024-03-07

1,933 downloads per month
Used in 9 crates (2 directly)

MIT/Apache

20KB
355 lines

rust-openssl-verify

Build Status

Documentation

Hostname verification for OpenSSL.

OpenSSL up until version 1.1.0 did not support verification that the certificate a server presents matches the domain a client is connecting to. This check is crucial, as an attacker otherwise needs only to obtain a legitimately signed certificate to some domain to execute a man-in-the-middle attack.

The implementation in this crate is based off of libcurl's.


lib.rs:

Hostname verification for OpenSSL.

OpenSSL up until version 1.1.0 did not support verification that the certificate a server presents matches the domain a client is connecting to. This check is crucial, as an attacker otherwise needs only to obtain a legitimately signed certificate to some domain to execute a man-in-the-middle attack.

The implementation in this crate is based off of libcurl's.

Examples

In most cases, the verify_callback function should be used in OpenSSL's verification callback:

extern crate openssl;
extern crate openssl_verify;

use std::net::TcpStream;
use openssl::ssl::{SslContext, SslMethod, SslStream, SSL_VERIFY_PEER, IntoSsl};
use openssl_verify::verify_callback;

let domain = "google.com";
let stream = TcpStream::connect((domain, 443)).unwrap();

let mut ctx = SslContext::new(SslMethod::Sslv23).unwrap();
ctx.set_default_verify_paths().unwrap();

let mut ssl = ctx.into_ssl().unwrap();
let domain = domain.to_owned();
ssl.set_verify_callback(SSL_VERIFY_PEER, move |p, x| verify_callback(&domain, p, x));

let ssl_stream = SslStream::connect(ssl, stream).unwrap();

Dependencies

~1.7–3MB
~67K SLoC