From 37cf57d450cf6ebfeb48d1bf0ac5ce0fc8371ed8 Mon Sep 17 00:00:00 2001 From: Simon Buttgereit Date: Fri, 17 May 2024 15:58:05 +0200 Subject: [PATCH 01/11] new x509d2i error --- openssl/src/error.rs | 44 +++++++++++++++++++ openssl/src/x509/mod.rs | 90 ++++++++++++++++++++++++++------------- openssl/src/x509/tests.rs | 18 +++++--- 3 files changed, 116 insertions(+), 36 deletions(-) diff --git a/openssl/src/error.rs b/openssl/src/error.rs index e097ce6881..453454dcb8 100644 --- a/openssl/src/error.rs +++ b/openssl/src/error.rs @@ -23,6 +23,7 @@ use std::convert::TryInto; use std::error; use std::ffi::CStr; use std::fmt; +use std::fmt::Formatter; use std::io; use std::ptr; use std::str; @@ -399,6 +400,49 @@ cfg_if! { } } +pub enum X509D2iError { + InternalOpenSSLError(ErrorStack), + ExtensionNotFoundError, + ExtensionUnambiguousError, +} + +impl X509D2iError { + pub fn internal_openssl_error(error: ErrorStack) -> Self { + Self::InternalOpenSSLError(error) + } + + pub fn extension_not_found_error() -> Self { + Self::ExtensionNotFoundError + } + + pub fn extension_unambiguous_error() -> Self { + Self::ExtensionUnambiguousError + } + + fn format(&self, fmt: &mut Formatter<'_>) -> fmt::Result { + match self { + Self::InternalOpenSSLError(stack) => + write!(fmt, "Error: Could not get X509 extension; {}", stack), + Self::ExtensionNotFoundError => + write!(fmt, "Error: Could not get X509 extension; Reason: Could not find any matching extension."), + Self::ExtensionUnambiguousError => + write!(fmt, "Error: Could not get X509 extension; Reason: Tried to read on extension, but found multiple."), + } + } +} + +impl fmt::Debug for X509D2iError { + fn fmt(&self, fmt: &mut Formatter<'_>) -> fmt::Result { + self.format(fmt) + } +} + +impl fmt::Display for X509D2iError { + fn fmt(&self, fmt: &mut Formatter<'_>) -> fmt::Result { + self.format(fmt) + } +} + #[cfg(test)] mod tests { #[cfg(not(ossl310))] diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index a64524cbea..b1cc3aa091 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -29,7 +29,7 @@ use crate::asn1::{ }; use crate::bio::MemBioSlice; use crate::conf::ConfRef; -use crate::error::ErrorStack; +use crate::error::{ErrorStack, X509D2iError}; use crate::ex_data::Index; use crate::hash::{DigestBytes, MessageDigest}; use crate::nid::Nid; @@ -419,63 +419,85 @@ impl X509Ref { ffi::X509_issuer_name_hash(self.as_ptr()) as u32 } } + fn create_d2i_result(critical: i32, out: Option) -> Result { + match (critical, out) { + (0 | 1, Some(out)) => Ok(out), + // -1 means the extension wasn't found, -2 means multiple were found. + (-1, _) => Err(X509D2iError::extension_not_found_error()), + (-2, _) => Err(X509D2iError::extension_unambiguous_error()), + // A critical value of 0 or 1 suggests success, but a null pointer + // was returned so something went wrong. + (0 | 1, None) => Err(X509D2iError::internal_openssl_error(ErrorStack::get())), + (c_int::MIN..=-2 | 2.., _) => panic!("OpenSSL should only return -2, -1, 0, or 1 for an extension's criticality but it returned {}", critical), + } + } /// Returns this certificate's subject alternative name entries, if they exist. #[corresponds(X509_get_ext_d2i)] - pub fn subject_alt_names(&self) -> Option> { - unsafe { + pub fn subject_alt_names(&self) -> Result, X509D2iError> { + let mut critical = -1; + let out = unsafe { let stack = ffi::X509_get_ext_d2i( self.as_ptr(), ffi::NID_subject_alt_name, - ptr::null_mut(), + &mut critical as *mut _, ptr::null_mut(), ); Stack::from_ptr_opt(stack as *mut _) - } + }; + + Self::create_d2i_result(critical, out) } /// Returns this certificate's CRL distribution points, if they exist. #[corresponds(X509_get_ext_d2i)] - pub fn crl_distribution_points(&self) -> Option> { - unsafe { + pub fn crl_distribution_points(&self) -> Result, X509D2iError> { + let mut critical = -1; + let out = unsafe { let stack = ffi::X509_get_ext_d2i( self.as_ptr(), ffi::NID_crl_distribution_points, - ptr::null_mut(), + &mut critical as *mut _, ptr::null_mut(), ); Stack::from_ptr_opt(stack as *mut _) - } + }; + + Self::create_d2i_result(critical, out) } /// Returns this certificate's issuer alternative name entries, if they exist. #[corresponds(X509_get_ext_d2i)] - pub fn issuer_alt_names(&self) -> Option> { - unsafe { + pub fn issuer_alt_names(&self) -> Result, X509D2iError> { + let mut critical = -1; + let out = unsafe { let stack = ffi::X509_get_ext_d2i( self.as_ptr(), ffi::NID_issuer_alt_name, - ptr::null_mut(), + &mut critical as *mut _, ptr::null_mut(), ); Stack::from_ptr_opt(stack as *mut _) - } + }; + Self::create_d2i_result(critical, out) } /// Returns this certificate's [`authority information access`] entries, if they exist. /// /// [`authority information access`]: https://tools.ietf.org/html/rfc5280#section-4.2.2.1 #[corresponds(X509_get_ext_d2i)] - pub fn authority_info(&self) -> Option> { - unsafe { + pub fn authority_info(&self) -> Result, X509D2iError> { + let mut critical = -1; + let out = unsafe { let stack = ffi::X509_get_ext_d2i( self.as_ptr(), ffi::NID_info_access, - ptr::null_mut(), + &mut critical as *mut _, ptr::null_mut(), ); Stack::from_ptr_opt(stack as *mut _) - } + }; + Self::create_d2i_result(critical, out) } /// Retrieves the path length extension from a certificate, if it exists. @@ -814,9 +836,15 @@ impl fmt::Debug for X509 { debug_struct.field("signature_algorithm", &self.signature_algorithm().object()); debug_struct.field("issuer", &self.issuer_name()); debug_struct.field("subject", &self.subject_name()); - if let Some(subject_alt_names) = &self.subject_alt_names() { - debug_struct.field("subject_alt_names", subject_alt_names); - } + match &self.subject_alt_names() { + Ok(subject_alt_names) => { + debug_struct.field("subject_alt_names", subject_alt_names); + }, + Err(X509D2iError::ExtensionNotFoundError) => { + // found nothing, but this is ok + }, + Err(e) => panic!("{}", e), + }; debug_struct.field("not_before", &self.not_before()); debug_struct.field("not_after", &self.not_after()); @@ -1711,7 +1739,7 @@ impl X509RevokedRef { /// /// This returns None if the extension is not present or occurs multiple times. #[corresponds(X509_REVOKED_get_ext_d2i)] - pub fn extension(&self) -> Result, ErrorStack> { + pub fn extension(&self) -> Result<(bool, T::Output), X509D2iError> { let mut critical = -1; let out = unsafe { // SAFETY: self.as_ptr() is a valid pointer to an X509_REVOKED. @@ -1726,13 +1754,14 @@ impl X509RevokedRef { T::Output::from_ptr_opt(ext as *mut _) }; match (critical, out) { - (0, Some(out)) => Ok(Some((false, out))), - (1, Some(out)) => Ok(Some((true, out))), + (0, Some(out)) => Ok((false, out)), + (1, Some(out)) => Ok((true, out)), // -1 means the extension wasn't found, -2 means multiple were found. - (-1 | -2, _) => Ok(None), + (-1, _) => Err(X509D2iError::extension_not_found_error()), + (-2, _) => Err(X509D2iError::extension_unambiguous_error()), // A critical value of 0 or 1 suggests success, but a null pointer // was returned so something went wrong. - (0 | 1, None) => Err(ErrorStack::get()), + (0 | 1, None) => Err(X509D2iError::internal_openssl_error(ErrorStack::get())), (c_int::MIN..=-2 | 2.., _) => panic!("OpenSSL should only return -2, -1, 0, or 1 for an extension's criticality but it returned {}", critical), } } @@ -1947,7 +1976,7 @@ impl X509CrlRef { /// /// This returns None if the extension is not present or occurs multiple times. #[corresponds(X509_CRL_get_ext_d2i)] - pub fn extension(&self) -> Result, ErrorStack> { + pub fn extension(&self) -> Result<(bool, T::Output), X509D2iError> { let mut critical = -1; let out = unsafe { // SAFETY: self.as_ptr() is a valid pointer to an X509_CRL. @@ -1962,13 +1991,14 @@ impl X509CrlRef { T::Output::from_ptr_opt(ext as *mut _) }; match (critical, out) { - (0, Some(out)) => Ok(Some((false, out))), - (1, Some(out)) => Ok(Some((true, out))), + (0, Some(out)) => Ok((false, out)), + (1, Some(out)) => Ok((true, out)), // -1 means the extension wasn't found, -2 means multiple were found. - (-1 | -2, _) => Ok(None), + (-1, _) => Err(X509D2iError::extension_not_found_error()), + (-2, _) => Err(X509D2iError::extension_unambiguous_error()), // A critical value of 0 or 1 suggests success, but a null pointer // was returned so something went wrong. - (0 | 1, None) => Err(ErrorStack::get()), + (0 | 1, None) => Err(X509D2iError::internal_openssl_error(ErrorStack::get())), (c_int::MIN..=-2 | 2.., _) => panic!("OpenSSL should only return -2, -1, 0, or 1 for an extension's criticality but it returned {}", critical), } } diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index 25c2da0125..de1a898e46 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -33,6 +33,7 @@ use foreign_types::ForeignType; use hex::{self, FromHex}; #[cfg(any(ossl102, boringssl, libressl261))] use libc::time_t; +use crate::error::X509D2iError; use super::{AuthorityInformationAccess, CertificateIssuer, ReasonCode}; @@ -280,7 +281,11 @@ fn test_aia_ca_issuer() { // Without AIA let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); - assert!(cert.authority_info().is_none()); + match cert.authority_info() { + Ok(_) => assert!(false, "Should not find dist point"), + Err(X509D2iError::ExtensionNotFoundError) => {/* ok */}, + Err(e) => assert!(false, "Wrong error: {}", e) + } } #[test] @@ -703,8 +708,7 @@ fn test_crl_entry_extensions() { let (critical, access_info) = crl .extension::() - .unwrap() - .expect("Authority Information Access extension should be present"); + .unwrap(); assert!( !critical, "Authority Information Access extension is not critical" @@ -724,7 +728,6 @@ fn test_crl_entry_extensions() { let (critical, issuer) = entry .extension::() - .unwrap() .expect("Certificate issuer extension should be present"); assert!(critical, "Certificate issuer extension is critical"); assert_eq!(issuer.len(), 1, "Certificate issuer should have one entry"); @@ -740,7 +743,6 @@ fn test_crl_entry_extensions() { #[allow(unused_variables)] let (critical, reason_code) = entry .extension::() - .unwrap() .expect("Reason code extension should be present"); assert!(!critical, "Reason code extension is not critical"); #[cfg(ossl110)] @@ -1175,7 +1177,11 @@ fn test_dist_point() { fn test_dist_point_null() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); - assert!(cert.crl_distribution_points().is_none()); + match cert.crl_distribution_points() { + Ok(_) => assert!(false, "Should not find dist point"), + Err(X509D2iError::ExtensionNotFoundError) => {/* ok */}, + Err(e) => assert!(false, "Wrong error: {}", e) + } } #[test] From 8b2450ff6cd88fbb8a4b0310dfdd878bc6384174 Mon Sep 17 00:00:00 2001 From: Simon Buttgereit Date: Fri, 17 May 2024 16:03:40 +0200 Subject: [PATCH 02/11] fmt --- openssl/src/x509/mod.rs | 4 ++-- openssl/src/x509/tests.rs | 14 ++++++-------- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index b1cc3aa091..641ebf0f65 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -839,10 +839,10 @@ impl fmt::Debug for X509 { match &self.subject_alt_names() { Ok(subject_alt_names) => { debug_struct.field("subject_alt_names", subject_alt_names); - }, + } Err(X509D2iError::ExtensionNotFoundError) => { // found nothing, but this is ok - }, + } Err(e) => panic!("{}", e), }; debug_struct.field("not_before", &self.not_before()); diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index de1a898e46..9f7c5015fb 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -28,12 +28,12 @@ use crate::x509::{ CrlStatus, X509Crl, X509Extension, X509Name, X509Req, X509StoreContext, X509VerifyResult, X509, }; +use crate::error::X509D2iError; #[cfg(ossl110)] use foreign_types::ForeignType; use hex::{self, FromHex}; #[cfg(any(ossl102, boringssl, libressl261))] use libc::time_t; -use crate::error::X509D2iError; use super::{AuthorityInformationAccess, CertificateIssuer, ReasonCode}; @@ -283,8 +283,8 @@ fn test_aia_ca_issuer() { let cert = X509::from_pem(cert).unwrap(); match cert.authority_info() { Ok(_) => assert!(false, "Should not find dist point"), - Err(X509D2iError::ExtensionNotFoundError) => {/* ok */}, - Err(e) => assert!(false, "Wrong error: {}", e) + Err(X509D2iError::ExtensionNotFoundError) => { /* ok */ } + Err(e) => assert!(false, "Wrong error: {}", e), } } @@ -706,9 +706,7 @@ fn test_crl_entry_extensions() { let crl = include_bytes!("../../test/entry_extensions.crl"); let crl = X509Crl::from_pem(crl).unwrap(); - let (critical, access_info) = crl - .extension::() - .unwrap(); + let (critical, access_info) = crl.extension::().unwrap(); assert!( !critical, "Authority Information Access extension is not critical" @@ -1179,8 +1177,8 @@ fn test_dist_point_null() { let cert = X509::from_pem(cert).unwrap(); match cert.crl_distribution_points() { Ok(_) => assert!(false, "Should not find dist point"), - Err(X509D2iError::ExtensionNotFoundError) => {/* ok */}, - Err(e) => assert!(false, "Wrong error: {}", e) + Err(X509D2iError::ExtensionNotFoundError) => { /* ok */ } + Err(e) => assert!(false, "Wrong error: {}", e), } } From 057ca341caa0acd497ea8b4fad6bf45b9587a9fc Mon Sep 17 00:00:00 2001 From: Simon Buttgereit Date: Fri, 17 May 2024 16:07:04 +0200 Subject: [PATCH 03/11] clippy --- openssl/src/x509/tests.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index 9f7c5015fb..a15ea64995 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -282,9 +282,9 @@ fn test_aia_ca_issuer() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); match cert.authority_info() { - Ok(_) => assert!(false, "Should not find dist point"), + Ok(_) => panic!("Should not find dist point"), Err(X509D2iError::ExtensionNotFoundError) => { /* ok */ } - Err(e) => assert!(false, "Wrong error: {}", e), + Err(e) => panic!("Wrong error: {}", e), } } @@ -1176,9 +1176,9 @@ fn test_dist_point_null() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); match cert.crl_distribution_points() { - Ok(_) => assert!(false, "Should not find dist point"), + Ok(_) => panic!("Should not find dist point"), Err(X509D2iError::ExtensionNotFoundError) => { /* ok */ } - Err(e) => assert!(false, "Wrong error: {}", e), + Err(e) => panic!("Wrong error: {}", e), } } From 29e4cce2c31f4b9470628532654dda733b7effea Mon Sep 17 00:00:00 2001 From: Simon Buttgereit Date: Fri, 17 May 2024 16:20:21 +0200 Subject: [PATCH 04/11] fixes for other configurations --- openssl/src/ssl/connector.rs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs index 66d1bd8939..c1898f3e32 100644 --- a/openssl/src/ssl/connector.rs +++ b/openssl/src/ssl/connector.rs @@ -460,8 +460,9 @@ cfg_if! { fn verify_hostname(domain: &str, cert: &X509Ref) -> bool { match cert.subject_alt_names() { - Some(names) => verify_subject_alt_names(domain, names), - None => verify_subject_name(domain, &cert.subject_name()), + Ok(names) => verify_subject_alt_names(domain, names), + Err(X509D2iError::extension_not_found_error) => verify_subject_name(domain, &cert.subject_name()), + Err(e) => panic!("Error when fetching alt names from certificate: {}", e), } } From 1af1a27a51898683583700d69e97544911a10d31 Mon Sep 17 00:00:00 2001 From: Simon Buttgereit Date: Fri, 17 May 2024 16:26:00 +0200 Subject: [PATCH 05/11] add missing include --- openssl/src/ssl/connector.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs index c1898f3e32..28d3fdd0ae 100644 --- a/openssl/src/ssl/connector.rs +++ b/openssl/src/ssl/connector.rs @@ -6,6 +6,8 @@ use crate::dh::Dh; use crate::error::ErrorStack; #[cfg(any(ossl111, libressl340))] use crate::ssl::SslVersion; +#[cfg(any(ossl111, libressl340))] +use crate::error::X509D2iError; use crate::ssl::{ HandshakeError, Ssl, SslContext, SslContextBuilder, SslContextRef, SslMethod, SslMode, SslOptions, SslRef, SslStream, SslVerifyMode, From 121ae76e3cd7d6c8ddf4885ad16196bdfa2f3322 Mon Sep 17 00:00:00 2001 From: Simon Buttgereit Date: Fri, 17 May 2024 16:35:19 +0200 Subject: [PATCH 06/11] fix conditions on includes --- openssl/src/ssl/connector.rs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs index 28d3fdd0ae..cc16143735 100644 --- a/openssl/src/ssl/connector.rs +++ b/openssl/src/ssl/connector.rs @@ -4,10 +4,11 @@ use std::ops::{Deref, DerefMut}; use crate::dh::Dh; use crate::error::ErrorStack; +#[cfg(not(ossl111))] +#[cfg(not(libressl340))] +use crate::error::X509D2iError; #[cfg(any(ossl111, libressl340))] use crate::ssl::SslVersion; -#[cfg(any(ossl111, libressl340))] -use crate::error::X509D2iError; use crate::ssl::{ HandshakeError, Ssl, SslContext, SslContextBuilder, SslContextRef, SslMethod, SslMode, SslOptions, SslRef, SslStream, SslVerifyMode, From bc86ae8c413fd157f0ba857ab5fd3c8f68bb652c Mon Sep 17 00:00:00 2001 From: Simon Buttgereit Date: Tue, 21 May 2024 08:56:36 +0200 Subject: [PATCH 07/11] fix cfg macros for includes --- openssl/src/ssl/connector.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs index cc16143735..a47fa9a152 100644 --- a/openssl/src/ssl/connector.rs +++ b/openssl/src/ssl/connector.rs @@ -4,8 +4,8 @@ use std::ops::{Deref, DerefMut}; use crate::dh::Dh; use crate::error::ErrorStack; -#[cfg(not(ossl111))] -#[cfg(not(libressl340))] +#[cfg(not(ossl102))] +#[cfg(not(libressl261))] use crate::error::X509D2iError; #[cfg(any(ossl111, libressl340))] use crate::ssl::SslVersion; From f4f3e85bd01279921e02de9e85afbbfe80cc6a49 Mon Sep 17 00:00:00 2001 From: Simon Buttgereit Date: Tue, 21 May 2024 10:09:05 +0200 Subject: [PATCH 08/11] fix more includes --- openssl/src/ssl/connector.rs | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs index a47fa9a152..72f06edb20 100644 --- a/openssl/src/ssl/connector.rs +++ b/openssl/src/ssl/connector.rs @@ -4,9 +4,6 @@ use std::ops::{Deref, DerefMut}; use crate::dh::Dh; use crate::error::ErrorStack; -#[cfg(not(ossl102))] -#[cfg(not(libressl261))] -use crate::error::X509D2iError; #[cfg(any(ossl111, libressl340))] use crate::ssl::SslVersion; use crate::ssl::{ @@ -420,7 +417,7 @@ cfg_if! { use std::str; use once_cell::sync::OnceCell; - use crate::error::ErrorStack; + use crate::error::{ErrorStack, X509D2iError}; use crate::ex_data::Index; use crate::nid::Nid; use crate::ssl::Ssl; @@ -464,7 +461,7 @@ cfg_if! { fn verify_hostname(domain: &str, cert: &X509Ref) -> bool { match cert.subject_alt_names() { Ok(names) => verify_subject_alt_names(domain, names), - Err(X509D2iError::extension_not_found_error) => verify_subject_name(domain, &cert.subject_name()), + Err(X509D2iError::ExtensionNotFoundError) => verify_subject_name(domain, &cert.subject_name()), Err(e) => panic!("Error when fetching alt names from certificate: {}", e), } } From c763bef8b7b820d5b08073255bffd70e8d9066f6 Mon Sep 17 00:00:00 2001 From: Simon Buttgereit Date: Wed, 29 May 2024 08:25:52 +0200 Subject: [PATCH 09/11] Apply suggestions from code review Co-authored-by: Theo Buehler --- openssl/src/error.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/openssl/src/error.rs b/openssl/src/error.rs index 453454dcb8..5175fe7b5d 100644 --- a/openssl/src/error.rs +++ b/openssl/src/error.rs @@ -403,7 +403,7 @@ cfg_if! { pub enum X509D2iError { InternalOpenSSLError(ErrorStack), ExtensionNotFoundError, - ExtensionUnambiguousError, + ExtensionAmbiguousError, } impl X509D2iError { @@ -415,7 +415,7 @@ impl X509D2iError { Self::ExtensionNotFoundError } - pub fn extension_unambiguous_error() -> Self { + pub fn extension_ambiguous_error() -> Self { Self::ExtensionUnambiguousError } @@ -426,7 +426,7 @@ impl X509D2iError { Self::ExtensionNotFoundError => write!(fmt, "Error: Could not get X509 extension; Reason: Could not find any matching extension."), Self::ExtensionUnambiguousError => - write!(fmt, "Error: Could not get X509 extension; Reason: Tried to read on extension, but found multiple."), + write!(fmt, "Error: Could not get X509 extension; Reason: Tried to read an extension, but found multiple."), } } } From 3c6cfbcf3335eb7bf8fd6efa60b377299fa2d048 Mon Sep 17 00:00:00 2001 From: Simon Buttgereit Date: Wed, 29 May 2024 08:31:20 +0200 Subject: [PATCH 10/11] fixes that result from suggested changes --- openssl/src/error.rs | 4 ++-- openssl/src/x509/mod.rs | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/openssl/src/error.rs b/openssl/src/error.rs index 5175fe7b5d..aae2f140b6 100644 --- a/openssl/src/error.rs +++ b/openssl/src/error.rs @@ -416,7 +416,7 @@ impl X509D2iError { } pub fn extension_ambiguous_error() -> Self { - Self::ExtensionUnambiguousError + Self::ExtensionAmbiguousError } fn format(&self, fmt: &mut Formatter<'_>) -> fmt::Result { @@ -425,7 +425,7 @@ impl X509D2iError { write!(fmt, "Error: Could not get X509 extension; {}", stack), Self::ExtensionNotFoundError => write!(fmt, "Error: Could not get X509 extension; Reason: Could not find any matching extension."), - Self::ExtensionUnambiguousError => + Self::ExtensionAmbiguousError => write!(fmt, "Error: Could not get X509 extension; Reason: Tried to read an extension, but found multiple."), } } diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 641ebf0f65..0438c4fa57 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -424,7 +424,7 @@ impl X509Ref { (0 | 1, Some(out)) => Ok(out), // -1 means the extension wasn't found, -2 means multiple were found. (-1, _) => Err(X509D2iError::extension_not_found_error()), - (-2, _) => Err(X509D2iError::extension_unambiguous_error()), + (-2, _) => Err(X509D2iError::extension_ambiguous_error()), // A critical value of 0 or 1 suggests success, but a null pointer // was returned so something went wrong. (0 | 1, None) => Err(X509D2iError::internal_openssl_error(ErrorStack::get())), @@ -1758,7 +1758,7 @@ impl X509RevokedRef { (1, Some(out)) => Ok((true, out)), // -1 means the extension wasn't found, -2 means multiple were found. (-1, _) => Err(X509D2iError::extension_not_found_error()), - (-2, _) => Err(X509D2iError::extension_unambiguous_error()), + (-2, _) => Err(X509D2iError::extension_ambiguous_error()), // A critical value of 0 or 1 suggests success, but a null pointer // was returned so something went wrong. (0 | 1, None) => Err(X509D2iError::internal_openssl_error(ErrorStack::get())), @@ -1995,7 +1995,7 @@ impl X509CrlRef { (1, Some(out)) => Ok((true, out)), // -1 means the extension wasn't found, -2 means multiple were found. (-1, _) => Err(X509D2iError::extension_not_found_error()), - (-2, _) => Err(X509D2iError::extension_unambiguous_error()), + (-2, _) => Err(X509D2iError::extension_ambiguous_error()), // A critical value of 0 or 1 suggests success, but a null pointer // was returned so something went wrong. (0 | 1, None) => Err(X509D2iError::internal_openssl_error(ErrorStack::get())), From 70d5071fe3c9918c5a7b3e7385fe6985103c8b3b Mon Sep 17 00:00:00 2001 From: Simon Buttgereit Date: Wed, 29 May 2024 12:50:29 +0200 Subject: [PATCH 11/11] Empty commit to trigger pipeline