| <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="Source of the Rust file `/root/.cargo/registry/src/github.com-1ecc6299db9ec823/openssl-0.10.54/src/x509/mod.rs`."><meta name="keywords" content="rust, rustlang, rust-lang"><title>mod.rs - source</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" href="../../../normalize.css"><link rel="stylesheet" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" href="../../../ayu.css" disabled><link rel="stylesheet" href="../../../dark.css" disabled><link rel="stylesheet" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../source-script.js"></script><script defer src="../../../source-files.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc source"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="sidebar"><a class="sidebar-logo" href="../../../openssl/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a></nav><main><div class="width-limiter"><nav class="sub"><a class="sub-logo-container" href="../../../openssl/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><a href="../../../help.html">?</a></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav><section id="main-content" class="content"><div class="example-wrap"><pre class="src-line-numbers"><span id="1">1</span> |
| <span id="2">2</span> |
| <span id="3">3</span> |
| <span id="4">4</span> |
| <span id="5">5</span> |
| <span id="6">6</span> |
| <span id="7">7</span> |
| <span id="8">8</span> |
| <span id="9">9</span> |
| <span id="10">10</span> |
| <span id="11">11</span> |
| <span id="12">12</span> |
| <span id="13">13</span> |
| <span id="14">14</span> |
| <span id="15">15</span> |
| <span id="16">16</span> |
| <span id="17">17</span> |
| <span id="18">18</span> |
| <span id="19">19</span> |
| <span id="20">20</span> |
| <span id="21">21</span> |
| <span id="22">22</span> |
| <span id="23">23</span> |
| <span id="24">24</span> |
| <span id="25">25</span> |
| <span id="26">26</span> |
| <span id="27">27</span> |
| <span id="28">28</span> |
| <span id="29">29</span> |
| <span id="30">30</span> |
| <span id="31">31</span> |
| <span id="32">32</span> |
| <span id="33">33</span> |
| <span id="34">34</span> |
| <span id="35">35</span> |
| <span id="36">36</span> |
| <span id="37">37</span> |
| <span id="38">38</span> |
| <span id="39">39</span> |
| <span id="40">40</span> |
| <span id="41">41</span> |
| <span id="42">42</span> |
| <span id="43">43</span> |
| <span id="44">44</span> |
| <span id="45">45</span> |
| <span id="46">46</span> |
| <span id="47">47</span> |
| <span id="48">48</span> |
| <span id="49">49</span> |
| <span id="50">50</span> |
| <span id="51">51</span> |
| <span id="52">52</span> |
| <span id="53">53</span> |
| <span id="54">54</span> |
| <span id="55">55</span> |
| <span id="56">56</span> |
| <span id="57">57</span> |
| <span id="58">58</span> |
| <span id="59">59</span> |
| <span id="60">60</span> |
| <span id="61">61</span> |
| <span id="62">62</span> |
| <span id="63">63</span> |
| <span id="64">64</span> |
| <span id="65">65</span> |
| <span id="66">66</span> |
| <span id="67">67</span> |
| <span id="68">68</span> |
| <span id="69">69</span> |
| <span id="70">70</span> |
| <span id="71">71</span> |
| <span id="72">72</span> |
| <span id="73">73</span> |
| <span id="74">74</span> |
| <span id="75">75</span> |
| <span id="76">76</span> |
| <span id="77">77</span> |
| <span id="78">78</span> |
| <span id="79">79</span> |
| <span id="80">80</span> |
| <span id="81">81</span> |
| <span id="82">82</span> |
| <span id="83">83</span> |
| <span id="84">84</span> |
| <span id="85">85</span> |
| <span id="86">86</span> |
| <span id="87">87</span> |
| <span id="88">88</span> |
| <span id="89">89</span> |
| <span id="90">90</span> |
| <span id="91">91</span> |
| <span id="92">92</span> |
| <span id="93">93</span> |
| <span id="94">94</span> |
| <span id="95">95</span> |
| <span id="96">96</span> |
| <span id="97">97</span> |
| <span id="98">98</span> |
| <span id="99">99</span> |
| <span id="100">100</span> |
| <span id="101">101</span> |
| <span id="102">102</span> |
| <span id="103">103</span> |
| <span id="104">104</span> |
| <span id="105">105</span> |
| <span id="106">106</span> |
| <span id="107">107</span> |
| <span id="108">108</span> |
| <span id="109">109</span> |
| <span id="110">110</span> |
| <span id="111">111</span> |
| <span id="112">112</span> |
| <span id="113">113</span> |
| <span id="114">114</span> |
| <span id="115">115</span> |
| <span id="116">116</span> |
| <span id="117">117</span> |
| <span id="118">118</span> |
| <span id="119">119</span> |
| <span id="120">120</span> |
| <span id="121">121</span> |
| <span id="122">122</span> |
| <span id="123">123</span> |
| <span id="124">124</span> |
| <span id="125">125</span> |
| <span id="126">126</span> |
| <span id="127">127</span> |
| <span id="128">128</span> |
| <span id="129">129</span> |
| <span id="130">130</span> |
| <span id="131">131</span> |
| <span id="132">132</span> |
| <span id="133">133</span> |
| <span id="134">134</span> |
| <span id="135">135</span> |
| <span id="136">136</span> |
| <span id="137">137</span> |
| <span id="138">138</span> |
| <span id="139">139</span> |
| <span id="140">140</span> |
| <span id="141">141</span> |
| <span id="142">142</span> |
| <span id="143">143</span> |
| <span id="144">144</span> |
| <span id="145">145</span> |
| <span id="146">146</span> |
| <span id="147">147</span> |
| <span id="148">148</span> |
| <span id="149">149</span> |
| <span id="150">150</span> |
| <span id="151">151</span> |
| <span id="152">152</span> |
| <span id="153">153</span> |
| <span id="154">154</span> |
| <span id="155">155</span> |
| <span id="156">156</span> |
| <span id="157">157</span> |
| <span id="158">158</span> |
| <span id="159">159</span> |
| <span id="160">160</span> |
| <span id="161">161</span> |
| <span id="162">162</span> |
| <span id="163">163</span> |
| <span id="164">164</span> |
| <span id="165">165</span> |
| <span id="166">166</span> |
| <span id="167">167</span> |
| <span id="168">168</span> |
| <span id="169">169</span> |
| <span id="170">170</span> |
| <span id="171">171</span> |
| <span id="172">172</span> |
| <span id="173">173</span> |
| <span id="174">174</span> |
| <span id="175">175</span> |
| <span id="176">176</span> |
| <span id="177">177</span> |
| <span id="178">178</span> |
| <span id="179">179</span> |
| <span id="180">180</span> |
| <span id="181">181</span> |
| <span id="182">182</span> |
| <span id="183">183</span> |
| <span id="184">184</span> |
| <span id="185">185</span> |
| <span id="186">186</span> |
| <span id="187">187</span> |
| <span id="188">188</span> |
| <span id="189">189</span> |
| <span id="190">190</span> |
| <span id="191">191</span> |
| <span id="192">192</span> |
| <span id="193">193</span> |
| <span id="194">194</span> |
| <span id="195">195</span> |
| <span id="196">196</span> |
| <span id="197">197</span> |
| <span id="198">198</span> |
| <span id="199">199</span> |
| <span id="200">200</span> |
| <span id="201">201</span> |
| <span id="202">202</span> |
| <span id="203">203</span> |
| <span id="204">204</span> |
| <span id="205">205</span> |
| <span id="206">206</span> |
| <span id="207">207</span> |
| <span id="208">208</span> |
| <span id="209">209</span> |
| <span id="210">210</span> |
| <span id="211">211</span> |
| <span id="212">212</span> |
| <span id="213">213</span> |
| <span id="214">214</span> |
| <span id="215">215</span> |
| <span id="216">216</span> |
| <span id="217">217</span> |
| <span id="218">218</span> |
| <span id="219">219</span> |
| <span id="220">220</span> |
| <span id="221">221</span> |
| <span id="222">222</span> |
| <span id="223">223</span> |
| <span id="224">224</span> |
| <span id="225">225</span> |
| <span id="226">226</span> |
| <span id="227">227</span> |
| <span id="228">228</span> |
| <span id="229">229</span> |
| <span id="230">230</span> |
| <span id="231">231</span> |
| <span id="232">232</span> |
| <span id="233">233</span> |
| <span id="234">234</span> |
| <span id="235">235</span> |
| <span id="236">236</span> |
| <span id="237">237</span> |
| <span id="238">238</span> |
| <span id="239">239</span> |
| <span id="240">240</span> |
| <span id="241">241</span> |
| <span id="242">242</span> |
| <span id="243">243</span> |
| <span id="244">244</span> |
| <span id="245">245</span> |
| <span id="246">246</span> |
| <span id="247">247</span> |
| <span id="248">248</span> |
| <span id="249">249</span> |
| <span id="250">250</span> |
| <span id="251">251</span> |
| <span id="252">252</span> |
| <span id="253">253</span> |
| <span id="254">254</span> |
| <span id="255">255</span> |
| <span id="256">256</span> |
| <span id="257">257</span> |
| <span id="258">258</span> |
| <span id="259">259</span> |
| <span id="260">260</span> |
| <span id="261">261</span> |
| <span id="262">262</span> |
| <span id="263">263</span> |
| <span id="264">264</span> |
| <span id="265">265</span> |
| <span id="266">266</span> |
| <span id="267">267</span> |
| <span id="268">268</span> |
| <span id="269">269</span> |
| <span id="270">270</span> |
| <span id="271">271</span> |
| <span id="272">272</span> |
| <span id="273">273</span> |
| <span id="274">274</span> |
| <span id="275">275</span> |
| <span id="276">276</span> |
| <span id="277">277</span> |
| <span id="278">278</span> |
| <span id="279">279</span> |
| <span id="280">280</span> |
| <span id="281">281</span> |
| <span id="282">282</span> |
| <span id="283">283</span> |
| <span id="284">284</span> |
| <span id="285">285</span> |
| <span id="286">286</span> |
| <span id="287">287</span> |
| <span id="288">288</span> |
| <span id="289">289</span> |
| <span id="290">290</span> |
| <span id="291">291</span> |
| <span id="292">292</span> |
| <span id="293">293</span> |
| <span id="294">294</span> |
| <span id="295">295</span> |
| <span id="296">296</span> |
| <span id="297">297</span> |
| <span id="298">298</span> |
| <span id="299">299</span> |
| <span id="300">300</span> |
| <span id="301">301</span> |
| <span id="302">302</span> |
| <span id="303">303</span> |
| <span id="304">304</span> |
| <span id="305">305</span> |
| <span id="306">306</span> |
| <span id="307">307</span> |
| <span id="308">308</span> |
| <span id="309">309</span> |
| <span id="310">310</span> |
| <span id="311">311</span> |
| <span id="312">312</span> |
| <span id="313">313</span> |
| <span id="314">314</span> |
| <span id="315">315</span> |
| <span id="316">316</span> |
| <span id="317">317</span> |
| <span id="318">318</span> |
| <span id="319">319</span> |
| <span id="320">320</span> |
| <span id="321">321</span> |
| <span id="322">322</span> |
| <span id="323">323</span> |
| <span id="324">324</span> |
| <span id="325">325</span> |
| <span id="326">326</span> |
| <span id="327">327</span> |
| <span id="328">328</span> |
| <span id="329">329</span> |
| <span id="330">330</span> |
| <span id="331">331</span> |
| <span id="332">332</span> |
| <span id="333">333</span> |
| <span id="334">334</span> |
| <span id="335">335</span> |
| <span id="336">336</span> |
| <span id="337">337</span> |
| <span id="338">338</span> |
| <span id="339">339</span> |
| <span id="340">340</span> |
| <span id="341">341</span> |
| <span id="342">342</span> |
| <span id="343">343</span> |
| <span id="344">344</span> |
| <span id="345">345</span> |
| <span id="346">346</span> |
| <span id="347">347</span> |
| <span id="348">348</span> |
| <span id="349">349</span> |
| <span id="350">350</span> |
| <span id="351">351</span> |
| <span id="352">352</span> |
| <span id="353">353</span> |
| <span id="354">354</span> |
| <span id="355">355</span> |
| <span id="356">356</span> |
| <span id="357">357</span> |
| <span id="358">358</span> |
| <span id="359">359</span> |
| <span id="360">360</span> |
| <span id="361">361</span> |
| <span id="362">362</span> |
| <span id="363">363</span> |
| <span id="364">364</span> |
| <span id="365">365</span> |
| <span id="366">366</span> |
| <span id="367">367</span> |
| <span id="368">368</span> |
| <span id="369">369</span> |
| <span id="370">370</span> |
| <span id="371">371</span> |
| <span id="372">372</span> |
| <span id="373">373</span> |
| <span id="374">374</span> |
| <span id="375">375</span> |
| <span id="376">376</span> |
| <span id="377">377</span> |
| <span id="378">378</span> |
| <span id="379">379</span> |
| <span id="380">380</span> |
| <span id="381">381</span> |
| <span id="382">382</span> |
| <span id="383">383</span> |
| <span id="384">384</span> |
| <span id="385">385</span> |
| <span id="386">386</span> |
| <span id="387">387</span> |
| <span id="388">388</span> |
| <span id="389">389</span> |
| <span id="390">390</span> |
| <span id="391">391</span> |
| <span id="392">392</span> |
| <span id="393">393</span> |
| <span id="394">394</span> |
| <span id="395">395</span> |
| <span id="396">396</span> |
| <span id="397">397</span> |
| <span id="398">398</span> |
| <span id="399">399</span> |
| <span id="400">400</span> |
| <span id="401">401</span> |
| <span id="402">402</span> |
| <span id="403">403</span> |
| <span id="404">404</span> |
| <span id="405">405</span> |
| <span id="406">406</span> |
| <span id="407">407</span> |
| <span id="408">408</span> |
| <span id="409">409</span> |
| <span id="410">410</span> |
| <span id="411">411</span> |
| <span id="412">412</span> |
| <span id="413">413</span> |
| <span id="414">414</span> |
| <span id="415">415</span> |
| <span id="416">416</span> |
| <span id="417">417</span> |
| <span id="418">418</span> |
| <span id="419">419</span> |
| <span id="420">420</span> |
| <span id="421">421</span> |
| <span id="422">422</span> |
| <span id="423">423</span> |
| <span id="424">424</span> |
| <span id="425">425</span> |
| <span id="426">426</span> |
| <span id="427">427</span> |
| <span id="428">428</span> |
| <span id="429">429</span> |
| <span id="430">430</span> |
| <span id="431">431</span> |
| <span id="432">432</span> |
| <span id="433">433</span> |
| <span id="434">434</span> |
| <span id="435">435</span> |
| <span id="436">436</span> |
| <span id="437">437</span> |
| <span id="438">438</span> |
| <span id="439">439</span> |
| <span id="440">440</span> |
| <span id="441">441</span> |
| <span id="442">442</span> |
| <span id="443">443</span> |
| <span id="444">444</span> |
| <span id="445">445</span> |
| <span id="446">446</span> |
| <span id="447">447</span> |
| <span id="448">448</span> |
| <span id="449">449</span> |
| <span id="450">450</span> |
| <span id="451">451</span> |
| <span id="452">452</span> |
| <span id="453">453</span> |
| <span id="454">454</span> |
| <span id="455">455</span> |
| <span id="456">456</span> |
| <span id="457">457</span> |
| <span id="458">458</span> |
| <span id="459">459</span> |
| <span id="460">460</span> |
| <span id="461">461</span> |
| <span id="462">462</span> |
| <span id="463">463</span> |
| <span id="464">464</span> |
| <span id="465">465</span> |
| <span id="466">466</span> |
| <span id="467">467</span> |
| <span id="468">468</span> |
| <span id="469">469</span> |
| <span id="470">470</span> |
| <span id="471">471</span> |
| <span id="472">472</span> |
| <span id="473">473</span> |
| <span id="474">474</span> |
| <span id="475">475</span> |
| <span id="476">476</span> |
| <span id="477">477</span> |
| <span id="478">478</span> |
| <span id="479">479</span> |
| <span id="480">480</span> |
| <span id="481">481</span> |
| <span id="482">482</span> |
| <span id="483">483</span> |
| <span id="484">484</span> |
| <span id="485">485</span> |
| <span id="486">486</span> |
| <span id="487">487</span> |
| <span id="488">488</span> |
| <span id="489">489</span> |
| <span id="490">490</span> |
| <span id="491">491</span> |
| <span id="492">492</span> |
| <span id="493">493</span> |
| <span id="494">494</span> |
| <span id="495">495</span> |
| <span id="496">496</span> |
| <span id="497">497</span> |
| <span id="498">498</span> |
| <span id="499">499</span> |
| <span id="500">500</span> |
| <span id="501">501</span> |
| <span id="502">502</span> |
| <span id="503">503</span> |
| <span id="504">504</span> |
| <span id="505">505</span> |
| <span id="506">506</span> |
| <span id="507">507</span> |
| <span id="508">508</span> |
| <span id="509">509</span> |
| <span id="510">510</span> |
| <span id="511">511</span> |
| <span id="512">512</span> |
| <span id="513">513</span> |
| <span id="514">514</span> |
| <span id="515">515</span> |
| <span id="516">516</span> |
| <span id="517">517</span> |
| <span id="518">518</span> |
| <span id="519">519</span> |
| <span id="520">520</span> |
| <span id="521">521</span> |
| <span id="522">522</span> |
| <span id="523">523</span> |
| <span id="524">524</span> |
| <span id="525">525</span> |
| <span id="526">526</span> |
| <span id="527">527</span> |
| <span id="528">528</span> |
| <span id="529">529</span> |
| <span id="530">530</span> |
| <span id="531">531</span> |
| <span id="532">532</span> |
| <span id="533">533</span> |
| <span id="534">534</span> |
| <span id="535">535</span> |
| <span id="536">536</span> |
| <span id="537">537</span> |
| <span id="538">538</span> |
| <span id="539">539</span> |
| <span id="540">540</span> |
| <span id="541">541</span> |
| <span id="542">542</span> |
| <span id="543">543</span> |
| <span id="544">544</span> |
| <span id="545">545</span> |
| <span id="546">546</span> |
| <span id="547">547</span> |
| <span id="548">548</span> |
| <span id="549">549</span> |
| <span id="550">550</span> |
| <span id="551">551</span> |
| <span id="552">552</span> |
| <span id="553">553</span> |
| <span id="554">554</span> |
| <span id="555">555</span> |
| <span id="556">556</span> |
| <span id="557">557</span> |
| <span id="558">558</span> |
| <span id="559">559</span> |
| <span id="560">560</span> |
| <span id="561">561</span> |
| <span id="562">562</span> |
| <span id="563">563</span> |
| <span id="564">564</span> |
| <span id="565">565</span> |
| <span id="566">566</span> |
| <span id="567">567</span> |
| <span id="568">568</span> |
| <span id="569">569</span> |
| <span id="570">570</span> |
| <span id="571">571</span> |
| <span id="572">572</span> |
| <span id="573">573</span> |
| <span id="574">574</span> |
| <span id="575">575</span> |
| <span id="576">576</span> |
| <span id="577">577</span> |
| <span id="578">578</span> |
| <span id="579">579</span> |
| <span id="580">580</span> |
| <span id="581">581</span> |
| <span id="582">582</span> |
| <span id="583">583</span> |
| <span id="584">584</span> |
| <span id="585">585</span> |
| <span id="586">586</span> |
| <span id="587">587</span> |
| <span id="588">588</span> |
| <span id="589">589</span> |
| <span id="590">590</span> |
| <span id="591">591</span> |
| <span id="592">592</span> |
| <span id="593">593</span> |
| <span id="594">594</span> |
| <span id="595">595</span> |
| <span id="596">596</span> |
| <span id="597">597</span> |
| <span id="598">598</span> |
| <span id="599">599</span> |
| <span id="600">600</span> |
| <span id="601">601</span> |
| <span id="602">602</span> |
| <span id="603">603</span> |
| <span id="604">604</span> |
| <span id="605">605</span> |
| <span id="606">606</span> |
| <span id="607">607</span> |
| <span id="608">608</span> |
| <span id="609">609</span> |
| <span id="610">610</span> |
| <span id="611">611</span> |
| <span id="612">612</span> |
| <span id="613">613</span> |
| <span id="614">614</span> |
| <span id="615">615</span> |
| <span id="616">616</span> |
| <span id="617">617</span> |
| <span id="618">618</span> |
| <span id="619">619</span> |
| <span id="620">620</span> |
| <span id="621">621</span> |
| <span id="622">622</span> |
| <span id="623">623</span> |
| <span id="624">624</span> |
| <span id="625">625</span> |
| <span id="626">626</span> |
| <span id="627">627</span> |
| <span id="628">628</span> |
| <span id="629">629</span> |
| <span id="630">630</span> |
| <span id="631">631</span> |
| <span id="632">632</span> |
| <span id="633">633</span> |
| <span id="634">634</span> |
| <span id="635">635</span> |
| <span id="636">636</span> |
| <span id="637">637</span> |
| <span id="638">638</span> |
| <span id="639">639</span> |
| <span id="640">640</span> |
| <span id="641">641</span> |
| <span id="642">642</span> |
| <span id="643">643</span> |
| <span id="644">644</span> |
| <span id="645">645</span> |
| <span id="646">646</span> |
| <span id="647">647</span> |
| <span id="648">648</span> |
| <span id="649">649</span> |
| <span id="650">650</span> |
| <span id="651">651</span> |
| <span id="652">652</span> |
| <span id="653">653</span> |
| <span id="654">654</span> |
| <span id="655">655</span> |
| <span id="656">656</span> |
| <span id="657">657</span> |
| <span id="658">658</span> |
| <span id="659">659</span> |
| <span id="660">660</span> |
| <span id="661">661</span> |
| <span id="662">662</span> |
| <span id="663">663</span> |
| <span id="664">664</span> |
| <span id="665">665</span> |
| <span id="666">666</span> |
| <span id="667">667</span> |
| <span id="668">668</span> |
| <span id="669">669</span> |
| <span id="670">670</span> |
| <span id="671">671</span> |
| <span id="672">672</span> |
| <span id="673">673</span> |
| <span id="674">674</span> |
| <span id="675">675</span> |
| <span id="676">676</span> |
| <span id="677">677</span> |
| <span id="678">678</span> |
| <span id="679">679</span> |
| <span id="680">680</span> |
| <span id="681">681</span> |
| <span id="682">682</span> |
| <span id="683">683</span> |
| <span id="684">684</span> |
| <span id="685">685</span> |
| <span id="686">686</span> |
| <span id="687">687</span> |
| <span id="688">688</span> |
| <span id="689">689</span> |
| <span id="690">690</span> |
| <span id="691">691</span> |
| <span id="692">692</span> |
| <span id="693">693</span> |
| <span id="694">694</span> |
| <span id="695">695</span> |
| <span id="696">696</span> |
| <span id="697">697</span> |
| <span id="698">698</span> |
| <span id="699">699</span> |
| <span id="700">700</span> |
| <span id="701">701</span> |
| <span id="702">702</span> |
| <span id="703">703</span> |
| <span id="704">704</span> |
| <span id="705">705</span> |
| <span id="706">706</span> |
| <span id="707">707</span> |
| <span id="708">708</span> |
| <span id="709">709</span> |
| <span id="710">710</span> |
| <span id="711">711</span> |
| <span id="712">712</span> |
| <span id="713">713</span> |
| <span id="714">714</span> |
| <span id="715">715</span> |
| <span id="716">716</span> |
| <span id="717">717</span> |
| <span id="718">718</span> |
| <span id="719">719</span> |
| <span id="720">720</span> |
| <span id="721">721</span> |
| <span id="722">722</span> |
| <span id="723">723</span> |
| <span id="724">724</span> |
| <span id="725">725</span> |
| <span id="726">726</span> |
| <span id="727">727</span> |
| <span id="728">728</span> |
| <span id="729">729</span> |
| <span id="730">730</span> |
| <span id="731">731</span> |
| <span id="732">732</span> |
| <span id="733">733</span> |
| <span id="734">734</span> |
| <span id="735">735</span> |
| <span id="736">736</span> |
| <span id="737">737</span> |
| <span id="738">738</span> |
| <span id="739">739</span> |
| <span id="740">740</span> |
| <span id="741">741</span> |
| <span id="742">742</span> |
| <span id="743">743</span> |
| <span id="744">744</span> |
| <span id="745">745</span> |
| <span id="746">746</span> |
| <span id="747">747</span> |
| <span id="748">748</span> |
| <span id="749">749</span> |
| <span id="750">750</span> |
| <span id="751">751</span> |
| <span id="752">752</span> |
| <span id="753">753</span> |
| <span id="754">754</span> |
| <span id="755">755</span> |
| <span id="756">756</span> |
| <span id="757">757</span> |
| <span id="758">758</span> |
| <span id="759">759</span> |
| <span id="760">760</span> |
| <span id="761">761</span> |
| <span id="762">762</span> |
| <span id="763">763</span> |
| <span id="764">764</span> |
| <span id="765">765</span> |
| <span id="766">766</span> |
| <span id="767">767</span> |
| <span id="768">768</span> |
| <span id="769">769</span> |
| <span id="770">770</span> |
| <span id="771">771</span> |
| <span id="772">772</span> |
| <span id="773">773</span> |
| <span id="774">774</span> |
| <span id="775">775</span> |
| <span id="776">776</span> |
| <span id="777">777</span> |
| <span id="778">778</span> |
| <span id="779">779</span> |
| <span id="780">780</span> |
| <span id="781">781</span> |
| <span id="782">782</span> |
| <span id="783">783</span> |
| <span id="784">784</span> |
| <span id="785">785</span> |
| <span id="786">786</span> |
| <span id="787">787</span> |
| <span id="788">788</span> |
| <span id="789">789</span> |
| <span id="790">790</span> |
| <span id="791">791</span> |
| <span id="792">792</span> |
| <span id="793">793</span> |
| <span id="794">794</span> |
| <span id="795">795</span> |
| <span id="796">796</span> |
| <span id="797">797</span> |
| <span id="798">798</span> |
| <span id="799">799</span> |
| <span id="800">800</span> |
| <span id="801">801</span> |
| <span id="802">802</span> |
| <span id="803">803</span> |
| <span id="804">804</span> |
| <span id="805">805</span> |
| <span id="806">806</span> |
| <span id="807">807</span> |
| <span id="808">808</span> |
| <span id="809">809</span> |
| <span id="810">810</span> |
| <span id="811">811</span> |
| <span id="812">812</span> |
| <span id="813">813</span> |
| <span id="814">814</span> |
| <span id="815">815</span> |
| <span id="816">816</span> |
| <span id="817">817</span> |
| <span id="818">818</span> |
| <span id="819">819</span> |
| <span id="820">820</span> |
| <span id="821">821</span> |
| <span id="822">822</span> |
| <span id="823">823</span> |
| <span id="824">824</span> |
| <span id="825">825</span> |
| <span id="826">826</span> |
| <span id="827">827</span> |
| <span id="828">828</span> |
| <span id="829">829</span> |
| <span id="830">830</span> |
| <span id="831">831</span> |
| <span id="832">832</span> |
| <span id="833">833</span> |
| <span id="834">834</span> |
| <span id="835">835</span> |
| <span id="836">836</span> |
| <span id="837">837</span> |
| <span id="838">838</span> |
| <span id="839">839</span> |
| <span id="840">840</span> |
| <span id="841">841</span> |
| <span id="842">842</span> |
| <span id="843">843</span> |
| <span id="844">844</span> |
| <span id="845">845</span> |
| <span id="846">846</span> |
| <span id="847">847</span> |
| <span id="848">848</span> |
| <span id="849">849</span> |
| <span id="850">850</span> |
| <span id="851">851</span> |
| <span id="852">852</span> |
| <span id="853">853</span> |
| <span id="854">854</span> |
| <span id="855">855</span> |
| <span id="856">856</span> |
| <span id="857">857</span> |
| <span id="858">858</span> |
| <span id="859">859</span> |
| <span id="860">860</span> |
| <span id="861">861</span> |
| <span id="862">862</span> |
| <span id="863">863</span> |
| <span id="864">864</span> |
| <span id="865">865</span> |
| <span id="866">866</span> |
| <span id="867">867</span> |
| <span id="868">868</span> |
| <span id="869">869</span> |
| <span id="870">870</span> |
| <span id="871">871</span> |
| <span id="872">872</span> |
| <span id="873">873</span> |
| <span id="874">874</span> |
| <span id="875">875</span> |
| <span id="876">876</span> |
| <span id="877">877</span> |
| <span id="878">878</span> |
| <span id="879">879</span> |
| <span id="880">880</span> |
| <span id="881">881</span> |
| <span id="882">882</span> |
| <span id="883">883</span> |
| <span id="884">884</span> |
| <span id="885">885</span> |
| <span id="886">886</span> |
| <span id="887">887</span> |
| <span id="888">888</span> |
| <span id="889">889</span> |
| <span id="890">890</span> |
| <span id="891">891</span> |
| <span id="892">892</span> |
| <span id="893">893</span> |
| <span id="894">894</span> |
| <span id="895">895</span> |
| <span id="896">896</span> |
| <span id="897">897</span> |
| <span id="898">898</span> |
| <span id="899">899</span> |
| <span id="900">900</span> |
| <span id="901">901</span> |
| <span id="902">902</span> |
| <span id="903">903</span> |
| <span id="904">904</span> |
| <span id="905">905</span> |
| <span id="906">906</span> |
| <span id="907">907</span> |
| <span id="908">908</span> |
| <span id="909">909</span> |
| <span id="910">910</span> |
| <span id="911">911</span> |
| <span id="912">912</span> |
| <span id="913">913</span> |
| <span id="914">914</span> |
| <span id="915">915</span> |
| <span id="916">916</span> |
| <span id="917">917</span> |
| <span id="918">918</span> |
| <span id="919">919</span> |
| <span id="920">920</span> |
| <span id="921">921</span> |
| <span id="922">922</span> |
| <span id="923">923</span> |
| <span id="924">924</span> |
| <span id="925">925</span> |
| <span id="926">926</span> |
| <span id="927">927</span> |
| <span id="928">928</span> |
| <span id="929">929</span> |
| <span id="930">930</span> |
| <span id="931">931</span> |
| <span id="932">932</span> |
| <span id="933">933</span> |
| <span id="934">934</span> |
| <span id="935">935</span> |
| <span id="936">936</span> |
| <span id="937">937</span> |
| <span id="938">938</span> |
| <span id="939">939</span> |
| <span id="940">940</span> |
| <span id="941">941</span> |
| <span id="942">942</span> |
| <span id="943">943</span> |
| <span id="944">944</span> |
| <span id="945">945</span> |
| <span id="946">946</span> |
| <span id="947">947</span> |
| <span id="948">948</span> |
| <span id="949">949</span> |
| <span id="950">950</span> |
| <span id="951">951</span> |
| <span id="952">952</span> |
| <span id="953">953</span> |
| <span id="954">954</span> |
| <span id="955">955</span> |
| <span id="956">956</span> |
| <span id="957">957</span> |
| <span id="958">958</span> |
| <span id="959">959</span> |
| <span id="960">960</span> |
| <span id="961">961</span> |
| <span id="962">962</span> |
| <span id="963">963</span> |
| <span id="964">964</span> |
| <span id="965">965</span> |
| <span id="966">966</span> |
| <span id="967">967</span> |
| <span id="968">968</span> |
| <span id="969">969</span> |
| <span id="970">970</span> |
| <span id="971">971</span> |
| <span id="972">972</span> |
| <span id="973">973</span> |
| <span id="974">974</span> |
| <span id="975">975</span> |
| <span id="976">976</span> |
| <span id="977">977</span> |
| <span id="978">978</span> |
| <span id="979">979</span> |
| <span id="980">980</span> |
| <span id="981">981</span> |
| <span id="982">982</span> |
| <span id="983">983</span> |
| <span id="984">984</span> |
| <span id="985">985</span> |
| <span id="986">986</span> |
| <span id="987">987</span> |
| <span id="988">988</span> |
| <span id="989">989</span> |
| <span id="990">990</span> |
| <span id="991">991</span> |
| <span id="992">992</span> |
| <span id="993">993</span> |
| <span id="994">994</span> |
| <span id="995">995</span> |
| <span id="996">996</span> |
| <span id="997">997</span> |
| <span id="998">998</span> |
| <span id="999">999</span> |
| <span id="1000">1000</span> |
| <span id="1001">1001</span> |
| <span id="1002">1002</span> |
| <span id="1003">1003</span> |
| <span id="1004">1004</span> |
| <span id="1005">1005</span> |
| <span id="1006">1006</span> |
| <span id="1007">1007</span> |
| <span id="1008">1008</span> |
| <span id="1009">1009</span> |
| <span id="1010">1010</span> |
| <span id="1011">1011</span> |
| <span id="1012">1012</span> |
| <span id="1013">1013</span> |
| <span id="1014">1014</span> |
| <span id="1015">1015</span> |
| <span id="1016">1016</span> |
| <span id="1017">1017</span> |
| <span id="1018">1018</span> |
| <span id="1019">1019</span> |
| <span id="1020">1020</span> |
| <span id="1021">1021</span> |
| <span id="1022">1022</span> |
| <span id="1023">1023</span> |
| <span id="1024">1024</span> |
| <span id="1025">1025</span> |
| <span id="1026">1026</span> |
| <span id="1027">1027</span> |
| <span id="1028">1028</span> |
| <span id="1029">1029</span> |
| <span id="1030">1030</span> |
| <span id="1031">1031</span> |
| <span id="1032">1032</span> |
| <span id="1033">1033</span> |
| <span id="1034">1034</span> |
| <span id="1035">1035</span> |
| <span id="1036">1036</span> |
| <span id="1037">1037</span> |
| <span id="1038">1038</span> |
| <span id="1039">1039</span> |
| <span id="1040">1040</span> |
| <span id="1041">1041</span> |
| <span id="1042">1042</span> |
| <span id="1043">1043</span> |
| <span id="1044">1044</span> |
| <span id="1045">1045</span> |
| <span id="1046">1046</span> |
| <span id="1047">1047</span> |
| <span id="1048">1048</span> |
| <span id="1049">1049</span> |
| <span id="1050">1050</span> |
| <span id="1051">1051</span> |
| <span id="1052">1052</span> |
| <span id="1053">1053</span> |
| <span id="1054">1054</span> |
| <span id="1055">1055</span> |
| <span id="1056">1056</span> |
| <span id="1057">1057</span> |
| <span id="1058">1058</span> |
| <span id="1059">1059</span> |
| <span id="1060">1060</span> |
| <span id="1061">1061</span> |
| <span id="1062">1062</span> |
| <span id="1063">1063</span> |
| <span id="1064">1064</span> |
| <span id="1065">1065</span> |
| <span id="1066">1066</span> |
| <span id="1067">1067</span> |
| <span id="1068">1068</span> |
| <span id="1069">1069</span> |
| <span id="1070">1070</span> |
| <span id="1071">1071</span> |
| <span id="1072">1072</span> |
| <span id="1073">1073</span> |
| <span id="1074">1074</span> |
| <span id="1075">1075</span> |
| <span id="1076">1076</span> |
| <span id="1077">1077</span> |
| <span id="1078">1078</span> |
| <span id="1079">1079</span> |
| <span id="1080">1080</span> |
| <span id="1081">1081</span> |
| <span id="1082">1082</span> |
| <span id="1083">1083</span> |
| <span id="1084">1084</span> |
| <span id="1085">1085</span> |
| <span id="1086">1086</span> |
| <span id="1087">1087</span> |
| <span id="1088">1088</span> |
| <span id="1089">1089</span> |
| <span id="1090">1090</span> |
| <span id="1091">1091</span> |
| <span id="1092">1092</span> |
| <span id="1093">1093</span> |
| <span id="1094">1094</span> |
| <span id="1095">1095</span> |
| <span id="1096">1096</span> |
| <span id="1097">1097</span> |
| <span id="1098">1098</span> |
| <span id="1099">1099</span> |
| <span id="1100">1100</span> |
| <span id="1101">1101</span> |
| <span id="1102">1102</span> |
| <span id="1103">1103</span> |
| <span id="1104">1104</span> |
| <span id="1105">1105</span> |
| <span id="1106">1106</span> |
| <span id="1107">1107</span> |
| <span id="1108">1108</span> |
| <span id="1109">1109</span> |
| <span id="1110">1110</span> |
| <span id="1111">1111</span> |
| <span id="1112">1112</span> |
| <span id="1113">1113</span> |
| <span id="1114">1114</span> |
| <span id="1115">1115</span> |
| <span id="1116">1116</span> |
| <span id="1117">1117</span> |
| <span id="1118">1118</span> |
| <span id="1119">1119</span> |
| <span id="1120">1120</span> |
| <span id="1121">1121</span> |
| <span id="1122">1122</span> |
| <span id="1123">1123</span> |
| <span id="1124">1124</span> |
| <span id="1125">1125</span> |
| <span id="1126">1126</span> |
| <span id="1127">1127</span> |
| <span id="1128">1128</span> |
| <span id="1129">1129</span> |
| <span id="1130">1130</span> |
| <span id="1131">1131</span> |
| <span id="1132">1132</span> |
| <span id="1133">1133</span> |
| <span id="1134">1134</span> |
| <span id="1135">1135</span> |
| <span id="1136">1136</span> |
| <span id="1137">1137</span> |
| <span id="1138">1138</span> |
| <span id="1139">1139</span> |
| <span id="1140">1140</span> |
| <span id="1141">1141</span> |
| <span id="1142">1142</span> |
| <span id="1143">1143</span> |
| <span id="1144">1144</span> |
| <span id="1145">1145</span> |
| <span id="1146">1146</span> |
| <span id="1147">1147</span> |
| <span id="1148">1148</span> |
| <span id="1149">1149</span> |
| <span id="1150">1150</span> |
| <span id="1151">1151</span> |
| <span id="1152">1152</span> |
| <span id="1153">1153</span> |
| <span id="1154">1154</span> |
| <span id="1155">1155</span> |
| <span id="1156">1156</span> |
| <span id="1157">1157</span> |
| <span id="1158">1158</span> |
| <span id="1159">1159</span> |
| <span id="1160">1160</span> |
| <span id="1161">1161</span> |
| <span id="1162">1162</span> |
| <span id="1163">1163</span> |
| <span id="1164">1164</span> |
| <span id="1165">1165</span> |
| <span id="1166">1166</span> |
| <span id="1167">1167</span> |
| <span id="1168">1168</span> |
| <span id="1169">1169</span> |
| <span id="1170">1170</span> |
| <span id="1171">1171</span> |
| <span id="1172">1172</span> |
| <span id="1173">1173</span> |
| <span id="1174">1174</span> |
| <span id="1175">1175</span> |
| <span id="1176">1176</span> |
| <span id="1177">1177</span> |
| <span id="1178">1178</span> |
| <span id="1179">1179</span> |
| <span id="1180">1180</span> |
| <span id="1181">1181</span> |
| <span id="1182">1182</span> |
| <span id="1183">1183</span> |
| <span id="1184">1184</span> |
| <span id="1185">1185</span> |
| <span id="1186">1186</span> |
| <span id="1187">1187</span> |
| <span id="1188">1188</span> |
| <span id="1189">1189</span> |
| <span id="1190">1190</span> |
| <span id="1191">1191</span> |
| <span id="1192">1192</span> |
| <span id="1193">1193</span> |
| <span id="1194">1194</span> |
| <span id="1195">1195</span> |
| <span id="1196">1196</span> |
| <span id="1197">1197</span> |
| <span id="1198">1198</span> |
| <span id="1199">1199</span> |
| <span id="1200">1200</span> |
| <span id="1201">1201</span> |
| <span id="1202">1202</span> |
| <span id="1203">1203</span> |
| <span id="1204">1204</span> |
| <span id="1205">1205</span> |
| <span id="1206">1206</span> |
| <span id="1207">1207</span> |
| <span id="1208">1208</span> |
| <span id="1209">1209</span> |
| <span id="1210">1210</span> |
| <span id="1211">1211</span> |
| <span id="1212">1212</span> |
| <span id="1213">1213</span> |
| <span id="1214">1214</span> |
| <span id="1215">1215</span> |
| <span id="1216">1216</span> |
| <span id="1217">1217</span> |
| <span id="1218">1218</span> |
| <span id="1219">1219</span> |
| <span id="1220">1220</span> |
| <span id="1221">1221</span> |
| <span id="1222">1222</span> |
| <span id="1223">1223</span> |
| <span id="1224">1224</span> |
| <span id="1225">1225</span> |
| <span id="1226">1226</span> |
| <span id="1227">1227</span> |
| <span id="1228">1228</span> |
| <span id="1229">1229</span> |
| <span id="1230">1230</span> |
| <span id="1231">1231</span> |
| <span id="1232">1232</span> |
| <span id="1233">1233</span> |
| <span id="1234">1234</span> |
| <span id="1235">1235</span> |
| <span id="1236">1236</span> |
| <span id="1237">1237</span> |
| <span id="1238">1238</span> |
| <span id="1239">1239</span> |
| <span id="1240">1240</span> |
| <span id="1241">1241</span> |
| <span id="1242">1242</span> |
| <span id="1243">1243</span> |
| <span id="1244">1244</span> |
| <span id="1245">1245</span> |
| <span id="1246">1246</span> |
| <span id="1247">1247</span> |
| <span id="1248">1248</span> |
| <span id="1249">1249</span> |
| <span id="1250">1250</span> |
| <span id="1251">1251</span> |
| <span id="1252">1252</span> |
| <span id="1253">1253</span> |
| <span id="1254">1254</span> |
| <span id="1255">1255</span> |
| <span id="1256">1256</span> |
| <span id="1257">1257</span> |
| <span id="1258">1258</span> |
| <span id="1259">1259</span> |
| <span id="1260">1260</span> |
| <span id="1261">1261</span> |
| <span id="1262">1262</span> |
| <span id="1263">1263</span> |
| <span id="1264">1264</span> |
| <span id="1265">1265</span> |
| <span id="1266">1266</span> |
| <span id="1267">1267</span> |
| <span id="1268">1268</span> |
| <span id="1269">1269</span> |
| <span id="1270">1270</span> |
| <span id="1271">1271</span> |
| <span id="1272">1272</span> |
| <span id="1273">1273</span> |
| <span id="1274">1274</span> |
| <span id="1275">1275</span> |
| <span id="1276">1276</span> |
| <span id="1277">1277</span> |
| <span id="1278">1278</span> |
| <span id="1279">1279</span> |
| <span id="1280">1280</span> |
| <span id="1281">1281</span> |
| <span id="1282">1282</span> |
| <span id="1283">1283</span> |
| <span id="1284">1284</span> |
| <span id="1285">1285</span> |
| <span id="1286">1286</span> |
| <span id="1287">1287</span> |
| <span id="1288">1288</span> |
| <span id="1289">1289</span> |
| <span id="1290">1290</span> |
| <span id="1291">1291</span> |
| <span id="1292">1292</span> |
| <span id="1293">1293</span> |
| <span id="1294">1294</span> |
| <span id="1295">1295</span> |
| <span id="1296">1296</span> |
| <span id="1297">1297</span> |
| <span id="1298">1298</span> |
| <span id="1299">1299</span> |
| <span id="1300">1300</span> |
| <span id="1301">1301</span> |
| <span id="1302">1302</span> |
| <span id="1303">1303</span> |
| <span id="1304">1304</span> |
| <span id="1305">1305</span> |
| <span id="1306">1306</span> |
| <span id="1307">1307</span> |
| <span id="1308">1308</span> |
| <span id="1309">1309</span> |
| <span id="1310">1310</span> |
| <span id="1311">1311</span> |
| <span id="1312">1312</span> |
| <span id="1313">1313</span> |
| <span id="1314">1314</span> |
| <span id="1315">1315</span> |
| <span id="1316">1316</span> |
| <span id="1317">1317</span> |
| <span id="1318">1318</span> |
| <span id="1319">1319</span> |
| <span id="1320">1320</span> |
| <span id="1321">1321</span> |
| <span id="1322">1322</span> |
| <span id="1323">1323</span> |
| <span id="1324">1324</span> |
| <span id="1325">1325</span> |
| <span id="1326">1326</span> |
| <span id="1327">1327</span> |
| <span id="1328">1328</span> |
| <span id="1329">1329</span> |
| <span id="1330">1330</span> |
| <span id="1331">1331</span> |
| <span id="1332">1332</span> |
| <span id="1333">1333</span> |
| <span id="1334">1334</span> |
| <span id="1335">1335</span> |
| <span id="1336">1336</span> |
| <span id="1337">1337</span> |
| <span id="1338">1338</span> |
| <span id="1339">1339</span> |
| <span id="1340">1340</span> |
| <span id="1341">1341</span> |
| <span id="1342">1342</span> |
| <span id="1343">1343</span> |
| <span id="1344">1344</span> |
| <span id="1345">1345</span> |
| <span id="1346">1346</span> |
| <span id="1347">1347</span> |
| <span id="1348">1348</span> |
| <span id="1349">1349</span> |
| <span id="1350">1350</span> |
| <span id="1351">1351</span> |
| <span id="1352">1352</span> |
| <span id="1353">1353</span> |
| <span id="1354">1354</span> |
| <span id="1355">1355</span> |
| <span id="1356">1356</span> |
| <span id="1357">1357</span> |
| <span id="1358">1358</span> |
| <span id="1359">1359</span> |
| <span id="1360">1360</span> |
| <span id="1361">1361</span> |
| <span id="1362">1362</span> |
| <span id="1363">1363</span> |
| <span id="1364">1364</span> |
| <span id="1365">1365</span> |
| <span id="1366">1366</span> |
| <span id="1367">1367</span> |
| <span id="1368">1368</span> |
| <span id="1369">1369</span> |
| <span id="1370">1370</span> |
| <span id="1371">1371</span> |
| <span id="1372">1372</span> |
| <span id="1373">1373</span> |
| <span id="1374">1374</span> |
| <span id="1375">1375</span> |
| <span id="1376">1376</span> |
| <span id="1377">1377</span> |
| <span id="1378">1378</span> |
| <span id="1379">1379</span> |
| <span id="1380">1380</span> |
| <span id="1381">1381</span> |
| <span id="1382">1382</span> |
| <span id="1383">1383</span> |
| <span id="1384">1384</span> |
| <span id="1385">1385</span> |
| <span id="1386">1386</span> |
| <span id="1387">1387</span> |
| <span id="1388">1388</span> |
| <span id="1389">1389</span> |
| <span id="1390">1390</span> |
| <span id="1391">1391</span> |
| <span id="1392">1392</span> |
| <span id="1393">1393</span> |
| <span id="1394">1394</span> |
| <span id="1395">1395</span> |
| <span id="1396">1396</span> |
| <span id="1397">1397</span> |
| <span id="1398">1398</span> |
| <span id="1399">1399</span> |
| <span id="1400">1400</span> |
| <span id="1401">1401</span> |
| <span id="1402">1402</span> |
| <span id="1403">1403</span> |
| <span id="1404">1404</span> |
| <span id="1405">1405</span> |
| <span id="1406">1406</span> |
| <span id="1407">1407</span> |
| <span id="1408">1408</span> |
| <span id="1409">1409</span> |
| <span id="1410">1410</span> |
| <span id="1411">1411</span> |
| <span id="1412">1412</span> |
| <span id="1413">1413</span> |
| <span id="1414">1414</span> |
| <span id="1415">1415</span> |
| <span id="1416">1416</span> |
| <span id="1417">1417</span> |
| <span id="1418">1418</span> |
| <span id="1419">1419</span> |
| <span id="1420">1420</span> |
| <span id="1421">1421</span> |
| <span id="1422">1422</span> |
| <span id="1423">1423</span> |
| <span id="1424">1424</span> |
| <span id="1425">1425</span> |
| <span id="1426">1426</span> |
| <span id="1427">1427</span> |
| <span id="1428">1428</span> |
| <span id="1429">1429</span> |
| <span id="1430">1430</span> |
| <span id="1431">1431</span> |
| <span id="1432">1432</span> |
| <span id="1433">1433</span> |
| <span id="1434">1434</span> |
| <span id="1435">1435</span> |
| <span id="1436">1436</span> |
| <span id="1437">1437</span> |
| <span id="1438">1438</span> |
| <span id="1439">1439</span> |
| <span id="1440">1440</span> |
| <span id="1441">1441</span> |
| <span id="1442">1442</span> |
| <span id="1443">1443</span> |
| <span id="1444">1444</span> |
| <span id="1445">1445</span> |
| <span id="1446">1446</span> |
| <span id="1447">1447</span> |
| <span id="1448">1448</span> |
| <span id="1449">1449</span> |
| <span id="1450">1450</span> |
| <span id="1451">1451</span> |
| <span id="1452">1452</span> |
| <span id="1453">1453</span> |
| <span id="1454">1454</span> |
| <span id="1455">1455</span> |
| <span id="1456">1456</span> |
| <span id="1457">1457</span> |
| <span id="1458">1458</span> |
| <span id="1459">1459</span> |
| <span id="1460">1460</span> |
| <span id="1461">1461</span> |
| <span id="1462">1462</span> |
| <span id="1463">1463</span> |
| <span id="1464">1464</span> |
| <span id="1465">1465</span> |
| <span id="1466">1466</span> |
| <span id="1467">1467</span> |
| <span id="1468">1468</span> |
| <span id="1469">1469</span> |
| <span id="1470">1470</span> |
| <span id="1471">1471</span> |
| <span id="1472">1472</span> |
| <span id="1473">1473</span> |
| <span id="1474">1474</span> |
| <span id="1475">1475</span> |
| <span id="1476">1476</span> |
| <span id="1477">1477</span> |
| <span id="1478">1478</span> |
| <span id="1479">1479</span> |
| <span id="1480">1480</span> |
| <span id="1481">1481</span> |
| <span id="1482">1482</span> |
| <span id="1483">1483</span> |
| <span id="1484">1484</span> |
| <span id="1485">1485</span> |
| <span id="1486">1486</span> |
| <span id="1487">1487</span> |
| <span id="1488">1488</span> |
| <span id="1489">1489</span> |
| <span id="1490">1490</span> |
| <span id="1491">1491</span> |
| <span id="1492">1492</span> |
| <span id="1493">1493</span> |
| <span id="1494">1494</span> |
| <span id="1495">1495</span> |
| <span id="1496">1496</span> |
| <span id="1497">1497</span> |
| <span id="1498">1498</span> |
| <span id="1499">1499</span> |
| <span id="1500">1500</span> |
| <span id="1501">1501</span> |
| <span id="1502">1502</span> |
| <span id="1503">1503</span> |
| <span id="1504">1504</span> |
| <span id="1505">1505</span> |
| <span id="1506">1506</span> |
| <span id="1507">1507</span> |
| <span id="1508">1508</span> |
| <span id="1509">1509</span> |
| <span id="1510">1510</span> |
| <span id="1511">1511</span> |
| <span id="1512">1512</span> |
| <span id="1513">1513</span> |
| <span id="1514">1514</span> |
| <span id="1515">1515</span> |
| <span id="1516">1516</span> |
| <span id="1517">1517</span> |
| <span id="1518">1518</span> |
| <span id="1519">1519</span> |
| <span id="1520">1520</span> |
| <span id="1521">1521</span> |
| <span id="1522">1522</span> |
| <span id="1523">1523</span> |
| <span id="1524">1524</span> |
| <span id="1525">1525</span> |
| <span id="1526">1526</span> |
| <span id="1527">1527</span> |
| <span id="1528">1528</span> |
| <span id="1529">1529</span> |
| <span id="1530">1530</span> |
| <span id="1531">1531</span> |
| <span id="1532">1532</span> |
| <span id="1533">1533</span> |
| <span id="1534">1534</span> |
| <span id="1535">1535</span> |
| <span id="1536">1536</span> |
| <span id="1537">1537</span> |
| <span id="1538">1538</span> |
| <span id="1539">1539</span> |
| <span id="1540">1540</span> |
| <span id="1541">1541</span> |
| <span id="1542">1542</span> |
| <span id="1543">1543</span> |
| <span id="1544">1544</span> |
| <span id="1545">1545</span> |
| <span id="1546">1546</span> |
| <span id="1547">1547</span> |
| <span id="1548">1548</span> |
| <span id="1549">1549</span> |
| <span id="1550">1550</span> |
| <span id="1551">1551</span> |
| <span id="1552">1552</span> |
| <span id="1553">1553</span> |
| <span id="1554">1554</span> |
| <span id="1555">1555</span> |
| <span id="1556">1556</span> |
| <span id="1557">1557</span> |
| <span id="1558">1558</span> |
| <span id="1559">1559</span> |
| <span id="1560">1560</span> |
| <span id="1561">1561</span> |
| <span id="1562">1562</span> |
| <span id="1563">1563</span> |
| <span id="1564">1564</span> |
| <span id="1565">1565</span> |
| <span id="1566">1566</span> |
| <span id="1567">1567</span> |
| <span id="1568">1568</span> |
| <span id="1569">1569</span> |
| <span id="1570">1570</span> |
| <span id="1571">1571</span> |
| <span id="1572">1572</span> |
| <span id="1573">1573</span> |
| <span id="1574">1574</span> |
| <span id="1575">1575</span> |
| <span id="1576">1576</span> |
| <span id="1577">1577</span> |
| <span id="1578">1578</span> |
| <span id="1579">1579</span> |
| <span id="1580">1580</span> |
| <span id="1581">1581</span> |
| <span id="1582">1582</span> |
| <span id="1583">1583</span> |
| <span id="1584">1584</span> |
| <span id="1585">1585</span> |
| <span id="1586">1586</span> |
| <span id="1587">1587</span> |
| <span id="1588">1588</span> |
| <span id="1589">1589</span> |
| <span id="1590">1590</span> |
| <span id="1591">1591</span> |
| <span id="1592">1592</span> |
| <span id="1593">1593</span> |
| <span id="1594">1594</span> |
| <span id="1595">1595</span> |
| <span id="1596">1596</span> |
| <span id="1597">1597</span> |
| <span id="1598">1598</span> |
| <span id="1599">1599</span> |
| <span id="1600">1600</span> |
| <span id="1601">1601</span> |
| <span id="1602">1602</span> |
| <span id="1603">1603</span> |
| <span id="1604">1604</span> |
| <span id="1605">1605</span> |
| <span id="1606">1606</span> |
| <span id="1607">1607</span> |
| <span id="1608">1608</span> |
| <span id="1609">1609</span> |
| <span id="1610">1610</span> |
| <span id="1611">1611</span> |
| <span id="1612">1612</span> |
| <span id="1613">1613</span> |
| <span id="1614">1614</span> |
| <span id="1615">1615</span> |
| <span id="1616">1616</span> |
| <span id="1617">1617</span> |
| <span id="1618">1618</span> |
| <span id="1619">1619</span> |
| <span id="1620">1620</span> |
| <span id="1621">1621</span> |
| <span id="1622">1622</span> |
| <span id="1623">1623</span> |
| <span id="1624">1624</span> |
| <span id="1625">1625</span> |
| <span id="1626">1626</span> |
| <span id="1627">1627</span> |
| <span id="1628">1628</span> |
| <span id="1629">1629</span> |
| <span id="1630">1630</span> |
| <span id="1631">1631</span> |
| <span id="1632">1632</span> |
| <span id="1633">1633</span> |
| <span id="1634">1634</span> |
| <span id="1635">1635</span> |
| <span id="1636">1636</span> |
| <span id="1637">1637</span> |
| <span id="1638">1638</span> |
| <span id="1639">1639</span> |
| <span id="1640">1640</span> |
| <span id="1641">1641</span> |
| <span id="1642">1642</span> |
| <span id="1643">1643</span> |
| <span id="1644">1644</span> |
| <span id="1645">1645</span> |
| <span id="1646">1646</span> |
| <span id="1647">1647</span> |
| <span id="1648">1648</span> |
| <span id="1649">1649</span> |
| <span id="1650">1650</span> |
| <span id="1651">1651</span> |
| <span id="1652">1652</span> |
| <span id="1653">1653</span> |
| <span id="1654">1654</span> |
| <span id="1655">1655</span> |
| <span id="1656">1656</span> |
| <span id="1657">1657</span> |
| <span id="1658">1658</span> |
| <span id="1659">1659</span> |
| <span id="1660">1660</span> |
| <span id="1661">1661</span> |
| <span id="1662">1662</span> |
| <span id="1663">1663</span> |
| <span id="1664">1664</span> |
| <span id="1665">1665</span> |
| <span id="1666">1666</span> |
| <span id="1667">1667</span> |
| <span id="1668">1668</span> |
| <span id="1669">1669</span> |
| <span id="1670">1670</span> |
| <span id="1671">1671</span> |
| <span id="1672">1672</span> |
| <span id="1673">1673</span> |
| <span id="1674">1674</span> |
| <span id="1675">1675</span> |
| <span id="1676">1676</span> |
| <span id="1677">1677</span> |
| <span id="1678">1678</span> |
| <span id="1679">1679</span> |
| <span id="1680">1680</span> |
| <span id="1681">1681</span> |
| <span id="1682">1682</span> |
| <span id="1683">1683</span> |
| <span id="1684">1684</span> |
| <span id="1685">1685</span> |
| <span id="1686">1686</span> |
| <span id="1687">1687</span> |
| <span id="1688">1688</span> |
| <span id="1689">1689</span> |
| <span id="1690">1690</span> |
| <span id="1691">1691</span> |
| <span id="1692">1692</span> |
| <span id="1693">1693</span> |
| <span id="1694">1694</span> |
| <span id="1695">1695</span> |
| <span id="1696">1696</span> |
| <span id="1697">1697</span> |
| <span id="1698">1698</span> |
| <span id="1699">1699</span> |
| <span id="1700">1700</span> |
| <span id="1701">1701</span> |
| <span id="1702">1702</span> |
| <span id="1703">1703</span> |
| <span id="1704">1704</span> |
| <span id="1705">1705</span> |
| <span id="1706">1706</span> |
| <span id="1707">1707</span> |
| <span id="1708">1708</span> |
| <span id="1709">1709</span> |
| <span id="1710">1710</span> |
| <span id="1711">1711</span> |
| <span id="1712">1712</span> |
| <span id="1713">1713</span> |
| <span id="1714">1714</span> |
| <span id="1715">1715</span> |
| <span id="1716">1716</span> |
| <span id="1717">1717</span> |
| <span id="1718">1718</span> |
| <span id="1719">1719</span> |
| <span id="1720">1720</span> |
| <span id="1721">1721</span> |
| <span id="1722">1722</span> |
| <span id="1723">1723</span> |
| <span id="1724">1724</span> |
| <span id="1725">1725</span> |
| <span id="1726">1726</span> |
| <span id="1727">1727</span> |
| <span id="1728">1728</span> |
| <span id="1729">1729</span> |
| <span id="1730">1730</span> |
| <span id="1731">1731</span> |
| <span id="1732">1732</span> |
| <span id="1733">1733</span> |
| <span id="1734">1734</span> |
| <span id="1735">1735</span> |
| <span id="1736">1736</span> |
| <span id="1737">1737</span> |
| <span id="1738">1738</span> |
| <span id="1739">1739</span> |
| <span id="1740">1740</span> |
| <span id="1741">1741</span> |
| <span id="1742">1742</span> |
| <span id="1743">1743</span> |
| <span id="1744">1744</span> |
| <span id="1745">1745</span> |
| <span id="1746">1746</span> |
| <span id="1747">1747</span> |
| <span id="1748">1748</span> |
| <span id="1749">1749</span> |
| <span id="1750">1750</span> |
| <span id="1751">1751</span> |
| <span id="1752">1752</span> |
| <span id="1753">1753</span> |
| <span id="1754">1754</span> |
| <span id="1755">1755</span> |
| <span id="1756">1756</span> |
| <span id="1757">1757</span> |
| <span id="1758">1758</span> |
| <span id="1759">1759</span> |
| <span id="1760">1760</span> |
| <span id="1761">1761</span> |
| <span id="1762">1762</span> |
| <span id="1763">1763</span> |
| <span id="1764">1764</span> |
| <span id="1765">1765</span> |
| <span id="1766">1766</span> |
| <span id="1767">1767</span> |
| <span id="1768">1768</span> |
| <span id="1769">1769</span> |
| <span id="1770">1770</span> |
| <span id="1771">1771</span> |
| <span id="1772">1772</span> |
| <span id="1773">1773</span> |
| <span id="1774">1774</span> |
| <span id="1775">1775</span> |
| <span id="1776">1776</span> |
| <span id="1777">1777</span> |
| <span id="1778">1778</span> |
| <span id="1779">1779</span> |
| <span id="1780">1780</span> |
| <span id="1781">1781</span> |
| <span id="1782">1782</span> |
| <span id="1783">1783</span> |
| <span id="1784">1784</span> |
| <span id="1785">1785</span> |
| <span id="1786">1786</span> |
| <span id="1787">1787</span> |
| <span id="1788">1788</span> |
| <span id="1789">1789</span> |
| <span id="1790">1790</span> |
| <span id="1791">1791</span> |
| <span id="1792">1792</span> |
| <span id="1793">1793</span> |
| <span id="1794">1794</span> |
| <span id="1795">1795</span> |
| <span id="1796">1796</span> |
| <span id="1797">1797</span> |
| <span id="1798">1798</span> |
| <span id="1799">1799</span> |
| <span id="1800">1800</span> |
| <span id="1801">1801</span> |
| <span id="1802">1802</span> |
| <span id="1803">1803</span> |
| <span id="1804">1804</span> |
| <span id="1805">1805</span> |
| <span id="1806">1806</span> |
| <span id="1807">1807</span> |
| <span id="1808">1808</span> |
| <span id="1809">1809</span> |
| <span id="1810">1810</span> |
| <span id="1811">1811</span> |
| <span id="1812">1812</span> |
| <span id="1813">1813</span> |
| <span id="1814">1814</span> |
| <span id="1815">1815</span> |
| <span id="1816">1816</span> |
| <span id="1817">1817</span> |
| <span id="1818">1818</span> |
| <span id="1819">1819</span> |
| <span id="1820">1820</span> |
| <span id="1821">1821</span> |
| <span id="1822">1822</span> |
| <span id="1823">1823</span> |
| <span id="1824">1824</span> |
| <span id="1825">1825</span> |
| <span id="1826">1826</span> |
| <span id="1827">1827</span> |
| <span id="1828">1828</span> |
| <span id="1829">1829</span> |
| <span id="1830">1830</span> |
| <span id="1831">1831</span> |
| <span id="1832">1832</span> |
| <span id="1833">1833</span> |
| <span id="1834">1834</span> |
| <span id="1835">1835</span> |
| <span id="1836">1836</span> |
| <span id="1837">1837</span> |
| <span id="1838">1838</span> |
| <span id="1839">1839</span> |
| <span id="1840">1840</span> |
| <span id="1841">1841</span> |
| <span id="1842">1842</span> |
| <span id="1843">1843</span> |
| <span id="1844">1844</span> |
| <span id="1845">1845</span> |
| <span id="1846">1846</span> |
| <span id="1847">1847</span> |
| <span id="1848">1848</span> |
| <span id="1849">1849</span> |
| <span id="1850">1850</span> |
| <span id="1851">1851</span> |
| <span id="1852">1852</span> |
| <span id="1853">1853</span> |
| <span id="1854">1854</span> |
| <span id="1855">1855</span> |
| <span id="1856">1856</span> |
| <span id="1857">1857</span> |
| <span id="1858">1858</span> |
| <span id="1859">1859</span> |
| <span id="1860">1860</span> |
| <span id="1861">1861</span> |
| <span id="1862">1862</span> |
| <span id="1863">1863</span> |
| <span id="1864">1864</span> |
| <span id="1865">1865</span> |
| <span id="1866">1866</span> |
| <span id="1867">1867</span> |
| <span id="1868">1868</span> |
| <span id="1869">1869</span> |
| <span id="1870">1870</span> |
| <span id="1871">1871</span> |
| <span id="1872">1872</span> |
| <span id="1873">1873</span> |
| <span id="1874">1874</span> |
| <span id="1875">1875</span> |
| <span id="1876">1876</span> |
| <span id="1877">1877</span> |
| <span id="1878">1878</span> |
| <span id="1879">1879</span> |
| <span id="1880">1880</span> |
| <span id="1881">1881</span> |
| <span id="1882">1882</span> |
| <span id="1883">1883</span> |
| <span id="1884">1884</span> |
| <span id="1885">1885</span> |
| <span id="1886">1886</span> |
| <span id="1887">1887</span> |
| <span id="1888">1888</span> |
| <span id="1889">1889</span> |
| <span id="1890">1890</span> |
| <span id="1891">1891</span> |
| <span id="1892">1892</span> |
| <span id="1893">1893</span> |
| <span id="1894">1894</span> |
| <span id="1895">1895</span> |
| <span id="1896">1896</span> |
| <span id="1897">1897</span> |
| <span id="1898">1898</span> |
| <span id="1899">1899</span> |
| <span id="1900">1900</span> |
| <span id="1901">1901</span> |
| <span id="1902">1902</span> |
| <span id="1903">1903</span> |
| <span id="1904">1904</span> |
| <span id="1905">1905</span> |
| <span id="1906">1906</span> |
| <span id="1907">1907</span> |
| <span id="1908">1908</span> |
| <span id="1909">1909</span> |
| <span id="1910">1910</span> |
| <span id="1911">1911</span> |
| <span id="1912">1912</span> |
| <span id="1913">1913</span> |
| <span id="1914">1914</span> |
| <span id="1915">1915</span> |
| <span id="1916">1916</span> |
| <span id="1917">1917</span> |
| <span id="1918">1918</span> |
| <span id="1919">1919</span> |
| <span id="1920">1920</span> |
| <span id="1921">1921</span> |
| <span id="1922">1922</span> |
| <span id="1923">1923</span> |
| <span id="1924">1924</span> |
| <span id="1925">1925</span> |
| <span id="1926">1926</span> |
| <span id="1927">1927</span> |
| <span id="1928">1928</span> |
| <span id="1929">1929</span> |
| <span id="1930">1930</span> |
| <span id="1931">1931</span> |
| <span id="1932">1932</span> |
| <span id="1933">1933</span> |
| <span id="1934">1934</span> |
| <span id="1935">1935</span> |
| <span id="1936">1936</span> |
| <span id="1937">1937</span> |
| <span id="1938">1938</span> |
| <span id="1939">1939</span> |
| <span id="1940">1940</span> |
| <span id="1941">1941</span> |
| <span id="1942">1942</span> |
| <span id="1943">1943</span> |
| <span id="1944">1944</span> |
| <span id="1945">1945</span> |
| <span id="1946">1946</span> |
| <span id="1947">1947</span> |
| <span id="1948">1948</span> |
| <span id="1949">1949</span> |
| <span id="1950">1950</span> |
| <span id="1951">1951</span> |
| <span id="1952">1952</span> |
| <span id="1953">1953</span> |
| <span id="1954">1954</span> |
| <span id="1955">1955</span> |
| <span id="1956">1956</span> |
| <span id="1957">1957</span> |
| <span id="1958">1958</span> |
| <span id="1959">1959</span> |
| <span id="1960">1960</span> |
| <span id="1961">1961</span> |
| <span id="1962">1962</span> |
| <span id="1963">1963</span> |
| <span id="1964">1964</span> |
| <span id="1965">1965</span> |
| <span id="1966">1966</span> |
| <span id="1967">1967</span> |
| <span id="1968">1968</span> |
| <span id="1969">1969</span> |
| <span id="1970">1970</span> |
| <span id="1971">1971</span> |
| <span id="1972">1972</span> |
| <span id="1973">1973</span> |
| <span id="1974">1974</span> |
| <span id="1975">1975</span> |
| <span id="1976">1976</span> |
| <span id="1977">1977</span> |
| <span id="1978">1978</span> |
| <span id="1979">1979</span> |
| <span id="1980">1980</span> |
| <span id="1981">1981</span> |
| <span id="1982">1982</span> |
| <span id="1983">1983</span> |
| <span id="1984">1984</span> |
| <span id="1985">1985</span> |
| <span id="1986">1986</span> |
| <span id="1987">1987</span> |
| <span id="1988">1988</span> |
| <span id="1989">1989</span> |
| <span id="1990">1990</span> |
| <span id="1991">1991</span> |
| <span id="1992">1992</span> |
| <span id="1993">1993</span> |
| <span id="1994">1994</span> |
| <span id="1995">1995</span> |
| <span id="1996">1996</span> |
| <span id="1997">1997</span> |
| <span id="1998">1998</span> |
| <span id="1999">1999</span> |
| <span id="2000">2000</span> |
| <span id="2001">2001</span> |
| <span id="2002">2002</span> |
| <span id="2003">2003</span> |
| <span id="2004">2004</span> |
| <span id="2005">2005</span> |
| <span id="2006">2006</span> |
| <span id="2007">2007</span> |
| <span id="2008">2008</span> |
| <span id="2009">2009</span> |
| <span id="2010">2010</span> |
| <span id="2011">2011</span> |
| <span id="2012">2012</span> |
| <span id="2013">2013</span> |
| <span id="2014">2014</span> |
| <span id="2015">2015</span> |
| <span id="2016">2016</span> |
| <span id="2017">2017</span> |
| <span id="2018">2018</span> |
| <span id="2019">2019</span> |
| <span id="2020">2020</span> |
| <span id="2021">2021</span> |
| <span id="2022">2022</span> |
| <span id="2023">2023</span> |
| <span id="2024">2024</span> |
| <span id="2025">2025</span> |
| <span id="2026">2026</span> |
| <span id="2027">2027</span> |
| <span id="2028">2028</span> |
| <span id="2029">2029</span> |
| <span id="2030">2030</span> |
| <span id="2031">2031</span> |
| <span id="2032">2032</span> |
| <span id="2033">2033</span> |
| <span id="2034">2034</span> |
| <span id="2035">2035</span> |
| <span id="2036">2036</span> |
| <span id="2037">2037</span> |
| <span id="2038">2038</span> |
| <span id="2039">2039</span> |
| <span id="2040">2040</span> |
| <span id="2041">2041</span> |
| <span id="2042">2042</span> |
| <span id="2043">2043</span> |
| <span id="2044">2044</span> |
| <span id="2045">2045</span> |
| <span id="2046">2046</span> |
| <span id="2047">2047</span> |
| <span id="2048">2048</span> |
| <span id="2049">2049</span> |
| <span id="2050">2050</span> |
| <span id="2051">2051</span> |
| <span id="2052">2052</span> |
| <span id="2053">2053</span> |
| <span id="2054">2054</span> |
| <span id="2055">2055</span> |
| <span id="2056">2056</span> |
| <span id="2057">2057</span> |
| <span id="2058">2058</span> |
| <span id="2059">2059</span> |
| <span id="2060">2060</span> |
| <span id="2061">2061</span> |
| <span id="2062">2062</span> |
| <span id="2063">2063</span> |
| <span id="2064">2064</span> |
| <span id="2065">2065</span> |
| <span id="2066">2066</span> |
| <span id="2067">2067</span> |
| <span id="2068">2068</span> |
| <span id="2069">2069</span> |
| <span id="2070">2070</span> |
| <span id="2071">2071</span> |
| <span id="2072">2072</span> |
| <span id="2073">2073</span> |
| <span id="2074">2074</span> |
| <span id="2075">2075</span> |
| <span id="2076">2076</span> |
| <span id="2077">2077</span> |
| <span id="2078">2078</span> |
| <span id="2079">2079</span> |
| <span id="2080">2080</span> |
| <span id="2081">2081</span> |
| <span id="2082">2082</span> |
| <span id="2083">2083</span> |
| <span id="2084">2084</span> |
| <span id="2085">2085</span> |
| <span id="2086">2086</span> |
| <span id="2087">2087</span> |
| <span id="2088">2088</span> |
| <span id="2089">2089</span> |
| <span id="2090">2090</span> |
| <span id="2091">2091</span> |
| <span id="2092">2092</span> |
| <span id="2093">2093</span> |
| <span id="2094">2094</span> |
| <span id="2095">2095</span> |
| <span id="2096">2096</span> |
| <span id="2097">2097</span> |
| <span id="2098">2098</span> |
| <span id="2099">2099</span> |
| <span id="2100">2100</span> |
| <span id="2101">2101</span> |
| <span id="2102">2102</span> |
| <span id="2103">2103</span> |
| <span id="2104">2104</span> |
| <span id="2105">2105</span> |
| <span id="2106">2106</span> |
| <span id="2107">2107</span> |
| <span id="2108">2108</span> |
| <span id="2109">2109</span> |
| <span id="2110">2110</span> |
| <span id="2111">2111</span> |
| <span id="2112">2112</span> |
| <span id="2113">2113</span> |
| <span id="2114">2114</span> |
| <span id="2115">2115</span> |
| <span id="2116">2116</span> |
| <span id="2117">2117</span> |
| <span id="2118">2118</span> |
| <span id="2119">2119</span> |
| <span id="2120">2120</span> |
| <span id="2121">2121</span> |
| <span id="2122">2122</span> |
| <span id="2123">2123</span> |
| <span id="2124">2124</span> |
| <span id="2125">2125</span> |
| <span id="2126">2126</span> |
| <span id="2127">2127</span> |
| <span id="2128">2128</span> |
| <span id="2129">2129</span> |
| <span id="2130">2130</span> |
| <span id="2131">2131</span> |
| <span id="2132">2132</span> |
| <span id="2133">2133</span> |
| <span id="2134">2134</span> |
| <span id="2135">2135</span> |
| <span id="2136">2136</span> |
| <span id="2137">2137</span> |
| <span id="2138">2138</span> |
| <span id="2139">2139</span> |
| <span id="2140">2140</span> |
| <span id="2141">2141</span> |
| <span id="2142">2142</span> |
| <span id="2143">2143</span> |
| <span id="2144">2144</span> |
| <span id="2145">2145</span> |
| <span id="2146">2146</span> |
| <span id="2147">2147</span> |
| <span id="2148">2148</span> |
| <span id="2149">2149</span> |
| <span id="2150">2150</span> |
| <span id="2151">2151</span> |
| <span id="2152">2152</span> |
| <span id="2153">2153</span> |
| <span id="2154">2154</span> |
| <span id="2155">2155</span> |
| <span id="2156">2156</span> |
| <span id="2157">2157</span> |
| <span id="2158">2158</span> |
| <span id="2159">2159</span> |
| <span id="2160">2160</span> |
| <span id="2161">2161</span> |
| <span id="2162">2162</span> |
| <span id="2163">2163</span> |
| <span id="2164">2164</span> |
| <span id="2165">2165</span> |
| <span id="2166">2166</span> |
| <span id="2167">2167</span> |
| <span id="2168">2168</span> |
| <span id="2169">2169</span> |
| <span id="2170">2170</span> |
| <span id="2171">2171</span> |
| <span id="2172">2172</span> |
| <span id="2173">2173</span> |
| <span id="2174">2174</span> |
| <span id="2175">2175</span> |
| <span id="2176">2176</span> |
| <span id="2177">2177</span> |
| <span id="2178">2178</span> |
| <span id="2179">2179</span> |
| <span id="2180">2180</span> |
| <span id="2181">2181</span> |
| <span id="2182">2182</span> |
| <span id="2183">2183</span> |
| <span id="2184">2184</span> |
| <span id="2185">2185</span> |
| <span id="2186">2186</span> |
| <span id="2187">2187</span> |
| <span id="2188">2188</span> |
| <span id="2189">2189</span> |
| <span id="2190">2190</span> |
| <span id="2191">2191</span> |
| <span id="2192">2192</span> |
| <span id="2193">2193</span> |
| <span id="2194">2194</span> |
| <span id="2195">2195</span> |
| <span id="2196">2196</span> |
| <span id="2197">2197</span> |
| <span id="2198">2198</span> |
| <span id="2199">2199</span> |
| <span id="2200">2200</span> |
| <span id="2201">2201</span> |
| <span id="2202">2202</span> |
| <span id="2203">2203</span> |
| <span id="2204">2204</span> |
| <span id="2205">2205</span> |
| <span id="2206">2206</span> |
| <span id="2207">2207</span> |
| <span id="2208">2208</span> |
| <span id="2209">2209</span> |
| <span id="2210">2210</span> |
| <span id="2211">2211</span> |
| <span id="2212">2212</span> |
| <span id="2213">2213</span> |
| <span id="2214">2214</span> |
| <span id="2215">2215</span> |
| <span id="2216">2216</span> |
| <span id="2217">2217</span> |
| <span id="2218">2218</span> |
| <span id="2219">2219</span> |
| <span id="2220">2220</span> |
| <span id="2221">2221</span> |
| <span id="2222">2222</span> |
| <span id="2223">2223</span> |
| <span id="2224">2224</span> |
| <span id="2225">2225</span> |
| <span id="2226">2226</span> |
| <span id="2227">2227</span> |
| <span id="2228">2228</span> |
| <span id="2229">2229</span> |
| <span id="2230">2230</span> |
| <span id="2231">2231</span> |
| <span id="2232">2232</span> |
| <span id="2233">2233</span> |
| <span id="2234">2234</span> |
| <span id="2235">2235</span> |
| <span id="2236">2236</span> |
| <span id="2237">2237</span> |
| <span id="2238">2238</span> |
| <span id="2239">2239</span> |
| <span id="2240">2240</span> |
| <span id="2241">2241</span> |
| <span id="2242">2242</span> |
| <span id="2243">2243</span> |
| <span id="2244">2244</span> |
| <span id="2245">2245</span> |
| <span id="2246">2246</span> |
| <span id="2247">2247</span> |
| <span id="2248">2248</span> |
| <span id="2249">2249</span> |
| <span id="2250">2250</span> |
| <span id="2251">2251</span> |
| <span id="2252">2252</span> |
| <span id="2253">2253</span> |
| <span id="2254">2254</span> |
| <span id="2255">2255</span> |
| <span id="2256">2256</span> |
| <span id="2257">2257</span> |
| <span id="2258">2258</span> |
| <span id="2259">2259</span> |
| <span id="2260">2260</span> |
| <span id="2261">2261</span> |
| <span id="2262">2262</span> |
| <span id="2263">2263</span> |
| <span id="2264">2264</span> |
| <span id="2265">2265</span> |
| <span id="2266">2266</span> |
| <span id="2267">2267</span> |
| <span id="2268">2268</span> |
| <span id="2269">2269</span> |
| <span id="2270">2270</span> |
| <span id="2271">2271</span> |
| <span id="2272">2272</span> |
| <span id="2273">2273</span> |
| <span id="2274">2274</span> |
| <span id="2275">2275</span> |
| <span id="2276">2276</span> |
| <span id="2277">2277</span> |
| <span id="2278">2278</span> |
| <span id="2279">2279</span> |
| <span id="2280">2280</span> |
| <span id="2281">2281</span> |
| <span id="2282">2282</span> |
| <span id="2283">2283</span> |
| <span id="2284">2284</span> |
| <span id="2285">2285</span> |
| <span id="2286">2286</span> |
| <span id="2287">2287</span> |
| <span id="2288">2288</span> |
| <span id="2289">2289</span> |
| <span id="2290">2290</span> |
| <span id="2291">2291</span> |
| <span id="2292">2292</span> |
| <span id="2293">2293</span> |
| <span id="2294">2294</span> |
| <span id="2295">2295</span> |
| <span id="2296">2296</span> |
| <span id="2297">2297</span> |
| <span id="2298">2298</span> |
| <span id="2299">2299</span> |
| <span id="2300">2300</span> |
| <span id="2301">2301</span> |
| <span id="2302">2302</span> |
| <span id="2303">2303</span> |
| <span id="2304">2304</span> |
| <span id="2305">2305</span> |
| <span id="2306">2306</span> |
| <span id="2307">2307</span> |
| <span id="2308">2308</span> |
| <span id="2309">2309</span> |
| <span id="2310">2310</span> |
| <span id="2311">2311</span> |
| <span id="2312">2312</span> |
| <span id="2313">2313</span> |
| <span id="2314">2314</span> |
| <span id="2315">2315</span> |
| <span id="2316">2316</span> |
| <span id="2317">2317</span> |
| <span id="2318">2318</span> |
| <span id="2319">2319</span> |
| <span id="2320">2320</span> |
| <span id="2321">2321</span> |
| <span id="2322">2322</span> |
| <span id="2323">2323</span> |
| <span id="2324">2324</span> |
| <span id="2325">2325</span> |
| <span id="2326">2326</span> |
| <span id="2327">2327</span> |
| <span id="2328">2328</span> |
| <span id="2329">2329</span> |
| <span id="2330">2330</span> |
| <span id="2331">2331</span> |
| <span id="2332">2332</span> |
| <span id="2333">2333</span> |
| <span id="2334">2334</span> |
| <span id="2335">2335</span> |
| <span id="2336">2336</span> |
| <span id="2337">2337</span> |
| <span id="2338">2338</span> |
| <span id="2339">2339</span> |
| <span id="2340">2340</span> |
| <span id="2341">2341</span> |
| <span id="2342">2342</span> |
| <span id="2343">2343</span> |
| <span id="2344">2344</span> |
| <span id="2345">2345</span> |
| <span id="2346">2346</span> |
| <span id="2347">2347</span> |
| <span id="2348">2348</span> |
| <span id="2349">2349</span> |
| <span id="2350">2350</span> |
| <span id="2351">2351</span> |
| <span id="2352">2352</span> |
| <span id="2353">2353</span> |
| <span id="2354">2354</span> |
| <span id="2355">2355</span> |
| <span id="2356">2356</span> |
| <span id="2357">2357</span> |
| <span id="2358">2358</span> |
| <span id="2359">2359</span> |
| <span id="2360">2360</span> |
| <span id="2361">2361</span> |
| <span id="2362">2362</span> |
| <span id="2363">2363</span> |
| <span id="2364">2364</span> |
| <span id="2365">2365</span> |
| <span id="2366">2366</span> |
| <span id="2367">2367</span> |
| <span id="2368">2368</span> |
| <span id="2369">2369</span> |
| <span id="2370">2370</span> |
| <span id="2371">2371</span> |
| <span id="2372">2372</span> |
| <span id="2373">2373</span> |
| <span id="2374">2374</span> |
| <span id="2375">2375</span> |
| <span id="2376">2376</span> |
| <span id="2377">2377</span> |
| <span id="2378">2378</span> |
| <span id="2379">2379</span> |
| <span id="2380">2380</span> |
| <span id="2381">2381</span> |
| <span id="2382">2382</span> |
| <span id="2383">2383</span> |
| <span id="2384">2384</span> |
| <span id="2385">2385</span> |
| <span id="2386">2386</span> |
| <span id="2387">2387</span> |
| <span id="2388">2388</span> |
| <span id="2389">2389</span> |
| <span id="2390">2390</span> |
| <span id="2391">2391</span> |
| <span id="2392">2392</span> |
| <span id="2393">2393</span> |
| <span id="2394">2394</span> |
| <span id="2395">2395</span> |
| <span id="2396">2396</span> |
| <span id="2397">2397</span> |
| <span id="2398">2398</span> |
| <span id="2399">2399</span> |
| <span id="2400">2400</span> |
| <span id="2401">2401</span> |
| <span id="2402">2402</span> |
| <span id="2403">2403</span> |
| <span id="2404">2404</span> |
| <span id="2405">2405</span> |
| <span id="2406">2406</span> |
| <span id="2407">2407</span> |
| <span id="2408">2408</span> |
| <span id="2409">2409</span> |
| <span id="2410">2410</span> |
| <span id="2411">2411</span> |
| <span id="2412">2412</span> |
| <span id="2413">2413</span> |
| <span id="2414">2414</span> |
| <span id="2415">2415</span> |
| <span id="2416">2416</span> |
| <span id="2417">2417</span> |
| <span id="2418">2418</span> |
| <span id="2419">2419</span> |
| <span id="2420">2420</span> |
| <span id="2421">2421</span> |
| <span id="2422">2422</span> |
| <span id="2423">2423</span> |
| <span id="2424">2424</span> |
| <span id="2425">2425</span> |
| <span id="2426">2426</span> |
| <span id="2427">2427</span> |
| <span id="2428">2428</span> |
| <span id="2429">2429</span> |
| <span id="2430">2430</span> |
| <span id="2431">2431</span> |
| <span id="2432">2432</span> |
| <span id="2433">2433</span> |
| <span id="2434">2434</span> |
| <span id="2435">2435</span> |
| <span id="2436">2436</span> |
| <span id="2437">2437</span> |
| <span id="2438">2438</span> |
| <span id="2439">2439</span> |
| <span id="2440">2440</span> |
| <span id="2441">2441</span> |
| <span id="2442">2442</span> |
| <span id="2443">2443</span> |
| <span id="2444">2444</span> |
| <span id="2445">2445</span> |
| <span id="2446">2446</span> |
| <span id="2447">2447</span> |
| <span id="2448">2448</span> |
| <span id="2449">2449</span> |
| <span id="2450">2450</span> |
| <span id="2451">2451</span> |
| <span id="2452">2452</span> |
| <span id="2453">2453</span> |
| <span id="2454">2454</span> |
| <span id="2455">2455</span> |
| <span id="2456">2456</span> |
| <span id="2457">2457</span> |
| <span id="2458">2458</span> |
| <span id="2459">2459</span> |
| <span id="2460">2460</span> |
| <span id="2461">2461</span> |
| <span id="2462">2462</span> |
| <span id="2463">2463</span> |
| <span id="2464">2464</span> |
| <span id="2465">2465</span> |
| <span id="2466">2466</span> |
| <span id="2467">2467</span> |
| <span id="2468">2468</span> |
| <span id="2469">2469</span> |
| <span id="2470">2470</span> |
| <span id="2471">2471</span> |
| <span id="2472">2472</span> |
| <span id="2473">2473</span> |
| <span id="2474">2474</span> |
| <span id="2475">2475</span> |
| <span id="2476">2476</span> |
| <span id="2477">2477</span> |
| <span id="2478">2478</span> |
| <span id="2479">2479</span> |
| <span id="2480">2480</span> |
| <span id="2481">2481</span> |
| <span id="2482">2482</span> |
| <span id="2483">2483</span> |
| <span id="2484">2484</span> |
| <span id="2485">2485</span> |
| <span id="2486">2486</span> |
| <span id="2487">2487</span> |
| <span id="2488">2488</span> |
| <span id="2489">2489</span> |
| <span id="2490">2490</span> |
| <span id="2491">2491</span> |
| <span id="2492">2492</span> |
| <span id="2493">2493</span> |
| <span id="2494">2494</span> |
| <span id="2495">2495</span> |
| <span id="2496">2496</span> |
| <span id="2497">2497</span> |
| <span id="2498">2498</span> |
| <span id="2499">2499</span> |
| <span id="2500">2500</span> |
| <span id="2501">2501</span> |
| <span id="2502">2502</span> |
| <span id="2503">2503</span> |
| <span id="2504">2504</span> |
| <span id="2505">2505</span> |
| <span id="2506">2506</span> |
| <span id="2507">2507</span> |
| <span id="2508">2508</span> |
| <span id="2509">2509</span> |
| <span id="2510">2510</span> |
| <span id="2511">2511</span> |
| <span id="2512">2512</span> |
| <span id="2513">2513</span> |
| <span id="2514">2514</span> |
| <span id="2515">2515</span> |
| <span id="2516">2516</span> |
| <span id="2517">2517</span> |
| <span id="2518">2518</span> |
| <span id="2519">2519</span> |
| <span id="2520">2520</span> |
| <span id="2521">2521</span> |
| <span id="2522">2522</span> |
| <span id="2523">2523</span> |
| <span id="2524">2524</span> |
| <span id="2525">2525</span> |
| <span id="2526">2526</span> |
| <span id="2527">2527</span> |
| <span id="2528">2528</span> |
| <span id="2529">2529</span> |
| <span id="2530">2530</span> |
| <span id="2531">2531</span> |
| <span id="2532">2532</span> |
| <span id="2533">2533</span> |
| </pre><pre class="rust"><code><span class="doccomment">//! The standard defining the format of public key certificates. |
| //! |
| //! An `X509` certificate binds an identity to a public key, and is either |
| //! signed by a certificate authority (CA) or self-signed. An entity that gets |
| //! a hold of a certificate can both verify your identity (via a CA) and encrypt |
| //! data with the included public key. `X509` certificates are used in many |
| //! Internet protocols, including SSL/TLS, which is the basis for HTTPS, |
| //! the secure protocol for browsing the web. |
| |
| </span><span class="kw">use </span>cfg_if::cfg_if; |
| <span class="kw">use </span>foreign_types::{ForeignType, ForeignTypeRef, Opaque}; |
| <span class="kw">use </span>libc::{c_int, c_long, c_uint, c_void}; |
| <span class="kw">use </span>std::cmp::{<span class="self">self</span>, Ordering}; |
| <span class="kw">use </span>std::convert::{TryFrom, TryInto}; |
| <span class="kw">use </span>std::error::Error; |
| <span class="kw">use </span>std::ffi::{CStr, CString}; |
| <span class="kw">use </span>std::fmt; |
| <span class="kw">use </span>std::marker::PhantomData; |
| <span class="kw">use </span>std::mem; |
| <span class="kw">use </span>std::net::IpAddr; |
| <span class="kw">use </span>std::path::Path; |
| <span class="kw">use </span>std::ptr; |
| <span class="kw">use </span>std::slice; |
| <span class="kw">use </span>std::str; |
| |
| <span class="kw">use </span><span class="kw">crate</span>::asn1::{ |
| Asn1BitStringRef, Asn1Enumerated, Asn1IntegerRef, Asn1Object, Asn1ObjectRef, |
| Asn1OctetStringRef, Asn1StringRef, Asn1TimeRef, Asn1Type, |
| }; |
| <span class="kw">use </span><span class="kw">crate</span>::bio::MemBioSlice; |
| <span class="kw">use </span><span class="kw">crate</span>::conf::ConfRef; |
| <span class="kw">use </span><span class="kw">crate</span>::error::ErrorStack; |
| <span class="kw">use </span><span class="kw">crate</span>::ex_data::Index; |
| <span class="kw">use </span><span class="kw">crate</span>::hash::{DigestBytes, MessageDigest}; |
| <span class="kw">use </span><span class="kw">crate</span>::nid::Nid; |
| <span class="kw">use </span><span class="kw">crate</span>::pkey::{HasPrivate, HasPublic, PKey, PKeyRef, Public}; |
| <span class="kw">use </span><span class="kw">crate</span>::ssl::SslRef; |
| <span class="kw">use </span><span class="kw">crate</span>::stack::{Stack, StackRef, Stackable}; |
| <span class="kw">use </span><span class="kw">crate</span>::string::OpensslString; |
| <span class="kw">use </span><span class="kw">crate</span>::util::{ForeignTypeExt, ForeignTypeRefExt}; |
| <span class="kw">use crate</span>::{cvt, cvt_n, cvt_p}; |
| <span class="kw">use </span>openssl_macros::corresponds; |
| |
| <span class="attribute">#[cfg(any(ossl102, libressl261))] |
| </span><span class="kw">pub mod </span>verify; |
| |
| <span class="kw">pub mod </span>extension; |
| <span class="kw">pub mod </span>store; |
| |
| <span class="attribute">#[cfg(test)] |
| </span><span class="kw">mod </span>tests; |
| |
| <span class="doccomment">/// A type of X509 extension. |
| /// |
| /// # Safety |
| /// The value of NID and Output must match those in OpenSSL so that |
| /// `Output::from_ptr_opt(*_get_ext_d2i(*, NID, ...))` is valid. |
| </span><span class="kw">pub unsafe trait </span>ExtensionType { |
| <span class="kw">const </span>NID: Nid; |
| <span class="kw">type </span>Output: ForeignType; |
| } |
| |
| <span class="macro">foreign_type_and_impl_send_sync! </span>{ |
| <span class="kw">type </span>CType = ffi::X509_STORE_CTX; |
| <span class="kw">fn </span>drop = ffi::X509_STORE_CTX_free; |
| |
| <span class="doccomment">/// An `X509` certificate store context. |
| </span><span class="kw">pub struct </span>X509StoreContext; |
| |
| <span class="doccomment">/// A reference to an [`X509StoreContext`]. |
| </span><span class="kw">pub struct </span>X509StoreContextRef; |
| } |
| |
| <span class="kw">impl </span>X509StoreContext { |
| <span class="doccomment">/// Returns the index which can be used to obtain a reference to the `Ssl` associated with a |
| /// context. |
| </span><span class="attribute">#[corresponds(SSL_get_ex_data_X509_STORE_CTX_idx)] |
| </span><span class="kw">pub fn </span>ssl_idx() -> <span class="prelude-ty">Result</span><Index<X509StoreContext, SslRef>, ErrorStack> { |
| <span class="kw">unsafe </span>{ cvt_n(ffi::SSL_get_ex_data_X509_STORE_CTX_idx()).map(|idx| Index::from_raw(idx)) } |
| } |
| |
| <span class="doccomment">/// Creates a new `X509StoreContext` instance. |
| </span><span class="attribute">#[corresponds(X509_STORE_CTX_new)] |
| </span><span class="kw">pub fn </span>new() -> <span class="prelude-ty">Result</span><X509StoreContext, ErrorStack> { |
| <span class="kw">unsafe </span>{ |
| ffi::init(); |
| cvt_p(ffi::X509_STORE_CTX_new()).map(X509StoreContext) |
| } |
| } |
| } |
| |
| <span class="kw">impl </span>X509StoreContextRef { |
| <span class="doccomment">/// Returns application data pertaining to an `X509` store context. |
| </span><span class="attribute">#[corresponds(X509_STORE_CTX_get_ex_data)] |
| </span><span class="kw">pub fn </span>ex_data<T>(<span class="kw-2">&</span><span class="self">self</span>, index: Index<X509StoreContext, T>) -> <span class="prelude-ty">Option</span><<span class="kw-2">&</span>T> { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>data = ffi::X509_STORE_CTX_get_ex_data(<span class="self">self</span>.as_ptr(), index.as_raw()); |
| <span class="kw">if </span>data.is_null() { |
| <span class="prelude-val">None |
| </span>} <span class="kw">else </span>{ |
| <span class="prelude-val">Some</span>(<span class="kw-2">&*</span>(data <span class="kw">as </span><span class="kw-2">*const </span>T)) |
| } |
| } |
| } |
| |
| <span class="doccomment">/// Returns the error code of the context. |
| </span><span class="attribute">#[corresponds(X509_STORE_CTX_get_error)] |
| </span><span class="kw">pub fn </span>error(<span class="kw-2">&</span><span class="self">self</span>) -> X509VerifyResult { |
| <span class="kw">unsafe </span>{ X509VerifyResult::from_raw(ffi::X509_STORE_CTX_get_error(<span class="self">self</span>.as_ptr())) } |
| } |
| |
| <span class="doccomment">/// Initializes this context with the given certificate, certificates chain and certificate |
| /// store. After initializing the context, the `with_context` closure is called with the prepared |
| /// context. As long as the closure is running, the context stays initialized and can be used |
| /// to e.g. verify a certificate. The context will be cleaned up, after the closure finished. |
| /// |
| /// * `trust` - The certificate store with the trusted certificates. |
| /// * `cert` - The certificate that should be verified. |
| /// * `cert_chain` - The certificates chain. |
| /// * `with_context` - The closure that is called with the initialized context. |
| /// |
| /// This corresponds to [`X509_STORE_CTX_init`] before calling `with_context` and to |
| /// [`X509_STORE_CTX_cleanup`] after calling `with_context`. |
| /// |
| /// [`X509_STORE_CTX_init`]: https://www.openssl.org/docs/manmaster/crypto/X509_STORE_CTX_init.html |
| /// [`X509_STORE_CTX_cleanup`]: https://www.openssl.org/docs/manmaster/crypto/X509_STORE_CTX_cleanup.html |
| </span><span class="kw">pub fn </span>init<F, T>( |
| <span class="kw-2">&mut </span><span class="self">self</span>, |
| trust: <span class="kw-2">&</span>store::X509StoreRef, |
| cert: <span class="kw-2">&</span>X509Ref, |
| cert_chain: <span class="kw-2">&</span>StackRef<X509>, |
| with_context: F, |
| ) -> <span class="prelude-ty">Result</span><T, ErrorStack> |
| <span class="kw">where |
| </span>F: FnOnce(<span class="kw-2">&mut </span>X509StoreContextRef) -> <span class="prelude-ty">Result</span><T, ErrorStack>, |
| { |
| <span class="kw">struct </span>Cleanup<<span class="lifetime">'a</span>>(<span class="kw-2">&</span><span class="lifetime">'a </span><span class="kw-2">mut </span>X509StoreContextRef); |
| |
| <span class="kw">impl</span><<span class="lifetime">'a</span>> Drop <span class="kw">for </span>Cleanup<<span class="lifetime">'a</span>> { |
| <span class="kw">fn </span>drop(<span class="kw-2">&mut </span><span class="self">self</span>) { |
| <span class="kw">unsafe </span>{ |
| ffi::X509_STORE_CTX_cleanup(<span class="self">self</span>.<span class="number">0</span>.as_ptr()); |
| } |
| } |
| } |
| |
| <span class="kw">unsafe </span>{ |
| cvt(ffi::X509_STORE_CTX_init( |
| <span class="self">self</span>.as_ptr(), |
| trust.as_ptr(), |
| cert.as_ptr(), |
| cert_chain.as_ptr(), |
| ))<span class="question-mark">?</span>; |
| |
| <span class="kw">let </span>cleanup = Cleanup(<span class="self">self</span>); |
| with_context(cleanup.<span class="number">0</span>) |
| } |
| } |
| |
| <span class="doccomment">/// Verifies the stored certificate. |
| /// |
| /// Returns `true` if verification succeeds. The `error` method will return the specific |
| /// validation error if the certificate was not valid. |
| /// |
| /// This will only work inside of a call to `init`. |
| </span><span class="attribute">#[corresponds(X509_verify_cert)] |
| </span><span class="kw">pub fn </span>verify_cert(<span class="kw-2">&mut </span><span class="self">self</span>) -> <span class="prelude-ty">Result</span><bool, ErrorStack> { |
| <span class="kw">unsafe </span>{ cvt_n(ffi::X509_verify_cert(<span class="self">self</span>.as_ptr())).map(|n| n != <span class="number">0</span>) } |
| } |
| |
| <span class="doccomment">/// Set the error code of the context. |
| </span><span class="attribute">#[corresponds(X509_STORE_CTX_set_error)] |
| </span><span class="kw">pub fn </span>set_error(<span class="kw-2">&mut </span><span class="self">self</span>, result: X509VerifyResult) { |
| <span class="kw">unsafe </span>{ |
| ffi::X509_STORE_CTX_set_error(<span class="self">self</span>.as_ptr(), result.as_raw()); |
| } |
| } |
| |
| <span class="doccomment">/// Returns a reference to the certificate which caused the error or None if |
| /// no certificate is relevant to the error. |
| </span><span class="attribute">#[corresponds(X509_STORE_CTX_get_current_cert)] |
| </span><span class="kw">pub fn </span>current_cert(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="prelude-ty">Option</span><<span class="kw-2">&</span>X509Ref> { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>ptr = ffi::X509_STORE_CTX_get_current_cert(<span class="self">self</span>.as_ptr()); |
| X509Ref::from_const_ptr_opt(ptr) |
| } |
| } |
| |
| <span class="doccomment">/// Returns a non-negative integer representing the depth in the certificate |
| /// chain where the error occurred. If it is zero it occurred in the end |
| /// entity certificate, one if it is the certificate which signed the end |
| /// entity certificate and so on. |
| </span><span class="attribute">#[corresponds(X509_STORE_CTX_get_error_depth)] |
| </span><span class="kw">pub fn </span>error_depth(<span class="kw-2">&</span><span class="self">self</span>) -> u32 { |
| <span class="kw">unsafe </span>{ ffi::X509_STORE_CTX_get_error_depth(<span class="self">self</span>.as_ptr()) <span class="kw">as </span>u32 } |
| } |
| |
| <span class="doccomment">/// Returns a reference to a complete valid `X509` certificate chain. |
| </span><span class="attribute">#[corresponds(X509_STORE_CTX_get0_chain)] |
| </span><span class="kw">pub fn </span>chain(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="prelude-ty">Option</span><<span class="kw-2">&</span>StackRef<X509>> { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>chain = X509_STORE_CTX_get0_chain(<span class="self">self</span>.as_ptr()); |
| |
| <span class="kw">if </span>chain.is_null() { |
| <span class="prelude-val">None |
| </span>} <span class="kw">else </span>{ |
| <span class="prelude-val">Some</span>(StackRef::from_ptr(chain)) |
| } |
| } |
| } |
| } |
| |
| <span class="doccomment">/// A builder used to construct an `X509`. |
| </span><span class="kw">pub struct </span>X509Builder(X509); |
| |
| <span class="kw">impl </span>X509Builder { |
| <span class="doccomment">/// Creates a new builder. |
| </span><span class="attribute">#[corresponds(X509_new)] |
| </span><span class="kw">pub fn </span>new() -> <span class="prelude-ty">Result</span><X509Builder, ErrorStack> { |
| <span class="kw">unsafe </span>{ |
| ffi::init(); |
| cvt_p(ffi::X509_new()).map(|p| X509Builder(X509(p))) |
| } |
| } |
| |
| <span class="doccomment">/// Sets the notAfter constraint on the certificate. |
| </span><span class="attribute">#[corresponds(X509_set1_notAfter)] |
| </span><span class="kw">pub fn </span>set_not_after(<span class="kw-2">&mut </span><span class="self">self</span>, not_after: <span class="kw-2">&</span>Asn1TimeRef) -> <span class="prelude-ty">Result</span><(), ErrorStack> { |
| <span class="kw">unsafe </span>{ cvt(X509_set1_notAfter(<span class="self">self</span>.<span class="number">0</span>.as_ptr(), not_after.as_ptr())).map(|<span class="kw">_</span>| ()) } |
| } |
| |
| <span class="doccomment">/// Sets the notBefore constraint on the certificate. |
| </span><span class="attribute">#[corresponds(X509_set1_notBefore)] |
| </span><span class="kw">pub fn </span>set_not_before(<span class="kw-2">&mut </span><span class="self">self</span>, not_before: <span class="kw-2">&</span>Asn1TimeRef) -> <span class="prelude-ty">Result</span><(), ErrorStack> { |
| <span class="kw">unsafe </span>{ cvt(X509_set1_notBefore(<span class="self">self</span>.<span class="number">0</span>.as_ptr(), not_before.as_ptr())).map(|<span class="kw">_</span>| ()) } |
| } |
| |
| <span class="doccomment">/// Sets the version of the certificate. |
| /// |
| /// Note that the version is zero-indexed; that is, a certificate corresponding to version 3 of |
| /// the X.509 standard should pass `2` to this method. |
| </span><span class="attribute">#[corresponds(X509_set_version)] |
| #[allow(clippy::useless_conversion)] |
| </span><span class="kw">pub fn </span>set_version(<span class="kw-2">&mut </span><span class="self">self</span>, version: i32) -> <span class="prelude-ty">Result</span><(), ErrorStack> { |
| <span class="kw">unsafe </span>{ cvt(ffi::X509_set_version(<span class="self">self</span>.<span class="number">0</span>.as_ptr(), version <span class="kw">as </span>c_long)).map(|<span class="kw">_</span>| ()) } |
| } |
| |
| <span class="doccomment">/// Sets the serial number of the certificate. |
| </span><span class="attribute">#[corresponds(X509_set_serialNumber)] |
| </span><span class="kw">pub fn </span>set_serial_number(<span class="kw-2">&mut </span><span class="self">self</span>, serial_number: <span class="kw-2">&</span>Asn1IntegerRef) -> <span class="prelude-ty">Result</span><(), ErrorStack> { |
| <span class="kw">unsafe </span>{ |
| cvt(ffi::X509_set_serialNumber( |
| <span class="self">self</span>.<span class="number">0</span>.as_ptr(), |
| serial_number.as_ptr(), |
| )) |
| .map(|<span class="kw">_</span>| ()) |
| } |
| } |
| |
| <span class="doccomment">/// Sets the issuer name of the certificate. |
| </span><span class="attribute">#[corresponds(X509_set_issuer_name)] |
| </span><span class="kw">pub fn </span>set_issuer_name(<span class="kw-2">&mut </span><span class="self">self</span>, issuer_name: <span class="kw-2">&</span>X509NameRef) -> <span class="prelude-ty">Result</span><(), ErrorStack> { |
| <span class="kw">unsafe </span>{ |
| cvt(ffi::X509_set_issuer_name( |
| <span class="self">self</span>.<span class="number">0</span>.as_ptr(), |
| issuer_name.as_ptr(), |
| )) |
| .map(|<span class="kw">_</span>| ()) |
| } |
| } |
| |
| <span class="doccomment">/// Sets the subject name of the certificate. |
| /// |
| /// When building certificates, the `C`, `ST`, and `O` options are common when using the openssl command line tools. |
| /// The `CN` field is used for the common name, such as a DNS name. |
| /// |
| /// ``` |
| /// use openssl::x509::{X509, X509NameBuilder}; |
| /// |
| /// let mut x509_name = openssl::x509::X509NameBuilder::new().unwrap(); |
| /// x509_name.append_entry_by_text("C", "US").unwrap(); |
| /// x509_name.append_entry_by_text("ST", "CA").unwrap(); |
| /// x509_name.append_entry_by_text("O", "Some organization").unwrap(); |
| /// x509_name.append_entry_by_text("CN", "www.example.com").unwrap(); |
| /// let x509_name = x509_name.build(); |
| /// |
| /// let mut x509 = openssl::x509::X509::builder().unwrap(); |
| /// x509.set_subject_name(&x509_name).unwrap(); |
| /// ``` |
| </span><span class="attribute">#[corresponds(X509_set_subject_name)] |
| </span><span class="kw">pub fn </span>set_subject_name(<span class="kw-2">&mut </span><span class="self">self</span>, subject_name: <span class="kw-2">&</span>X509NameRef) -> <span class="prelude-ty">Result</span><(), ErrorStack> { |
| <span class="kw">unsafe </span>{ |
| cvt(ffi::X509_set_subject_name( |
| <span class="self">self</span>.<span class="number">0</span>.as_ptr(), |
| subject_name.as_ptr(), |
| )) |
| .map(|<span class="kw">_</span>| ()) |
| } |
| } |
| |
| <span class="doccomment">/// Sets the public key associated with the certificate. |
| </span><span class="attribute">#[corresponds(X509_set_pubkey)] |
| </span><span class="kw">pub fn </span>set_pubkey<T>(<span class="kw-2">&mut </span><span class="self">self</span>, key: <span class="kw-2">&</span>PKeyRef<T>) -> <span class="prelude-ty">Result</span><(), ErrorStack> |
| <span class="kw">where |
| </span>T: HasPublic, |
| { |
| <span class="kw">unsafe </span>{ cvt(ffi::X509_set_pubkey(<span class="self">self</span>.<span class="number">0</span>.as_ptr(), key.as_ptr())).map(|<span class="kw">_</span>| ()) } |
| } |
| |
| <span class="doccomment">/// Returns a context object which is needed to create certain X509 extension values. |
| /// |
| /// Set `issuer` to `None` if the certificate will be self-signed. |
| </span><span class="attribute">#[corresponds(X509V3_set_ctx)] |
| </span><span class="kw">pub fn </span>x509v3_context<<span class="lifetime">'a</span>>( |
| <span class="kw-2">&</span><span class="lifetime">'a </span><span class="self">self</span>, |
| issuer: <span class="prelude-ty">Option</span><<span class="kw-2">&</span><span class="lifetime">'a </span>X509Ref>, |
| conf: <span class="prelude-ty">Option</span><<span class="kw-2">&</span><span class="lifetime">'a </span>ConfRef>, |
| ) -> X509v3Context<<span class="lifetime">'a</span>> { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span><span class="kw-2">mut </span>ctx = mem::zeroed(); |
| |
| <span class="kw">let </span>issuer = <span class="kw">match </span>issuer { |
| <span class="prelude-val">Some</span>(issuer) => issuer.as_ptr(), |
| <span class="prelude-val">None </span>=> <span class="self">self</span>.<span class="number">0</span>.as_ptr(), |
| }; |
| <span class="kw">let </span>subject = <span class="self">self</span>.<span class="number">0</span>.as_ptr(); |
| ffi::X509V3_set_ctx( |
| <span class="kw-2">&mut </span>ctx, |
| issuer, |
| subject, |
| ptr::null_mut(), |
| ptr::null_mut(), |
| <span class="number">0</span>, |
| ); |
| |
| <span class="comment">// nodb case taken care of since we zeroed ctx above |
| </span><span class="kw">if let </span><span class="prelude-val">Some</span>(conf) = conf { |
| ffi::X509V3_set_nconf(<span class="kw-2">&mut </span>ctx, conf.as_ptr()); |
| } |
| |
| X509v3Context(ctx, PhantomData) |
| } |
| } |
| |
| <span class="doccomment">/// Adds an X509 extension value to the certificate. |
| /// |
| /// This works just as `append_extension` except it takes ownership of the `X509Extension`. |
| </span><span class="kw">pub fn </span>append_extension(<span class="kw-2">&mut </span><span class="self">self</span>, extension: X509Extension) -> <span class="prelude-ty">Result</span><(), ErrorStack> { |
| <span class="self">self</span>.append_extension2(<span class="kw-2">&</span>extension) |
| } |
| |
| <span class="doccomment">/// Adds an X509 extension value to the certificate. |
| </span><span class="attribute">#[corresponds(X509_add_ext)] |
| </span><span class="kw">pub fn </span>append_extension2(<span class="kw-2">&mut </span><span class="self">self</span>, extension: <span class="kw-2">&</span>X509ExtensionRef) -> <span class="prelude-ty">Result</span><(), ErrorStack> { |
| <span class="kw">unsafe </span>{ |
| cvt(ffi::X509_add_ext(<span class="self">self</span>.<span class="number">0</span>.as_ptr(), extension.as_ptr(), -<span class="number">1</span>))<span class="question-mark">?</span>; |
| <span class="prelude-val">Ok</span>(()) |
| } |
| } |
| |
| <span class="doccomment">/// Signs the certificate with a private key. |
| </span><span class="attribute">#[corresponds(X509_sign)] |
| </span><span class="kw">pub fn </span>sign<T>(<span class="kw-2">&mut </span><span class="self">self</span>, key: <span class="kw-2">&</span>PKeyRef<T>, hash: MessageDigest) -> <span class="prelude-ty">Result</span><(), ErrorStack> |
| <span class="kw">where |
| </span>T: HasPrivate, |
| { |
| <span class="kw">unsafe </span>{ cvt(ffi::X509_sign(<span class="self">self</span>.<span class="number">0</span>.as_ptr(), key.as_ptr(), hash.as_ptr())).map(|<span class="kw">_</span>| ()) } |
| } |
| |
| <span class="doccomment">/// Consumes the builder, returning the certificate. |
| </span><span class="kw">pub fn </span>build(<span class="self">self</span>) -> X509 { |
| <span class="self">self</span>.<span class="number">0 |
| </span>} |
| } |
| |
| <span class="macro">foreign_type_and_impl_send_sync! </span>{ |
| <span class="kw">type </span>CType = ffi::X509; |
| <span class="kw">fn </span>drop = ffi::X509_free; |
| |
| <span class="doccomment">/// An `X509` public key certificate. |
| </span><span class="kw">pub struct </span>X509; |
| <span class="doccomment">/// Reference to `X509`. |
| </span><span class="kw">pub struct </span>X509Ref; |
| } |
| |
| <span class="attribute">#[cfg(boringssl)] |
| </span><span class="kw">type </span>X509LenTy = c_uint; |
| <span class="attribute">#[cfg(not(boringssl))] |
| </span><span class="kw">type </span>X509LenTy = c_int; |
| |
| <span class="kw">impl </span>X509Ref { |
| <span class="doccomment">/// Returns this certificate's subject name. |
| </span><span class="attribute">#[corresponds(X509_get_subject_name)] |
| </span><span class="kw">pub fn </span>subject_name(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="kw-2">&</span>X509NameRef { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>name = ffi::X509_get_subject_name(<span class="self">self</span>.as_ptr()); |
| X509NameRef::from_const_ptr_opt(name).expect(<span class="string">"subject name must not be null"</span>) |
| } |
| } |
| |
| <span class="doccomment">/// Returns the hash of the certificates subject |
| </span><span class="attribute">#[corresponds(X509_subject_name_hash)] |
| </span><span class="kw">pub fn </span>subject_name_hash(<span class="kw-2">&</span><span class="self">self</span>) -> u32 { |
| <span class="attribute">#[allow(clippy::unnecessary_cast)] |
| </span><span class="kw">unsafe </span>{ |
| ffi::X509_subject_name_hash(<span class="self">self</span>.as_ptr()) <span class="kw">as </span>u32 |
| } |
| } |
| |
| <span class="doccomment">/// Returns this certificate's issuer name. |
| </span><span class="attribute">#[corresponds(X509_get_issuer_name)] |
| </span><span class="kw">pub fn </span>issuer_name(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="kw-2">&</span>X509NameRef { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>name = ffi::X509_get_issuer_name(<span class="self">self</span>.as_ptr()); |
| X509NameRef::from_const_ptr_opt(name).expect(<span class="string">"issuer name must not be null"</span>) |
| } |
| } |
| |
| <span class="doccomment">/// Returns the hash of the certificates issuer |
| </span><span class="attribute">#[corresponds(X509_issuer_name_hash)] |
| </span><span class="kw">pub fn </span>issuer_name_hash(<span class="kw-2">&</span><span class="self">self</span>) -> u32 { |
| <span class="attribute">#[allow(clippy::unnecessary_cast)] |
| </span><span class="kw">unsafe </span>{ |
| ffi::X509_issuer_name_hash(<span class="self">self</span>.as_ptr()) <span class="kw">as </span>u32 |
| } |
| } |
| |
| <span class="doccomment">/// Returns this certificate's subject alternative name entries, if they exist. |
| </span><span class="attribute">#[corresponds(X509_get_ext_d2i)] |
| </span><span class="kw">pub fn </span>subject_alt_names(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="prelude-ty">Option</span><Stack<GeneralName>> { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>stack = ffi::X509_get_ext_d2i( |
| <span class="self">self</span>.as_ptr(), |
| ffi::NID_subject_alt_name, |
| ptr::null_mut(), |
| ptr::null_mut(), |
| ); |
| Stack::from_ptr_opt(stack <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>) |
| } |
| } |
| |
| <span class="doccomment">/// Returns this certificate's CRL distribution points, if they exist. |
| </span><span class="attribute">#[corresponds(X509_get_ext_d2i)] |
| </span><span class="kw">pub fn </span>crl_distribution_points(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="prelude-ty">Option</span><Stack<DistPoint>> { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>stack = ffi::X509_get_ext_d2i( |
| <span class="self">self</span>.as_ptr(), |
| ffi::NID_crl_distribution_points, |
| ptr::null_mut(), |
| ptr::null_mut(), |
| ); |
| Stack::from_ptr_opt(stack <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>) |
| } |
| } |
| |
| <span class="doccomment">/// Returns this certificate's issuer alternative name entries, if they exist. |
| </span><span class="attribute">#[corresponds(X509_get_ext_d2i)] |
| </span><span class="kw">pub fn </span>issuer_alt_names(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="prelude-ty">Option</span><Stack<GeneralName>> { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>stack = ffi::X509_get_ext_d2i( |
| <span class="self">self</span>.as_ptr(), |
| ffi::NID_issuer_alt_name, |
| ptr::null_mut(), |
| ptr::null_mut(), |
| ); |
| Stack::from_ptr_opt(stack <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>) |
| } |
| } |
| |
| <span class="doccomment">/// Returns this certificate's [`authority information access`] entries, if they exist. |
| /// |
| /// [`authority information access`]: https://tools.ietf.org/html/rfc5280#section-4.2.2.1 |
| </span><span class="attribute">#[corresponds(X509_get_ext_d2i)] |
| </span><span class="kw">pub fn </span>authority_info(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="prelude-ty">Option</span><Stack<AccessDescription>> { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>stack = ffi::X509_get_ext_d2i( |
| <span class="self">self</span>.as_ptr(), |
| ffi::NID_info_access, |
| ptr::null_mut(), |
| ptr::null_mut(), |
| ); |
| Stack::from_ptr_opt(stack <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>) |
| } |
| } |
| |
| <span class="doccomment">/// Retrieves the path length extension from a certificate, if it exists. |
| </span><span class="attribute">#[corresponds(X509_get_pathlen)] |
| #[cfg(ossl110)] |
| </span><span class="kw">pub fn </span>pathlen(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="prelude-ty">Option</span><u32> { |
| <span class="kw">let </span>v = <span class="kw">unsafe </span>{ ffi::X509_get_pathlen(<span class="self">self</span>.as_ptr()) }; |
| u32::try_from(v).ok() |
| } |
| |
| <span class="doccomment">/// Returns this certificate's subject key id, if it exists. |
| </span><span class="attribute">#[corresponds(X509_get0_subject_key_id)] |
| #[cfg(ossl110)] |
| </span><span class="kw">pub fn </span>subject_key_id(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="prelude-ty">Option</span><<span class="kw-2">&</span>Asn1OctetStringRef> { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>data = ffi::X509_get0_subject_key_id(<span class="self">self</span>.as_ptr()); |
| Asn1OctetStringRef::from_const_ptr_opt(data) |
| } |
| } |
| |
| <span class="doccomment">/// Returns this certificate's authority key id, if it exists. |
| </span><span class="attribute">#[corresponds(X509_get0_authority_key_id)] |
| #[cfg(ossl110)] |
| </span><span class="kw">pub fn </span>authority_key_id(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="prelude-ty">Option</span><<span class="kw-2">&</span>Asn1OctetStringRef> { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>data = ffi::X509_get0_authority_key_id(<span class="self">self</span>.as_ptr()); |
| Asn1OctetStringRef::from_const_ptr_opt(data) |
| } |
| } |
| |
| <span class="doccomment">/// Returns this certificate's authority issuer name entries, if they exist. |
| </span><span class="attribute">#[corresponds(X509_get0_authority_issuer)] |
| #[cfg(ossl111d)] |
| </span><span class="kw">pub fn </span>authority_issuer(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="prelude-ty">Option</span><<span class="kw-2">&</span>StackRef<GeneralName>> { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>stack = ffi::X509_get0_authority_issuer(<span class="self">self</span>.as_ptr()); |
| StackRef::from_const_ptr_opt(stack) |
| } |
| } |
| |
| <span class="doccomment">/// Returns this certificate's authority serial number, if it exists. |
| </span><span class="attribute">#[corresponds(X509_get0_authority_serial)] |
| #[cfg(ossl111d)] |
| </span><span class="kw">pub fn </span>authority_serial(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="prelude-ty">Option</span><<span class="kw-2">&</span>Asn1IntegerRef> { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>r = ffi::X509_get0_authority_serial(<span class="self">self</span>.as_ptr()); |
| Asn1IntegerRef::from_const_ptr_opt(r) |
| } |
| } |
| |
| <span class="attribute">#[corresponds(X509_get_pubkey)] |
| </span><span class="kw">pub fn </span>public_key(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="prelude-ty">Result</span><PKey<Public>, ErrorStack> { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>pkey = cvt_p(ffi::X509_get_pubkey(<span class="self">self</span>.as_ptr()))<span class="question-mark">?</span>; |
| <span class="prelude-val">Ok</span>(PKey::from_ptr(pkey)) |
| } |
| } |
| |
| <span class="doccomment">/// Returns a digest of the DER representation of the certificate. |
| </span><span class="attribute">#[corresponds(X509_digest)] |
| </span><span class="kw">pub fn </span>digest(<span class="kw-2">&</span><span class="self">self</span>, hash_type: MessageDigest) -> <span class="prelude-ty">Result</span><DigestBytes, ErrorStack> { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span><span class="kw-2">mut </span>digest = DigestBytes { |
| buf: [<span class="number">0</span>; ffi::EVP_MAX_MD_SIZE <span class="kw">as </span>usize], |
| len: ffi::EVP_MAX_MD_SIZE <span class="kw">as </span>usize, |
| }; |
| <span class="kw">let </span><span class="kw-2">mut </span>len = ffi::EVP_MAX_MD_SIZE <span class="kw">as </span>c_uint; |
| cvt(ffi::X509_digest( |
| <span class="self">self</span>.as_ptr(), |
| hash_type.as_ptr(), |
| digest.buf.as_mut_ptr() <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>, |
| <span class="kw-2">&mut </span>len, |
| ))<span class="question-mark">?</span>; |
| digest.len = len <span class="kw">as </span>usize; |
| |
| <span class="prelude-val">Ok</span>(digest) |
| } |
| } |
| |
| <span class="attribute">#[deprecated(since = <span class="string">"0.10.9"</span>, note = <span class="string">"renamed to digest"</span>)] |
| </span><span class="kw">pub fn </span>fingerprint(<span class="kw-2">&</span><span class="self">self</span>, hash_type: MessageDigest) -> <span class="prelude-ty">Result</span><Vec<u8>, ErrorStack> { |
| <span class="self">self</span>.digest(hash_type).map(|b| b.to_vec()) |
| } |
| |
| <span class="doccomment">/// Returns the certificate's Not After validity period. |
| </span><span class="attribute">#[corresponds(X509_getm_notAfter)] |
| </span><span class="kw">pub fn </span>not_after(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="kw-2">&</span>Asn1TimeRef { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>date = X509_getm_notAfter(<span class="self">self</span>.as_ptr()); |
| Asn1TimeRef::from_const_ptr_opt(date).expect(<span class="string">"not_after must not be null"</span>) |
| } |
| } |
| |
| <span class="doccomment">/// Returns the certificate's Not Before validity period. |
| </span><span class="attribute">#[corresponds(X509_getm_notBefore)] |
| </span><span class="kw">pub fn </span>not_before(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="kw-2">&</span>Asn1TimeRef { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>date = X509_getm_notBefore(<span class="self">self</span>.as_ptr()); |
| Asn1TimeRef::from_const_ptr_opt(date).expect(<span class="string">"not_before must not be null"</span>) |
| } |
| } |
| |
| <span class="doccomment">/// Returns the certificate's signature |
| </span><span class="attribute">#[corresponds(X509_get0_signature)] |
| </span><span class="kw">pub fn </span>signature(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="kw-2">&</span>Asn1BitStringRef { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span><span class="kw-2">mut </span>signature = ptr::null(); |
| X509_get0_signature(<span class="kw-2">&mut </span>signature, ptr::null_mut(), <span class="self">self</span>.as_ptr()); |
| Asn1BitStringRef::from_const_ptr_opt(signature).expect(<span class="string">"signature must not be null"</span>) |
| } |
| } |
| |
| <span class="doccomment">/// Returns the certificate's signature algorithm. |
| </span><span class="attribute">#[corresponds(X509_get0_signature)] |
| </span><span class="kw">pub fn </span>signature_algorithm(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="kw-2">&</span>X509AlgorithmRef { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span><span class="kw-2">mut </span>algor = ptr::null(); |
| X509_get0_signature(ptr::null_mut(), <span class="kw-2">&mut </span>algor, <span class="self">self</span>.as_ptr()); |
| X509AlgorithmRef::from_const_ptr_opt(algor) |
| .expect(<span class="string">"signature algorithm must not be null"</span>) |
| } |
| } |
| |
| <span class="doccomment">/// Returns the list of OCSP responder URLs specified in the certificate's Authority Information |
| /// Access field. |
| </span><span class="attribute">#[corresponds(X509_get1_ocsp)] |
| </span><span class="kw">pub fn </span>ocsp_responders(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="prelude-ty">Result</span><Stack<OpensslString>, ErrorStack> { |
| <span class="kw">unsafe </span>{ cvt_p(ffi::X509_get1_ocsp(<span class="self">self</span>.as_ptr())).map(|p| Stack::from_ptr(p)) } |
| } |
| |
| <span class="doccomment">/// Checks that this certificate issued `subject`. |
| </span><span class="attribute">#[corresponds(X509_check_issued)] |
| </span><span class="kw">pub fn </span>issued(<span class="kw-2">&</span><span class="self">self</span>, subject: <span class="kw-2">&</span>X509Ref) -> X509VerifyResult { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>r = ffi::X509_check_issued(<span class="self">self</span>.as_ptr(), subject.as_ptr()); |
| X509VerifyResult::from_raw(r) |
| } |
| } |
| |
| <span class="doccomment">/// Returns certificate version. If this certificate has no explicit version set, it defaults to |
| /// version 1. |
| /// |
| /// Note that `0` return value stands for version 1, `1` for version 2 and so on. |
| </span><span class="attribute">#[corresponds(X509_get_version)] |
| #[cfg(ossl110)] |
| #[allow(clippy::unnecessary_cast)] |
| </span><span class="kw">pub fn </span>version(<span class="kw-2">&</span><span class="self">self</span>) -> i32 { |
| <span class="kw">unsafe </span>{ ffi::X509_get_version(<span class="self">self</span>.as_ptr()) <span class="kw">as </span>i32 } |
| } |
| |
| <span class="doccomment">/// Check if the certificate is signed using the given public key. |
| /// |
| /// Only the signature is checked: no other checks (such as certificate chain validity) |
| /// are performed. |
| /// |
| /// Returns `true` if verification succeeds. |
| </span><span class="attribute">#[corresponds(X509_verify)] |
| </span><span class="kw">pub fn </span>verify<T>(<span class="kw-2">&</span><span class="self">self</span>, key: <span class="kw-2">&</span>PKeyRef<T>) -> <span class="prelude-ty">Result</span><bool, ErrorStack> |
| <span class="kw">where |
| </span>T: HasPublic, |
| { |
| <span class="kw">unsafe </span>{ cvt_n(ffi::X509_verify(<span class="self">self</span>.as_ptr(), key.as_ptr())).map(|n| n != <span class="number">0</span>) } |
| } |
| |
| <span class="doccomment">/// Returns this certificate's serial number. |
| </span><span class="attribute">#[corresponds(X509_get_serialNumber)] |
| </span><span class="kw">pub fn </span>serial_number(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="kw-2">&</span>Asn1IntegerRef { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>r = ffi::X509_get_serialNumber(<span class="self">self</span>.as_ptr()); |
| Asn1IntegerRef::from_const_ptr_opt(r).expect(<span class="string">"serial number must not be null"</span>) |
| } |
| } |
| |
| <span class="macro">to_pem! </span>{ |
| <span class="doccomment">/// Serializes the certificate into a PEM-encoded X509 structure. |
| /// |
| /// The output will have a header of `-----BEGIN CERTIFICATE-----`. |
| </span><span class="attribute">#[corresponds(PEM_write_bio_X509)] |
| </span>to_pem, |
| ffi::PEM_write_bio_X509 |
| } |
| |
| <span class="macro">to_der! </span>{ |
| <span class="doccomment">/// Serializes the certificate into a DER-encoded X509 structure. |
| </span><span class="attribute">#[corresponds(i2d_X509)] |
| </span>to_der, |
| ffi::i2d_X509 |
| } |
| |
| <span class="macro">to_pem! </span>{ |
| <span class="doccomment">/// Converts the certificate to human readable text. |
| </span><span class="attribute">#[corresponds(X509_print)] |
| </span>to_text, |
| ffi::X509_print |
| } |
| } |
| |
| <span class="kw">impl </span>ToOwned <span class="kw">for </span>X509Ref { |
| <span class="kw">type </span>Owned = X509; |
| |
| <span class="kw">fn </span>to_owned(<span class="kw-2">&</span><span class="self">self</span>) -> X509 { |
| <span class="kw">unsafe </span>{ |
| X509_up_ref(<span class="self">self</span>.as_ptr()); |
| X509::from_ptr(<span class="self">self</span>.as_ptr()) |
| } |
| } |
| } |
| |
| <span class="kw">impl </span>Ord <span class="kw">for </span>X509Ref { |
| <span class="kw">fn </span>cmp(<span class="kw-2">&</span><span class="self">self</span>, other: <span class="kw-2">&</span><span class="self">Self</span>) -> cmp::Ordering { |
| <span class="comment">// X509_cmp returns a number <0 for less than, 0 for equal and >0 for greater than. |
| // It can't fail if both pointers are valid, which we know is true. |
| </span><span class="kw">let </span>cmp = <span class="kw">unsafe </span>{ ffi::X509_cmp(<span class="self">self</span>.as_ptr(), other.as_ptr()) }; |
| cmp.cmp(<span class="kw-2">&</span><span class="number">0</span>) |
| } |
| } |
| |
| <span class="kw">impl </span>PartialOrd <span class="kw">for </span>X509Ref { |
| <span class="kw">fn </span>partial_cmp(<span class="kw-2">&</span><span class="self">self</span>, other: <span class="kw-2">&</span><span class="self">Self</span>) -> <span class="prelude-ty">Option</span><cmp::Ordering> { |
| <span class="prelude-val">Some</span>(<span class="self">self</span>.cmp(other)) |
| } |
| } |
| |
| <span class="kw">impl </span>PartialOrd<X509> <span class="kw">for </span>X509Ref { |
| <span class="kw">fn </span>partial_cmp(<span class="kw-2">&</span><span class="self">self</span>, other: <span class="kw-2">&</span>X509) -> <span class="prelude-ty">Option</span><cmp::Ordering> { |
| <X509Ref <span class="kw">as </span>PartialOrd<X509Ref>>::partial_cmp(<span class="self">self</span>, other) |
| } |
| } |
| |
| <span class="kw">impl </span>PartialEq <span class="kw">for </span>X509Ref { |
| <span class="kw">fn </span>eq(<span class="kw-2">&</span><span class="self">self</span>, other: <span class="kw-2">&</span><span class="self">Self</span>) -> bool { |
| <span class="self">self</span>.cmp(other) == cmp::Ordering::Equal |
| } |
| } |
| |
| <span class="kw">impl </span>PartialEq<X509> <span class="kw">for </span>X509Ref { |
| <span class="kw">fn </span>eq(<span class="kw-2">&</span><span class="self">self</span>, other: <span class="kw-2">&</span>X509) -> bool { |
| <X509Ref <span class="kw">as </span>PartialEq<X509Ref>>::eq(<span class="self">self</span>, other) |
| } |
| } |
| |
| <span class="kw">impl </span>Eq <span class="kw">for </span>X509Ref {} |
| |
| <span class="kw">impl </span>X509 { |
| <span class="doccomment">/// Returns a new builder. |
| </span><span class="kw">pub fn </span>builder() -> <span class="prelude-ty">Result</span><X509Builder, ErrorStack> { |
| X509Builder::new() |
| } |
| |
| <span class="macro">from_pem! </span>{ |
| <span class="doccomment">/// Deserializes a PEM-encoded X509 structure. |
| /// |
| /// The input should have a header of `-----BEGIN CERTIFICATE-----`. |
| </span><span class="attribute">#[corresponds(PEM_read_bio_X509)] |
| </span>from_pem, |
| X509, |
| ffi::PEM_read_bio_X509 |
| } |
| |
| <span class="macro">from_der! </span>{ |
| <span class="doccomment">/// Deserializes a DER-encoded X509 structure. |
| </span><span class="attribute">#[corresponds(d2i_X509)] |
| </span>from_der, |
| X509, |
| ffi::d2i_X509 |
| } |
| |
| <span class="doccomment">/// Deserializes a list of PEM-formatted certificates. |
| </span><span class="attribute">#[corresponds(PEM_read_bio_X509)] |
| </span><span class="kw">pub fn </span>stack_from_pem(pem: <span class="kw-2">&</span>[u8]) -> <span class="prelude-ty">Result</span><Vec<X509>, ErrorStack> { |
| <span class="kw">unsafe </span>{ |
| ffi::init(); |
| <span class="kw">let </span>bio = MemBioSlice::new(pem)<span class="question-mark">?</span>; |
| |
| <span class="kw">let </span><span class="kw-2">mut </span>certs = <span class="macro">vec!</span>[]; |
| <span class="kw">loop </span>{ |
| <span class="kw">let </span>r = |
| ffi::PEM_read_bio_X509(bio.as_ptr(), ptr::null_mut(), <span class="prelude-val">None</span>, ptr::null_mut()); |
| <span class="kw">if </span>r.is_null() { |
| <span class="kw">let </span>err = ffi::ERR_peek_last_error(); |
| <span class="kw">if </span>ffi::ERR_GET_LIB(err) <span class="kw">as </span>X509LenTy == ffi::ERR_LIB_PEM |
| && ffi::ERR_GET_REASON(err) == ffi::PEM_R_NO_START_LINE |
| { |
| ffi::ERR_clear_error(); |
| <span class="kw">break</span>; |
| } |
| |
| <span class="kw">return </span><span class="prelude-val">Err</span>(ErrorStack::get()); |
| } <span class="kw">else </span>{ |
| certs.push(X509(r)); |
| } |
| } |
| |
| <span class="prelude-val">Ok</span>(certs) |
| } |
| } |
| } |
| |
| <span class="kw">impl </span>Clone <span class="kw">for </span>X509 { |
| <span class="kw">fn </span>clone(<span class="kw-2">&</span><span class="self">self</span>) -> X509 { |
| X509Ref::to_owned(<span class="self">self</span>) |
| } |
| } |
| |
| <span class="kw">impl </span>fmt::Debug <span class="kw">for </span>X509 { |
| <span class="kw">fn </span>fmt(<span class="kw-2">&</span><span class="self">self</span>, formatter: <span class="kw-2">&mut </span>fmt::Formatter<<span class="lifetime">'_</span>>) -> fmt::Result { |
| <span class="kw">let </span>serial = <span class="kw">match </span><span class="kw-2">&</span><span class="self">self</span>.serial_number().to_bn() { |
| <span class="prelude-val">Ok</span>(bn) => <span class="kw">match </span>bn.to_hex_str() { |
| <span class="prelude-val">Ok</span>(hex) => hex.to_string(), |
| <span class="prelude-val">Err</span>(<span class="kw">_</span>) => <span class="string">""</span>.to_string(), |
| }, |
| <span class="prelude-val">Err</span>(<span class="kw">_</span>) => <span class="string">""</span>.to_string(), |
| }; |
| <span class="kw">let </span><span class="kw-2">mut </span>debug_struct = formatter.debug_struct(<span class="string">"X509"</span>); |
| debug_struct.field(<span class="string">"serial_number"</span>, <span class="kw-2">&</span>serial); |
| debug_struct.field(<span class="string">"signature_algorithm"</span>, <span class="kw-2">&</span><span class="self">self</span>.signature_algorithm().object()); |
| debug_struct.field(<span class="string">"issuer"</span>, <span class="kw-2">&</span><span class="self">self</span>.issuer_name()); |
| debug_struct.field(<span class="string">"subject"</span>, <span class="kw-2">&</span><span class="self">self</span>.subject_name()); |
| <span class="kw">if let </span><span class="prelude-val">Some</span>(subject_alt_names) = <span class="kw-2">&</span><span class="self">self</span>.subject_alt_names() { |
| debug_struct.field(<span class="string">"subject_alt_names"</span>, subject_alt_names); |
| } |
| debug_struct.field(<span class="string">"not_before"</span>, <span class="kw-2">&</span><span class="self">self</span>.not_before()); |
| debug_struct.field(<span class="string">"not_after"</span>, <span class="kw-2">&</span><span class="self">self</span>.not_after()); |
| |
| <span class="kw">if let </span><span class="prelude-val">Ok</span>(public_key) = <span class="kw-2">&</span><span class="self">self</span>.public_key() { |
| debug_struct.field(<span class="string">"public_key"</span>, public_key); |
| }; |
| <span class="comment">// TODO: Print extensions once they are supported on the X509 struct. |
| |
| </span>debug_struct.finish() |
| } |
| } |
| |
| <span class="kw">impl </span>AsRef<X509Ref> <span class="kw">for </span>X509Ref { |
| <span class="kw">fn </span>as_ref(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="kw-2">&</span>X509Ref { |
| <span class="self">self |
| </span>} |
| } |
| |
| <span class="kw">impl </span>Stackable <span class="kw">for </span>X509 { |
| <span class="kw">type </span>StackType = ffi::stack_st_X509; |
| } |
| |
| <span class="kw">impl </span>Ord <span class="kw">for </span>X509 { |
| <span class="kw">fn </span>cmp(<span class="kw-2">&</span><span class="self">self</span>, other: <span class="kw-2">&</span><span class="self">Self</span>) -> cmp::Ordering { |
| X509Ref::cmp(<span class="self">self</span>, other) |
| } |
| } |
| |
| <span class="kw">impl </span>PartialOrd <span class="kw">for </span>X509 { |
| <span class="kw">fn </span>partial_cmp(<span class="kw-2">&</span><span class="self">self</span>, other: <span class="kw-2">&</span><span class="self">Self</span>) -> <span class="prelude-ty">Option</span><cmp::Ordering> { |
| X509Ref::partial_cmp(<span class="self">self</span>, other) |
| } |
| } |
| |
| <span class="kw">impl </span>PartialOrd<X509Ref> <span class="kw">for </span>X509 { |
| <span class="kw">fn </span>partial_cmp(<span class="kw-2">&</span><span class="self">self</span>, other: <span class="kw-2">&</span>X509Ref) -> <span class="prelude-ty">Option</span><cmp::Ordering> { |
| X509Ref::partial_cmp(<span class="self">self</span>, other) |
| } |
| } |
| |
| <span class="kw">impl </span>PartialEq <span class="kw">for </span>X509 { |
| <span class="kw">fn </span>eq(<span class="kw-2">&</span><span class="self">self</span>, other: <span class="kw-2">&</span><span class="self">Self</span>) -> bool { |
| X509Ref::eq(<span class="self">self</span>, other) |
| } |
| } |
| |
| <span class="kw">impl </span>PartialEq<X509Ref> <span class="kw">for </span>X509 { |
| <span class="kw">fn </span>eq(<span class="kw-2">&</span><span class="self">self</span>, other: <span class="kw-2">&</span>X509Ref) -> bool { |
| X509Ref::eq(<span class="self">self</span>, other) |
| } |
| } |
| |
| <span class="kw">impl </span>Eq <span class="kw">for </span>X509 {} |
| |
| <span class="doccomment">/// A context object required to construct certain `X509` extension values. |
| </span><span class="kw">pub struct </span>X509v3Context<<span class="lifetime">'a</span>>(ffi::X509V3_CTX, PhantomData<(<span class="kw-2">&</span><span class="lifetime">'a </span>X509Ref, <span class="kw-2">&</span><span class="lifetime">'a </span>ConfRef)>); |
| |
| <span class="kw">impl</span><<span class="lifetime">'a</span>> X509v3Context<<span class="lifetime">'a</span>> { |
| <span class="kw">pub fn </span>as_ptr(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="kw-2">*mut </span>ffi::X509V3_CTX { |
| <span class="kw-2">&</span><span class="self">self</span>.<span class="number">0 </span><span class="kw">as </span><span class="kw-2">*const </span><span class="kw">_ as </span><span class="kw-2">*mut </span><span class="kw">_ |
| </span>} |
| } |
| |
| <span class="macro">foreign_type_and_impl_send_sync! </span>{ |
| <span class="kw">type </span>CType = ffi::X509_EXTENSION; |
| <span class="kw">fn </span>drop = ffi::X509_EXTENSION_free; |
| |
| <span class="doccomment">/// Permit additional fields to be added to an `X509` v3 certificate. |
| </span><span class="kw">pub struct </span>X509Extension; |
| <span class="doccomment">/// Reference to `X509Extension`. |
| </span><span class="kw">pub struct </span>X509ExtensionRef; |
| } |
| |
| <span class="kw">impl </span>Stackable <span class="kw">for </span>X509Extension { |
| <span class="kw">type </span>StackType = ffi::stack_st_X509_EXTENSION; |
| } |
| |
| <span class="kw">impl </span>X509Extension { |
| <span class="doccomment">/// Constructs an X509 extension value. See `man x509v3_config` for information on supported |
| /// names and their value formats. |
| /// |
| /// Some extension types, such as `subjectAlternativeName`, require an `X509v3Context` to be |
| /// provided. |
| /// |
| /// DO NOT CALL THIS WITH UNTRUSTED `value`: `value` is an OpenSSL |
| /// mini-language that can read arbitrary files. |
| /// |
| /// See the extension module for builder types which will construct certain common extensions. |
| /// |
| /// This function is deprecated, `X509Extension::new_from_der` or the |
| /// types in `x509::extension` should be used in its place. |
| </span><span class="attribute">#[deprecated( |
| note = <span class="string">"Use x509::extension types or new_from_der instead"</span>, |
| since = <span class="string">"0.10.51" |
| </span>)] |
| </span><span class="kw">pub fn </span>new( |
| conf: <span class="prelude-ty">Option</span><<span class="kw-2">&</span>ConfRef>, |
| context: <span class="prelude-ty">Option</span><<span class="kw-2">&</span>X509v3Context<<span class="lifetime">'_</span>>>, |
| name: <span class="kw-2">&</span>str, |
| value: <span class="kw-2">&</span>str, |
| ) -> <span class="prelude-ty">Result</span><X509Extension, ErrorStack> { |
| <span class="kw">let </span>name = CString::new(name).unwrap(); |
| <span class="kw">let </span>value = CString::new(value).unwrap(); |
| <span class="kw">let </span><span class="kw-2">mut </span>ctx; |
| <span class="kw">unsafe </span>{ |
| ffi::init(); |
| <span class="kw">let </span>conf = conf.map_or(ptr::null_mut(), ConfRef::as_ptr); |
| <span class="kw">let </span>context_ptr = <span class="kw">match </span>context { |
| <span class="prelude-val">Some</span>(c) => c.as_ptr(), |
| <span class="prelude-val">None </span>=> { |
| ctx = mem::zeroed(); |
| |
| ffi::X509V3_set_ctx( |
| <span class="kw-2">&mut </span>ctx, |
| ptr::null_mut(), |
| ptr::null_mut(), |
| ptr::null_mut(), |
| ptr::null_mut(), |
| <span class="number">0</span>, |
| ); |
| <span class="kw-2">&mut </span>ctx |
| } |
| }; |
| <span class="kw">let </span>name = name.as_ptr() <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>; |
| <span class="kw">let </span>value = value.as_ptr() <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>; |
| |
| cvt_p(ffi::X509V3_EXT_nconf(conf, context_ptr, name, value)).map(X509Extension) |
| } |
| } |
| |
| <span class="doccomment">/// Constructs an X509 extension value. See `man x509v3_config` for information on supported |
| /// extensions and their value formats. |
| /// |
| /// Some extension types, such as `nid::SUBJECT_ALTERNATIVE_NAME`, require an `X509v3Context` to |
| /// be provided. |
| /// |
| /// DO NOT CALL THIS WITH UNTRUSTED `value`: `value` is an OpenSSL |
| /// mini-language that can read arbitrary files. |
| /// |
| /// See the extension module for builder types which will construct certain common extensions. |
| /// |
| /// This function is deprecated, `X509Extension::new_from_der` or the |
| /// types in `x509::extension` should be used in its place. |
| </span><span class="attribute">#[deprecated( |
| note = <span class="string">"Use x509::extension types or new_from_der instead"</span>, |
| since = <span class="string">"0.10.51" |
| </span>)] |
| </span><span class="kw">pub fn </span>new_nid( |
| conf: <span class="prelude-ty">Option</span><<span class="kw-2">&</span>ConfRef>, |
| context: <span class="prelude-ty">Option</span><<span class="kw-2">&</span>X509v3Context<<span class="lifetime">'_</span>>>, |
| name: Nid, |
| value: <span class="kw-2">&</span>str, |
| ) -> <span class="prelude-ty">Result</span><X509Extension, ErrorStack> { |
| <span class="kw">let </span>value = CString::new(value).unwrap(); |
| <span class="kw">let </span><span class="kw-2">mut </span>ctx; |
| <span class="kw">unsafe </span>{ |
| ffi::init(); |
| <span class="kw">let </span>conf = conf.map_or(ptr::null_mut(), ConfRef::as_ptr); |
| <span class="kw">let </span>context_ptr = <span class="kw">match </span>context { |
| <span class="prelude-val">Some</span>(c) => c.as_ptr(), |
| <span class="prelude-val">None </span>=> { |
| ctx = mem::zeroed(); |
| |
| ffi::X509V3_set_ctx( |
| <span class="kw-2">&mut </span>ctx, |
| ptr::null_mut(), |
| ptr::null_mut(), |
| ptr::null_mut(), |
| ptr::null_mut(), |
| <span class="number">0</span>, |
| ); |
| <span class="kw-2">&mut </span>ctx |
| } |
| }; |
| <span class="kw">let </span>name = name.as_raw(); |
| <span class="kw">let </span>value = value.as_ptr() <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>; |
| |
| cvt_p(ffi::X509V3_EXT_nconf_nid(conf, context_ptr, name, value)).map(X509Extension) |
| } |
| } |
| |
| <span class="doccomment">/// Constructs a new X509 extension value from its OID, whether it's |
| /// critical, and its DER contents. |
| /// |
| /// The extent structure of the DER value will vary based on the |
| /// extension type, and can generally be found in the RFC defining the |
| /// extension. |
| /// |
| /// For common extension types, there are Rust APIs provided in |
| /// `openssl::x509::extensions` which are more ergonomic. |
| </span><span class="kw">pub fn </span>new_from_der( |
| oid: <span class="kw-2">&</span>Asn1ObjectRef, |
| critical: bool, |
| der_contents: <span class="kw-2">&</span>Asn1OctetStringRef, |
| ) -> <span class="prelude-ty">Result</span><X509Extension, ErrorStack> { |
| <span class="kw">unsafe </span>{ |
| cvt_p(ffi::X509_EXTENSION_create_by_OBJ( |
| ptr::null_mut(), |
| oid.as_ptr(), |
| critical <span class="kw">as _</span>, |
| der_contents.as_ptr(), |
| )) |
| .map(X509Extension) |
| } |
| } |
| |
| <span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">unsafe fn </span>new_internal( |
| nid: Nid, |
| critical: bool, |
| value: <span class="kw-2">*mut </span>c_void, |
| ) -> <span class="prelude-ty">Result</span><X509Extension, ErrorStack> { |
| ffi::init(); |
| cvt_p(ffi::X509V3_EXT_i2d(nid.as_raw(), critical <span class="kw">as _</span>, value)).map(X509Extension) |
| } |
| |
| <span class="doccomment">/// Adds an alias for an extension |
| /// |
| /// # Safety |
| /// |
| /// This method modifies global state without locking and therefore is not thread safe |
| </span><span class="attribute">#[corresponds(X509V3_EXT_add_alias)] |
| #[deprecated( |
| note = <span class="string">"Use x509::extension types or new_from_der and then this is not necessary"</span>, |
| since = <span class="string">"0.10.51" |
| </span>)] |
| </span><span class="kw">pub unsafe fn </span>add_alias(to: Nid, from: Nid) -> <span class="prelude-ty">Result</span><(), ErrorStack> { |
| ffi::init(); |
| cvt(ffi::X509V3_EXT_add_alias(to.as_raw(), from.as_raw())).map(|<span class="kw">_</span>| ()) |
| } |
| } |
| |
| <span class="kw">impl </span>X509ExtensionRef { |
| <span class="macro">to_der! </span>{ |
| <span class="doccomment">/// Serializes the Extension to its standard DER encoding. |
| </span><span class="attribute">#[corresponds(i2d_X509_EXTENSION)] |
| </span>to_der, |
| ffi::i2d_X509_EXTENSION |
| } |
| } |
| |
| <span class="doccomment">/// A builder used to construct an `X509Name`. |
| </span><span class="kw">pub struct </span>X509NameBuilder(X509Name); |
| |
| <span class="kw">impl </span>X509NameBuilder { |
| <span class="doccomment">/// Creates a new builder. |
| </span><span class="kw">pub fn </span>new() -> <span class="prelude-ty">Result</span><X509NameBuilder, ErrorStack> { |
| <span class="kw">unsafe </span>{ |
| ffi::init(); |
| cvt_p(ffi::X509_NAME_new()).map(|p| X509NameBuilder(X509Name(p))) |
| } |
| } |
| |
| <span class="doccomment">/// Add a name entry |
| </span><span class="attribute">#[corresponds(X509_NAME_add_entry)] |
| #[cfg(any(ossl101, libressl350))] |
| </span><span class="kw">pub fn </span>append_entry(<span class="kw-2">&mut </span><span class="self">self</span>, ne: <span class="kw-2">&</span>X509NameEntryRef) -> std::result::Result<(), ErrorStack> { |
| <span class="kw">unsafe </span>{ |
| cvt(ffi::X509_NAME_add_entry( |
| <span class="self">self</span>.<span class="number">0</span>.as_ptr(), |
| ne.as_ptr(), |
| -<span class="number">1</span>, |
| <span class="number">0</span>, |
| )) |
| .map(|<span class="kw">_</span>| ()) |
| } |
| } |
| |
| <span class="doccomment">/// Add a field entry by str. |
| /// |
| /// This corresponds to [`X509_NAME_add_entry_by_txt`]. |
| /// |
| /// [`X509_NAME_add_entry_by_txt`]: https://www.openssl.org/docs/manmaster/crypto/X509_NAME_add_entry_by_txt.html |
| </span><span class="kw">pub fn </span>append_entry_by_text(<span class="kw-2">&mut </span><span class="self">self</span>, field: <span class="kw-2">&</span>str, value: <span class="kw-2">&</span>str) -> <span class="prelude-ty">Result</span><(), ErrorStack> { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>field = CString::new(field).unwrap(); |
| <span class="macro">assert!</span>(value.len() <= <span class="kw">crate</span>::SLenType::max_value() <span class="kw">as </span>usize); |
| cvt(ffi::X509_NAME_add_entry_by_txt( |
| <span class="self">self</span>.<span class="number">0</span>.as_ptr(), |
| field.as_ptr() <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>, |
| ffi::MBSTRING_UTF8, |
| value.as_ptr(), |
| value.len() <span class="kw">as </span><span class="kw">crate</span>::SLenType, |
| -<span class="number">1</span>, |
| <span class="number">0</span>, |
| )) |
| .map(|<span class="kw">_</span>| ()) |
| } |
| } |
| |
| <span class="doccomment">/// Add a field entry by str with a specific type. |
| /// |
| /// This corresponds to [`X509_NAME_add_entry_by_txt`]. |
| /// |
| /// [`X509_NAME_add_entry_by_txt`]: https://www.openssl.org/docs/manmaster/crypto/X509_NAME_add_entry_by_txt.html |
| </span><span class="kw">pub fn </span>append_entry_by_text_with_type( |
| <span class="kw-2">&mut </span><span class="self">self</span>, |
| field: <span class="kw-2">&</span>str, |
| value: <span class="kw-2">&</span>str, |
| ty: Asn1Type, |
| ) -> <span class="prelude-ty">Result</span><(), ErrorStack> { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>field = CString::new(field).unwrap(); |
| <span class="macro">assert!</span>(value.len() <= <span class="kw">crate</span>::SLenType::max_value() <span class="kw">as </span>usize); |
| cvt(ffi::X509_NAME_add_entry_by_txt( |
| <span class="self">self</span>.<span class="number">0</span>.as_ptr(), |
| field.as_ptr() <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>, |
| ty.as_raw(), |
| value.as_ptr(), |
| value.len() <span class="kw">as </span><span class="kw">crate</span>::SLenType, |
| -<span class="number">1</span>, |
| <span class="number">0</span>, |
| )) |
| .map(|<span class="kw">_</span>| ()) |
| } |
| } |
| |
| <span class="doccomment">/// Add a field entry by NID. |
| /// |
| /// This corresponds to [`X509_NAME_add_entry_by_NID`]. |
| /// |
| /// [`X509_NAME_add_entry_by_NID`]: https://www.openssl.org/docs/manmaster/crypto/X509_NAME_add_entry_by_NID.html |
| </span><span class="kw">pub fn </span>append_entry_by_nid(<span class="kw-2">&mut </span><span class="self">self</span>, field: Nid, value: <span class="kw-2">&</span>str) -> <span class="prelude-ty">Result</span><(), ErrorStack> { |
| <span class="kw">unsafe </span>{ |
| <span class="macro">assert!</span>(value.len() <= <span class="kw">crate</span>::SLenType::max_value() <span class="kw">as </span>usize); |
| cvt(ffi::X509_NAME_add_entry_by_NID( |
| <span class="self">self</span>.<span class="number">0</span>.as_ptr(), |
| field.as_raw(), |
| ffi::MBSTRING_UTF8, |
| value.as_ptr() <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>, |
| value.len() <span class="kw">as </span><span class="kw">crate</span>::SLenType, |
| -<span class="number">1</span>, |
| <span class="number">0</span>, |
| )) |
| .map(|<span class="kw">_</span>| ()) |
| } |
| } |
| |
| <span class="doccomment">/// Add a field entry by NID with a specific type. |
| /// |
| /// This corresponds to [`X509_NAME_add_entry_by_NID`]. |
| /// |
| /// [`X509_NAME_add_entry_by_NID`]: https://www.openssl.org/docs/manmaster/crypto/X509_NAME_add_entry_by_NID.html |
| </span><span class="kw">pub fn </span>append_entry_by_nid_with_type( |
| <span class="kw-2">&mut </span><span class="self">self</span>, |
| field: Nid, |
| value: <span class="kw-2">&</span>str, |
| ty: Asn1Type, |
| ) -> <span class="prelude-ty">Result</span><(), ErrorStack> { |
| <span class="kw">unsafe </span>{ |
| <span class="macro">assert!</span>(value.len() <= <span class="kw">crate</span>::SLenType::max_value() <span class="kw">as </span>usize); |
| cvt(ffi::X509_NAME_add_entry_by_NID( |
| <span class="self">self</span>.<span class="number">0</span>.as_ptr(), |
| field.as_raw(), |
| ty.as_raw(), |
| value.as_ptr() <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>, |
| value.len() <span class="kw">as </span><span class="kw">crate</span>::SLenType, |
| -<span class="number">1</span>, |
| <span class="number">0</span>, |
| )) |
| .map(|<span class="kw">_</span>| ()) |
| } |
| } |
| |
| <span class="doccomment">/// Return an `X509Name`. |
| </span><span class="kw">pub fn </span>build(<span class="self">self</span>) -> X509Name { |
| <span class="comment">// Round-trip through bytes because OpenSSL is not const correct and |
| // names in a "modified" state compute various things lazily. This can |
| // lead to data-races because OpenSSL doesn't have locks or anything. |
| </span>X509Name::from_der(<span class="kw-2">&</span><span class="self">self</span>.<span class="number">0</span>.to_der().unwrap()).unwrap() |
| } |
| } |
| |
| <span class="macro">foreign_type_and_impl_send_sync! </span>{ |
| <span class="kw">type </span>CType = ffi::X509_NAME; |
| <span class="kw">fn </span>drop = ffi::X509_NAME_free; |
| |
| <span class="doccomment">/// The names of an `X509` certificate. |
| </span><span class="kw">pub struct </span>X509Name; |
| <span class="doccomment">/// Reference to `X509Name`. |
| </span><span class="kw">pub struct </span>X509NameRef; |
| } |
| |
| <span class="kw">impl </span>X509Name { |
| <span class="doccomment">/// Returns a new builder. |
| </span><span class="kw">pub fn </span>builder() -> <span class="prelude-ty">Result</span><X509NameBuilder, ErrorStack> { |
| X509NameBuilder::new() |
| } |
| |
| <span class="doccomment">/// Loads subject names from a file containing PEM-formatted certificates. |
| /// |
| /// This is commonly used in conjunction with `SslContextBuilder::set_client_ca_list`. |
| </span><span class="kw">pub fn </span>load_client_ca_file<P: AsRef<Path>>(file: P) -> <span class="prelude-ty">Result</span><Stack<X509Name>, ErrorStack> { |
| <span class="kw">let </span>file = CString::new(file.as_ref().as_os_str().to_str().unwrap()).unwrap(); |
| <span class="kw">unsafe </span>{ cvt_p(ffi::SSL_load_client_CA_file(file.as_ptr())).map(|p| Stack::from_ptr(p)) } |
| } |
| |
| <span class="macro">from_der! </span>{ |
| <span class="doccomment">/// Deserializes a DER-encoded X509 name structure. |
| /// |
| /// This corresponds to [`d2i_X509_NAME`]. |
| /// |
| /// [`d2i_X509_NAME`]: https://www.openssl.org/docs/manmaster/man3/d2i_X509_NAME.html |
| </span>from_der, |
| X509Name, |
| ffi::d2i_X509_NAME |
| } |
| } |
| |
| <span class="kw">impl </span>Stackable <span class="kw">for </span>X509Name { |
| <span class="kw">type </span>StackType = ffi::stack_st_X509_NAME; |
| } |
| |
| <span class="kw">impl </span>X509NameRef { |
| <span class="doccomment">/// Returns the name entries by the nid. |
| </span><span class="kw">pub fn </span>entries_by_nid(<span class="kw-2">&</span><span class="self">self</span>, nid: Nid) -> X509NameEntries<<span class="lifetime">'_</span>> { |
| X509NameEntries { |
| name: <span class="self">self</span>, |
| nid: <span class="prelude-val">Some</span>(nid), |
| loc: -<span class="number">1</span>, |
| } |
| } |
| |
| <span class="doccomment">/// Returns an iterator over all `X509NameEntry` values |
| </span><span class="kw">pub fn </span>entries(<span class="kw-2">&</span><span class="self">self</span>) -> X509NameEntries<<span class="lifetime">'_</span>> { |
| X509NameEntries { |
| name: <span class="self">self</span>, |
| nid: <span class="prelude-val">None</span>, |
| loc: -<span class="number">1</span>, |
| } |
| } |
| |
| <span class="doccomment">/// Compare two names, like [`Ord`] but it may fail. |
| /// |
| /// With OpenSSL versions from 3.0.0 this may return an error if the underlying `X509_NAME_cmp` |
| /// call fails. |
| /// For OpenSSL versions before 3.0.0 it will never return an error, but due to a bug it may |
| /// spuriously return `Ordering::Less` if the `X509_NAME_cmp` call fails. |
| </span><span class="attribute">#[corresponds(X509_NAME_cmp)] |
| </span><span class="kw">pub fn </span>try_cmp(<span class="kw-2">&</span><span class="self">self</span>, other: <span class="kw-2">&</span>X509NameRef) -> <span class="prelude-ty">Result</span><Ordering, ErrorStack> { |
| <span class="kw">let </span>cmp = <span class="kw">unsafe </span>{ ffi::X509_NAME_cmp(<span class="self">self</span>.as_ptr(), other.as_ptr()) }; |
| <span class="kw">if </span><span class="macro">cfg!</span>(ossl300) && cmp == -<span class="number">2 </span>{ |
| <span class="kw">return </span><span class="prelude-val">Err</span>(ErrorStack::get()); |
| } |
| <span class="prelude-val">Ok</span>(cmp.cmp(<span class="kw-2">&</span><span class="number">0</span>)) |
| } |
| |
| <span class="doccomment">/// Copies the name to a new `X509Name`. |
| </span><span class="attribute">#[corresponds(X509_NAME_dup)] |
| #[cfg(any(boringssl, ossl110, libressl270))] |
| </span><span class="kw">pub fn </span>to_owned(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="prelude-ty">Result</span><X509Name, ErrorStack> { |
| <span class="kw">unsafe </span>{ cvt_p(ffi::X509_NAME_dup(<span class="self">self</span>.as_ptr())).map(|n| X509Name::from_ptr(n)) } |
| } |
| |
| <span class="macro">to_der! </span>{ |
| <span class="doccomment">/// Serializes the certificate into a DER-encoded X509 name structure. |
| /// |
| /// This corresponds to [`i2d_X509_NAME`]. |
| /// |
| /// [`i2d_X509_NAME`]: https://www.openssl.org/docs/manmaster/crypto/i2d_X509_NAME.html |
| </span>to_der, |
| ffi::i2d_X509_NAME |
| } |
| } |
| |
| <span class="kw">impl </span>fmt::Debug <span class="kw">for </span>X509NameRef { |
| <span class="kw">fn </span>fmt(<span class="kw-2">&</span><span class="self">self</span>, formatter: <span class="kw-2">&mut </span>fmt::Formatter<<span class="lifetime">'_</span>>) -> fmt::Result { |
| formatter.debug_list().entries(<span class="self">self</span>.entries()).finish() |
| } |
| } |
| |
| <span class="doccomment">/// A type to destructure and examine an `X509Name`. |
| </span><span class="kw">pub struct </span>X509NameEntries<<span class="lifetime">'a</span>> { |
| name: <span class="kw-2">&</span><span class="lifetime">'a </span>X509NameRef, |
| nid: <span class="prelude-ty">Option</span><Nid>, |
| loc: c_int, |
| } |
| |
| <span class="kw">impl</span><<span class="lifetime">'a</span>> Iterator <span class="kw">for </span>X509NameEntries<<span class="lifetime">'a</span>> { |
| <span class="kw">type </span>Item = <span class="kw-2">&</span><span class="lifetime">'a </span>X509NameEntryRef; |
| |
| <span class="kw">fn </span>next(<span class="kw-2">&mut </span><span class="self">self</span>) -> <span class="prelude-ty">Option</span><<span class="kw-2">&</span><span class="lifetime">'a </span>X509NameEntryRef> { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">match </span><span class="self">self</span>.nid { |
| <span class="prelude-val">Some</span>(nid) => { |
| <span class="comment">// There is a `Nid` specified to search for |
| </span><span class="self">self</span>.loc = |
| ffi::X509_NAME_get_index_by_NID(<span class="self">self</span>.name.as_ptr(), nid.as_raw(), <span class="self">self</span>.loc); |
| <span class="kw">if </span><span class="self">self</span>.loc == -<span class="number">1 </span>{ |
| <span class="kw">return </span><span class="prelude-val">None</span>; |
| } |
| } |
| <span class="prelude-val">None </span>=> { |
| <span class="comment">// Iterate over all `Nid`s |
| </span><span class="self">self</span>.loc += <span class="number">1</span>; |
| <span class="kw">if </span><span class="self">self</span>.loc >= ffi::X509_NAME_entry_count(<span class="self">self</span>.name.as_ptr()) { |
| <span class="kw">return </span><span class="prelude-val">None</span>; |
| } |
| } |
| } |
| |
| <span class="kw">let </span>entry = ffi::X509_NAME_get_entry(<span class="self">self</span>.name.as_ptr(), <span class="self">self</span>.loc); |
| |
| <span class="prelude-val">Some</span>(X509NameEntryRef::from_const_ptr_opt(entry).expect(<span class="string">"entry must not be null"</span>)) |
| } |
| } |
| } |
| |
| <span class="macro">foreign_type_and_impl_send_sync! </span>{ |
| <span class="kw">type </span>CType = ffi::X509_NAME_ENTRY; |
| <span class="kw">fn </span>drop = ffi::X509_NAME_ENTRY_free; |
| |
| <span class="doccomment">/// A name entry associated with a `X509Name`. |
| </span><span class="kw">pub struct </span>X509NameEntry; |
| <span class="doccomment">/// Reference to `X509NameEntry`. |
| </span><span class="kw">pub struct </span>X509NameEntryRef; |
| } |
| |
| <span class="kw">impl </span>X509NameEntryRef { |
| <span class="doccomment">/// Returns the field value of an `X509NameEntry`. |
| /// |
| /// This corresponds to [`X509_NAME_ENTRY_get_data`]. |
| /// |
| /// [`X509_NAME_ENTRY_get_data`]: https://www.openssl.org/docs/manmaster/crypto/X509_NAME_ENTRY_get_data.html |
| </span><span class="kw">pub fn </span>data(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="kw-2">&</span>Asn1StringRef { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>data = ffi::X509_NAME_ENTRY_get_data(<span class="self">self</span>.as_ptr()); |
| Asn1StringRef::from_ptr(data) |
| } |
| } |
| |
| <span class="doccomment">/// Returns the `Asn1Object` value of an `X509NameEntry`. |
| /// This is useful for finding out about the actual `Nid` when iterating over all `X509NameEntries`. |
| /// |
| /// This corresponds to [`X509_NAME_ENTRY_get_object`]. |
| /// |
| /// [`X509_NAME_ENTRY_get_object`]: https://www.openssl.org/docs/manmaster/crypto/X509_NAME_ENTRY_get_object.html |
| </span><span class="kw">pub fn </span>object(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="kw-2">&</span>Asn1ObjectRef { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>object = ffi::X509_NAME_ENTRY_get_object(<span class="self">self</span>.as_ptr()); |
| Asn1ObjectRef::from_ptr(object) |
| } |
| } |
| } |
| |
| <span class="kw">impl </span>fmt::Debug <span class="kw">for </span>X509NameEntryRef { |
| <span class="kw">fn </span>fmt(<span class="kw-2">&</span><span class="self">self</span>, formatter: <span class="kw-2">&mut </span>fmt::Formatter<<span class="lifetime">'_</span>>) -> fmt::Result { |
| formatter.write_fmt(<span class="macro">format_args!</span>(<span class="string">"{:?} = {:?}"</span>, <span class="self">self</span>.object(), <span class="self">self</span>.data())) |
| } |
| } |
| |
| <span class="doccomment">/// A builder used to construct an `X509Req`. |
| </span><span class="kw">pub struct </span>X509ReqBuilder(X509Req); |
| |
| <span class="kw">impl </span>X509ReqBuilder { |
| <span class="doccomment">/// Returns a builder for a certificate request. |
| /// |
| /// This corresponds to [`X509_REQ_new`]. |
| /// |
| ///[`X509_REQ_new`]: https://www.openssl.org/docs/manmaster/crypto/X509_REQ_new.html |
| </span><span class="kw">pub fn </span>new() -> <span class="prelude-ty">Result</span><X509ReqBuilder, ErrorStack> { |
| <span class="kw">unsafe </span>{ |
| ffi::init(); |
| cvt_p(ffi::X509_REQ_new()).map(|p| X509ReqBuilder(X509Req(p))) |
| } |
| } |
| |
| <span class="doccomment">/// Set the numerical value of the version field. |
| /// |
| /// This corresponds to [`X509_REQ_set_version`]. |
| /// |
| ///[`X509_REQ_set_version`]: https://www.openssl.org/docs/manmaster/crypto/X509_REQ_set_version.html |
| </span><span class="attribute">#[allow(clippy::useless_conversion)] |
| </span><span class="kw">pub fn </span>set_version(<span class="kw-2">&mut </span><span class="self">self</span>, version: i32) -> <span class="prelude-ty">Result</span><(), ErrorStack> { |
| <span class="kw">unsafe </span>{ |
| cvt(ffi::X509_REQ_set_version( |
| <span class="self">self</span>.<span class="number">0</span>.as_ptr(), |
| version <span class="kw">as </span>c_long, |
| )) |
| .map(|<span class="kw">_</span>| ()) |
| } |
| } |
| |
| <span class="doccomment">/// Set the issuer name. |
| /// |
| /// This corresponds to [`X509_REQ_set_subject_name`]. |
| /// |
| /// [`X509_REQ_set_subject_name`]: https://www.openssl.org/docs/manmaster/crypto/X509_REQ_set_subject_name.html |
| </span><span class="kw">pub fn </span>set_subject_name(<span class="kw-2">&mut </span><span class="self">self</span>, subject_name: <span class="kw-2">&</span>X509NameRef) -> <span class="prelude-ty">Result</span><(), ErrorStack> { |
| <span class="kw">unsafe </span>{ |
| cvt(ffi::X509_REQ_set_subject_name( |
| <span class="self">self</span>.<span class="number">0</span>.as_ptr(), |
| subject_name.as_ptr(), |
| )) |
| .map(|<span class="kw">_</span>| ()) |
| } |
| } |
| |
| <span class="doccomment">/// Set the public key. |
| /// |
| /// This corresponds to [`X509_REQ_set_pubkey`]. |
| /// |
| /// [`X509_REQ_set_pubkey`]: https://www.openssl.org/docs/manmaster/crypto/X509_REQ_set_pubkey.html |
| </span><span class="kw">pub fn </span>set_pubkey<T>(<span class="kw-2">&mut </span><span class="self">self</span>, key: <span class="kw-2">&</span>PKeyRef<T>) -> <span class="prelude-ty">Result</span><(), ErrorStack> |
| <span class="kw">where |
| </span>T: HasPublic, |
| { |
| <span class="kw">unsafe </span>{ cvt(ffi::X509_REQ_set_pubkey(<span class="self">self</span>.<span class="number">0</span>.as_ptr(), key.as_ptr())).map(|<span class="kw">_</span>| ()) } |
| } |
| |
| <span class="doccomment">/// Return an `X509v3Context`. This context object can be used to construct |
| /// certain `X509` extensions. |
| </span><span class="kw">pub fn </span>x509v3_context<<span class="lifetime">'a</span>>(<span class="kw-2">&</span><span class="lifetime">'a </span><span class="self">self</span>, conf: <span class="prelude-ty">Option</span><<span class="kw-2">&</span><span class="lifetime">'a </span>ConfRef>) -> X509v3Context<<span class="lifetime">'a</span>> { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span><span class="kw-2">mut </span>ctx = mem::zeroed(); |
| |
| ffi::X509V3_set_ctx( |
| <span class="kw-2">&mut </span>ctx, |
| ptr::null_mut(), |
| ptr::null_mut(), |
| <span class="self">self</span>.<span class="number">0</span>.as_ptr(), |
| ptr::null_mut(), |
| <span class="number">0</span>, |
| ); |
| |
| <span class="comment">// nodb case taken care of since we zeroed ctx above |
| </span><span class="kw">if let </span><span class="prelude-val">Some</span>(conf) = conf { |
| ffi::X509V3_set_nconf(<span class="kw-2">&mut </span>ctx, conf.as_ptr()); |
| } |
| |
| X509v3Context(ctx, PhantomData) |
| } |
| } |
| |
| <span class="doccomment">/// Permits any number of extension fields to be added to the certificate. |
| </span><span class="kw">pub fn </span>add_extensions( |
| <span class="kw-2">&mut </span><span class="self">self</span>, |
| extensions: <span class="kw-2">&</span>StackRef<X509Extension>, |
| ) -> <span class="prelude-ty">Result</span><(), ErrorStack> { |
| <span class="kw">unsafe </span>{ |
| cvt(ffi::X509_REQ_add_extensions( |
| <span class="self">self</span>.<span class="number">0</span>.as_ptr(), |
| extensions.as_ptr(), |
| )) |
| .map(|<span class="kw">_</span>| ()) |
| } |
| } |
| |
| <span class="doccomment">/// Sign the request using a private key. |
| /// |
| /// This corresponds to [`X509_REQ_sign`]. |
| /// |
| /// [`X509_REQ_sign`]: https://www.openssl.org/docs/manmaster/crypto/X509_REQ_sign.html |
| </span><span class="kw">pub fn </span>sign<T>(<span class="kw-2">&mut </span><span class="self">self</span>, key: <span class="kw-2">&</span>PKeyRef<T>, hash: MessageDigest) -> <span class="prelude-ty">Result</span><(), ErrorStack> |
| <span class="kw">where |
| </span>T: HasPrivate, |
| { |
| <span class="kw">unsafe </span>{ |
| cvt(ffi::X509_REQ_sign( |
| <span class="self">self</span>.<span class="number">0</span>.as_ptr(), |
| key.as_ptr(), |
| hash.as_ptr(), |
| )) |
| .map(|<span class="kw">_</span>| ()) |
| } |
| } |
| |
| <span class="doccomment">/// Returns the `X509Req`. |
| </span><span class="kw">pub fn </span>build(<span class="self">self</span>) -> X509Req { |
| <span class="self">self</span>.<span class="number">0 |
| </span>} |
| } |
| |
| <span class="macro">foreign_type_and_impl_send_sync! </span>{ |
| <span class="kw">type </span>CType = ffi::X509_REQ; |
| <span class="kw">fn </span>drop = ffi::X509_REQ_free; |
| |
| <span class="doccomment">/// An `X509` certificate request. |
| </span><span class="kw">pub struct </span>X509Req; |
| <span class="doccomment">/// Reference to `X509Req`. |
| </span><span class="kw">pub struct </span>X509ReqRef; |
| } |
| |
| <span class="kw">impl </span>X509Req { |
| <span class="doccomment">/// A builder for `X509Req`. |
| </span><span class="kw">pub fn </span>builder() -> <span class="prelude-ty">Result</span><X509ReqBuilder, ErrorStack> { |
| X509ReqBuilder::new() |
| } |
| |
| <span class="macro">from_pem! </span>{ |
| <span class="doccomment">/// Deserializes a PEM-encoded PKCS#10 certificate request structure. |
| /// |
| /// The input should have a header of `-----BEGIN CERTIFICATE REQUEST-----`. |
| /// |
| /// This corresponds to [`PEM_read_bio_X509_REQ`]. |
| /// |
| /// [`PEM_read_bio_X509_REQ`]: https://www.openssl.org/docs/manmaster/crypto/PEM_read_bio_X509_REQ.html |
| </span>from_pem, |
| X509Req, |
| ffi::PEM_read_bio_X509_REQ |
| } |
| |
| <span class="macro">from_der! </span>{ |
| <span class="doccomment">/// Deserializes a DER-encoded PKCS#10 certificate request structure. |
| /// |
| /// This corresponds to [`d2i_X509_REQ`]. |
| /// |
| /// [`d2i_X509_REQ`]: https://www.openssl.org/docs/manmaster/crypto/d2i_X509_REQ.html |
| </span>from_der, |
| X509Req, |
| ffi::d2i_X509_REQ |
| } |
| } |
| |
| <span class="kw">impl </span>X509ReqRef { |
| <span class="macro">to_pem! </span>{ |
| <span class="doccomment">/// Serializes the certificate request to a PEM-encoded PKCS#10 structure. |
| /// |
| /// The output will have a header of `-----BEGIN CERTIFICATE REQUEST-----`. |
| /// |
| /// This corresponds to [`PEM_write_bio_X509_REQ`]. |
| /// |
| /// [`PEM_write_bio_X509_REQ`]: https://www.openssl.org/docs/manmaster/crypto/PEM_write_bio_X509_REQ.html |
| </span>to_pem, |
| ffi::PEM_write_bio_X509_REQ |
| } |
| |
| <span class="macro">to_der! </span>{ |
| <span class="doccomment">/// Serializes the certificate request to a DER-encoded PKCS#10 structure. |
| /// |
| /// This corresponds to [`i2d_X509_REQ`]. |
| /// |
| /// [`i2d_X509_REQ`]: https://www.openssl.org/docs/manmaster/crypto/i2d_X509_REQ.html |
| </span>to_der, |
| ffi::i2d_X509_REQ |
| } |
| |
| <span class="macro">to_pem! </span>{ |
| <span class="doccomment">/// Converts the request to human readable text. |
| </span><span class="attribute">#[corresponds(X509_Req_print)] |
| </span>to_text, |
| ffi::X509_REQ_print |
| } |
| |
| <span class="doccomment">/// Returns the numerical value of the version field of the certificate request. |
| /// |
| /// This corresponds to [`X509_REQ_get_version`] |
| /// |
| /// [`X509_REQ_get_version`]: https://www.openssl.org/docs/manmaster/crypto/X509_REQ_get_version.html |
| </span><span class="attribute">#[allow(clippy::unnecessary_cast)] |
| </span><span class="kw">pub fn </span>version(<span class="kw-2">&</span><span class="self">self</span>) -> i32 { |
| <span class="kw">unsafe </span>{ X509_REQ_get_version(<span class="self">self</span>.as_ptr()) <span class="kw">as </span>i32 } |
| } |
| |
| <span class="doccomment">/// Returns the subject name of the certificate request. |
| /// |
| /// This corresponds to [`X509_REQ_get_subject_name`] |
| /// |
| /// [`X509_REQ_get_subject_name`]: https://www.openssl.org/docs/manmaster/crypto/X509_REQ_get_subject_name.html |
| </span><span class="kw">pub fn </span>subject_name(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="kw-2">&</span>X509NameRef { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>name = X509_REQ_get_subject_name(<span class="self">self</span>.as_ptr()); |
| X509NameRef::from_const_ptr_opt(name).expect(<span class="string">"subject name must not be null"</span>) |
| } |
| } |
| |
| <span class="doccomment">/// Returns the public key of the certificate request. |
| /// |
| /// This corresponds to [`X509_REQ_get_pubkey"] |
| /// |
| /// [`X509_REQ_get_pubkey`]: https://www.openssl.org/docs/manmaster/crypto/X509_REQ_get_pubkey.html |
| </span><span class="kw">pub fn </span>public_key(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="prelude-ty">Result</span><PKey<Public>, ErrorStack> { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>key = cvt_p(ffi::X509_REQ_get_pubkey(<span class="self">self</span>.as_ptr()))<span class="question-mark">?</span>; |
| <span class="prelude-val">Ok</span>(PKey::from_ptr(key)) |
| } |
| } |
| |
| <span class="doccomment">/// Check if the certificate request is signed using the given public key. |
| /// |
| /// Returns `true` if verification succeeds. |
| /// |
| /// This corresponds to [`X509_REQ_verify"]. |
| /// |
| /// [`X509_REQ_verify`]: https://www.openssl.org/docs/manmaster/crypto/X509_REQ_verify.html |
| </span><span class="kw">pub fn </span>verify<T>(<span class="kw-2">&</span><span class="self">self</span>, key: <span class="kw-2">&</span>PKeyRef<T>) -> <span class="prelude-ty">Result</span><bool, ErrorStack> |
| <span class="kw">where |
| </span>T: HasPublic, |
| { |
| <span class="kw">unsafe </span>{ cvt_n(ffi::X509_REQ_verify(<span class="self">self</span>.as_ptr(), key.as_ptr())).map(|n| n != <span class="number">0</span>) } |
| } |
| |
| <span class="doccomment">/// Returns the extensions of the certificate request. |
| /// |
| /// This corresponds to [`X509_REQ_get_extensions"] |
| </span><span class="kw">pub fn </span>extensions(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="prelude-ty">Result</span><Stack<X509Extension>, ErrorStack> { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>extensions = cvt_p(ffi::X509_REQ_get_extensions(<span class="self">self</span>.as_ptr()))<span class="question-mark">?</span>; |
| <span class="prelude-val">Ok</span>(Stack::from_ptr(extensions)) |
| } |
| } |
| } |
| |
| <span class="doccomment">/// The reason that a certificate was revoked. |
| </span><span class="attribute">#[derive(Debug, Copy, Clone, PartialEq, Eq)] |
| </span><span class="kw">pub struct </span>CrlReason(c_int); |
| |
| <span class="attribute">#[allow(missing_docs)] </span><span class="comment">// no need to document the constants |
| </span><span class="kw">impl </span>CrlReason { |
| <span class="kw">pub const </span>UNSPECIFIED: CrlReason = CrlReason(ffi::CRL_REASON_UNSPECIFIED); |
| <span class="kw">pub const </span>KEY_COMPROMISE: CrlReason = CrlReason(ffi::CRL_REASON_KEY_COMPROMISE); |
| <span class="kw">pub const </span>CA_COMPROMISE: CrlReason = CrlReason(ffi::CRL_REASON_CA_COMPROMISE); |
| <span class="kw">pub const </span>AFFILIATION_CHANGED: CrlReason = CrlReason(ffi::CRL_REASON_AFFILIATION_CHANGED); |
| <span class="kw">pub const </span>SUPERSEDED: CrlReason = CrlReason(ffi::CRL_REASON_SUPERSEDED); |
| <span class="kw">pub const </span>CESSATION_OF_OPERATION: CrlReason = CrlReason(ffi::CRL_REASON_CESSATION_OF_OPERATION); |
| <span class="kw">pub const </span>CERTIFICATE_HOLD: CrlReason = CrlReason(ffi::CRL_REASON_CERTIFICATE_HOLD); |
| <span class="kw">pub const </span>REMOVE_FROM_CRL: CrlReason = CrlReason(ffi::CRL_REASON_REMOVE_FROM_CRL); |
| <span class="kw">pub const </span>PRIVILEGE_WITHDRAWN: CrlReason = CrlReason(ffi::CRL_REASON_PRIVILEGE_WITHDRAWN); |
| <span class="kw">pub const </span>AA_COMPROMISE: CrlReason = CrlReason(ffi::CRL_REASON_AA_COMPROMISE); |
| |
| <span class="doccomment">/// Constructs an `CrlReason` from a raw OpenSSL value. |
| </span><span class="kw">pub const fn </span>from_raw(value: c_int) -> <span class="self">Self </span>{ |
| CrlReason(value) |
| } |
| |
| <span class="doccomment">/// Returns the raw OpenSSL value represented by this type. |
| </span><span class="kw">pub const fn </span>as_raw(<span class="kw-2">&</span><span class="self">self</span>) -> c_int { |
| <span class="self">self</span>.<span class="number">0 |
| </span>} |
| } |
| |
| <span class="macro">foreign_type_and_impl_send_sync! </span>{ |
| <span class="kw">type </span>CType = ffi::X509_REVOKED; |
| <span class="kw">fn </span>drop = ffi::X509_REVOKED_free; |
| |
| <span class="doccomment">/// An `X509` certificate revocation status. |
| </span><span class="kw">pub struct </span>X509Revoked; |
| <span class="doccomment">/// Reference to `X509Revoked`. |
| </span><span class="kw">pub struct </span>X509RevokedRef; |
| } |
| |
| <span class="kw">impl </span>Stackable <span class="kw">for </span>X509Revoked { |
| <span class="kw">type </span>StackType = ffi::stack_st_X509_REVOKED; |
| } |
| |
| <span class="kw">impl </span>X509Revoked { |
| <span class="macro">from_der! </span>{ |
| <span class="doccomment">/// Deserializes a DER-encoded certificate revocation status |
| </span><span class="attribute">#[corresponds(d2i_X509_REVOKED)] |
| </span>from_der, |
| X509Revoked, |
| ffi::d2i_X509_REVOKED |
| } |
| } |
| |
| <span class="kw">impl </span>X509RevokedRef { |
| <span class="macro">to_der! </span>{ |
| <span class="doccomment">/// Serializes the certificate request to a DER-encoded certificate revocation status |
| </span><span class="attribute">#[corresponds(d2i_X509_REVOKED)] |
| </span>to_der, |
| ffi::i2d_X509_REVOKED |
| } |
| |
| <span class="doccomment">/// Copies the entry to a new `X509Revoked`. |
| </span><span class="attribute">#[corresponds(X509_NAME_dup)] |
| #[cfg(any(boringssl, ossl110, libressl270))] |
| </span><span class="kw">pub fn </span>to_owned(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="prelude-ty">Result</span><X509Revoked, ErrorStack> { |
| <span class="kw">unsafe </span>{ cvt_p(ffi::X509_REVOKED_dup(<span class="self">self</span>.as_ptr())).map(|n| X509Revoked::from_ptr(n)) } |
| } |
| |
| <span class="doccomment">/// Get the date that the certificate was revoked |
| </span><span class="attribute">#[corresponds(X509_REVOKED_get0_revocationDate)] |
| </span><span class="kw">pub fn </span>revocation_date(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="kw-2">&</span>Asn1TimeRef { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>r = X509_REVOKED_get0_revocationDate(<span class="self">self</span>.as_ptr() <span class="kw">as </span><span class="kw-2">*const </span><span class="kw">_</span>); |
| <span class="macro">assert!</span>(!r.is_null()); |
| Asn1TimeRef::from_ptr(r <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>) |
| } |
| } |
| |
| <span class="doccomment">/// Get the serial number of the revoked certificate |
| </span><span class="attribute">#[corresponds(X509_REVOKED_get0_serialNumber)] |
| </span><span class="kw">pub fn </span>serial_number(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="kw-2">&</span>Asn1IntegerRef { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>r = X509_REVOKED_get0_serialNumber(<span class="self">self</span>.as_ptr() <span class="kw">as </span><span class="kw-2">*const </span><span class="kw">_</span>); |
| <span class="macro">assert!</span>(!r.is_null()); |
| Asn1IntegerRef::from_ptr(r <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>) |
| } |
| } |
| |
| <span class="doccomment">/// Get the criticality and value of an extension. |
| /// |
| /// This returns None if the extension is not present or occurs multiple times. |
| </span><span class="attribute">#[corresponds(X509_REVOKED_get_ext_d2i)] |
| </span><span class="kw">pub fn </span>extension<T: ExtensionType>(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="prelude-ty">Result</span><<span class="prelude-ty">Option</span><(bool, T::Output)>, ErrorStack> { |
| <span class="kw">let </span><span class="kw-2">mut </span>critical = -<span class="number">1</span>; |
| <span class="kw">let </span>out = <span class="kw">unsafe </span>{ |
| <span class="comment">// SAFETY: self.as_ptr() is a valid pointer to an X509_REVOKED. |
| </span><span class="kw">let </span>ext = ffi::X509_REVOKED_get_ext_d2i( |
| <span class="self">self</span>.as_ptr(), |
| T::NID.as_raw(), |
| <span class="kw-2">&mut </span>critical <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>, |
| ptr::null_mut(), |
| ); |
| <span class="comment">// SAFETY: Extensions's contract promises that the type returned by |
| // OpenSSL here is T::Output. |
| </span>T::Output::from_ptr_opt(ext <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>) |
| }; |
| <span class="kw">match </span>(critical, out) { |
| (<span class="number">0</span>, <span class="prelude-val">Some</span>(out)) => <span class="prelude-val">Ok</span>(<span class="prelude-val">Some</span>((<span class="bool-val">false</span>, out))), |
| (<span class="number">1</span>, <span class="prelude-val">Some</span>(out)) => <span class="prelude-val">Ok</span>(<span class="prelude-val">Some</span>((<span class="bool-val">true</span>, out))), |
| <span class="comment">// -1 means the extension wasn't found, -2 means multiple were found. |
| </span>(-<span class="number">1 </span>| -<span class="number">2</span>, <span class="kw">_</span>) => <span class="prelude-val">Ok</span>(<span class="prelude-val">None</span>), |
| <span class="comment">// A critical value of 0 or 1 suggests success, but a null pointer |
| // was returned so something went wrong. |
| </span>(<span class="number">0 </span>| <span class="number">1</span>, <span class="prelude-val">None</span>) => <span class="prelude-val">Err</span>(ErrorStack::get()), |
| (c_int::MIN..=-<span class="number">2 </span>| <span class="number">2</span>.., <span class="kw">_</span>) => <span class="macro">panic!</span>(<span class="string">"OpenSSL should only return -2, -1, 0, or 1 for an extension's criticality but it returned {}"</span>, critical), |
| } |
| } |
| } |
| |
| <span class="doccomment">/// The CRL entry extension identifying the reason for revocation see [`CrlReason`], |
| /// this is as defined in RFC 5280 Section 5.3.1. |
| </span><span class="kw">pub enum </span>ReasonCode {} |
| |
| <span class="comment">// SAFETY: CertificateIssuer is defined to be a stack of GeneralName in the RFC |
| // and in OpenSSL. |
| </span><span class="kw">unsafe impl </span>ExtensionType <span class="kw">for </span>ReasonCode { |
| <span class="kw">const </span>NID: Nid = Nid::from_raw(ffi::NID_crl_reason); |
| |
| <span class="kw">type </span>Output = Asn1Enumerated; |
| } |
| |
| <span class="doccomment">/// The CRL entry extension identifying the issuer of a certificate used in |
| /// indirect CRLs, as defined in RFC 5280 Section 5.3.3. |
| </span><span class="kw">pub enum </span>CertificateIssuer {} |
| |
| <span class="comment">// SAFETY: CertificateIssuer is defined to be a stack of GeneralName in the RFC |
| // and in OpenSSL. |
| </span><span class="kw">unsafe impl </span>ExtensionType <span class="kw">for </span>CertificateIssuer { |
| <span class="kw">const </span>NID: Nid = Nid::from_raw(ffi::NID_certificate_issuer); |
| |
| <span class="kw">type </span>Output = Stack<GeneralName>; |
| } |
| |
| <span class="macro">foreign_type_and_impl_send_sync! </span>{ |
| <span class="kw">type </span>CType = ffi::X509_CRL; |
| <span class="kw">fn </span>drop = ffi::X509_CRL_free; |
| |
| <span class="doccomment">/// An `X509` certificate revocation list. |
| </span><span class="kw">pub struct </span>X509Crl; |
| <span class="doccomment">/// Reference to `X509Crl`. |
| </span><span class="kw">pub struct </span>X509CrlRef; |
| } |
| |
| <span class="doccomment">/// The status of a certificate in a revoction list |
| /// |
| /// Corresponds to the return value from the [`X509_CRL_get0_by_*`] methods. |
| /// |
| /// [`X509_CRL_get0_by_*`]: https://www.openssl.org/docs/man1.1.0/man3/X509_CRL_get0_by_serial.html |
| </span><span class="kw">pub enum </span>CrlStatus<<span class="lifetime">'a</span>> { |
| <span class="doccomment">/// The certificate is not present in the list |
| </span>NotRevoked, |
| <span class="doccomment">/// The certificate is in the list and is revoked |
| </span>Revoked(<span class="kw-2">&</span><span class="lifetime">'a </span>X509RevokedRef), |
| <span class="doccomment">/// The certificate is in the list, but has the "removeFromCrl" status. |
| /// |
| /// This can occur if the certificate was revoked with the "CertificateHold" |
| /// reason, and has since been unrevoked. |
| </span>RemoveFromCrl(<span class="kw-2">&</span><span class="lifetime">'a </span>X509RevokedRef), |
| } |
| |
| <span class="kw">impl</span><<span class="lifetime">'a</span>> CrlStatus<<span class="lifetime">'a</span>> { |
| <span class="comment">// Helper used by the X509_CRL_get0_by_* methods to convert their return |
| // value to the status enum. |
| // Safety note: the returned CrlStatus must not outlive the owner of the |
| // revoked_entry pointer. |
| </span><span class="kw">unsafe fn </span>from_ffi_status( |
| status: c_int, |
| revoked_entry: <span class="kw-2">*mut </span>ffi::X509_REVOKED, |
| ) -> CrlStatus<<span class="lifetime">'a</span>> { |
| <span class="kw">match </span>status { |
| <span class="number">0 </span>=> CrlStatus::NotRevoked, |
| <span class="number">1 </span>=> { |
| <span class="macro">assert!</span>(!revoked_entry.is_null()); |
| CrlStatus::Revoked(X509RevokedRef::from_ptr(revoked_entry)) |
| } |
| <span class="number">2 </span>=> { |
| <span class="macro">assert!</span>(!revoked_entry.is_null()); |
| CrlStatus::RemoveFromCrl(X509RevokedRef::from_ptr(revoked_entry)) |
| } |
| <span class="kw">_ </span>=> <span class="macro">unreachable!</span>( |
| <span class="string">"{}"</span>, |
| <span class="string">"X509_CRL_get0_by_{{serial,cert}} should only return 0, 1, or 2." |
| </span>), |
| } |
| } |
| } |
| |
| <span class="kw">impl </span>X509Crl { |
| <span class="macro">from_pem! </span>{ |
| <span class="doccomment">/// Deserializes a PEM-encoded Certificate Revocation List |
| /// |
| /// The input should have a header of `-----BEGIN X509 CRL-----`. |
| </span><span class="attribute">#[corresponds(PEM_read_bio_X509_CRL)] |
| </span>from_pem, |
| X509Crl, |
| ffi::PEM_read_bio_X509_CRL |
| } |
| |
| <span class="macro">from_der! </span>{ |
| <span class="doccomment">/// Deserializes a DER-encoded Certificate Revocation List |
| </span><span class="attribute">#[corresponds(d2i_X509_CRL)] |
| </span>from_der, |
| X509Crl, |
| ffi::d2i_X509_CRL |
| } |
| } |
| |
| <span class="kw">impl </span>X509CrlRef { |
| <span class="macro">to_pem! </span>{ |
| <span class="doccomment">/// Serializes the certificate request to a PEM-encoded Certificate Revocation List. |
| /// |
| /// The output will have a header of `-----BEGIN X509 CRL-----`. |
| </span><span class="attribute">#[corresponds(PEM_write_bio_X509_CRL)] |
| </span>to_pem, |
| ffi::PEM_write_bio_X509_CRL |
| } |
| |
| <span class="macro">to_der! </span>{ |
| <span class="doccomment">/// Serializes the certificate request to a DER-encoded Certificate Revocation List. |
| </span><span class="attribute">#[corresponds(i2d_X509_CRL)] |
| </span>to_der, |
| ffi::i2d_X509_CRL |
| } |
| |
| <span class="doccomment">/// Get the stack of revocation entries |
| </span><span class="kw">pub fn </span>get_revoked(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="prelude-ty">Option</span><<span class="kw-2">&</span>StackRef<X509Revoked>> { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>revoked = X509_CRL_get_REVOKED(<span class="self">self</span>.as_ptr()); |
| <span class="kw">if </span>revoked.is_null() { |
| <span class="prelude-val">None |
| </span>} <span class="kw">else </span>{ |
| <span class="prelude-val">Some</span>(StackRef::from_ptr(revoked)) |
| } |
| } |
| } |
| |
| <span class="doccomment">/// Returns the CRL's `lastUpdate` time. |
| </span><span class="attribute">#[corresponds(X509_CRL_get0_lastUpdate)] |
| </span><span class="kw">pub fn </span>last_update(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="kw-2">&</span>Asn1TimeRef { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>date = X509_CRL_get0_lastUpdate(<span class="self">self</span>.as_ptr()); |
| <span class="macro">assert!</span>(!date.is_null()); |
| Asn1TimeRef::from_ptr(date <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>) |
| } |
| } |
| |
| <span class="doccomment">/// Returns the CRL's `nextUpdate` time. |
| /// |
| /// If the `nextUpdate` field is missing, returns `None`. |
| </span><span class="attribute">#[corresponds(X509_CRL_get0_nextUpdate)] |
| </span><span class="kw">pub fn </span>next_update(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="prelude-ty">Option</span><<span class="kw-2">&</span>Asn1TimeRef> { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>date = X509_CRL_get0_nextUpdate(<span class="self">self</span>.as_ptr()); |
| Asn1TimeRef::from_const_ptr_opt(date) |
| } |
| } |
| |
| <span class="doccomment">/// Get the revocation status of a certificate by its serial number |
| </span><span class="attribute">#[corresponds(X509_CRL_get0_by_serial)] |
| </span><span class="kw">pub fn </span>get_by_serial<<span class="lifetime">'a</span>>(<span class="kw-2">&</span><span class="lifetime">'a </span><span class="self">self</span>, serial: <span class="kw-2">&</span>Asn1IntegerRef) -> CrlStatus<<span class="lifetime">'a</span>> { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span><span class="kw-2">mut </span>ret = ptr::null_mut::<ffi::X509_REVOKED>(); |
| <span class="kw">let </span>status = |
| ffi::X509_CRL_get0_by_serial(<span class="self">self</span>.as_ptr(), <span class="kw-2">&mut </span>ret <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>, serial.as_ptr()); |
| CrlStatus::from_ffi_status(status, ret) |
| } |
| } |
| |
| <span class="doccomment">/// Get the revocation status of a certificate |
| </span><span class="attribute">#[corresponds(X509_CRL_get0_by_cert)] |
| </span><span class="kw">pub fn </span>get_by_cert<<span class="lifetime">'a</span>>(<span class="kw-2">&</span><span class="lifetime">'a </span><span class="self">self</span>, cert: <span class="kw-2">&</span>X509) -> CrlStatus<<span class="lifetime">'a</span>> { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span><span class="kw-2">mut </span>ret = ptr::null_mut::<ffi::X509_REVOKED>(); |
| <span class="kw">let </span>status = |
| ffi::X509_CRL_get0_by_cert(<span class="self">self</span>.as_ptr(), <span class="kw-2">&mut </span>ret <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>, cert.as_ptr()); |
| CrlStatus::from_ffi_status(status, ret) |
| } |
| } |
| |
| <span class="doccomment">/// Get the issuer name from the revocation list. |
| </span><span class="attribute">#[corresponds(X509_CRL_get_issuer)] |
| </span><span class="kw">pub fn </span>issuer_name(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="kw-2">&</span>X509NameRef { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>name = X509_CRL_get_issuer(<span class="self">self</span>.as_ptr()); |
| <span class="macro">assert!</span>(!name.is_null()); |
| X509NameRef::from_ptr(name) |
| } |
| } |
| |
| <span class="doccomment">/// Check if the CRL is signed using the given public key. |
| /// |
| /// Only the signature is checked: no other checks (such as certificate chain validity) |
| /// are performed. |
| /// |
| /// Returns `true` if verification succeeds. |
| </span><span class="attribute">#[corresponds(X509_CRL_verify)] |
| </span><span class="kw">pub fn </span>verify<T>(<span class="kw-2">&</span><span class="self">self</span>, key: <span class="kw-2">&</span>PKeyRef<T>) -> <span class="prelude-ty">Result</span><bool, ErrorStack> |
| <span class="kw">where |
| </span>T: HasPublic, |
| { |
| <span class="kw">unsafe </span>{ cvt_n(ffi::X509_CRL_verify(<span class="self">self</span>.as_ptr(), key.as_ptr())).map(|n| n != <span class="number">0</span>) } |
| } |
| } |
| |
| <span class="doccomment">/// The result of peer certificate verification. |
| </span><span class="attribute">#[derive(Copy, Clone, PartialEq, Eq)] |
| </span><span class="kw">pub struct </span>X509VerifyResult(c_int); |
| |
| <span class="kw">impl </span>fmt::Debug <span class="kw">for </span>X509VerifyResult { |
| <span class="kw">fn </span>fmt(<span class="kw-2">&</span><span class="self">self</span>, fmt: <span class="kw-2">&mut </span>fmt::Formatter<<span class="lifetime">'_</span>>) -> fmt::Result { |
| fmt.debug_struct(<span class="string">"X509VerifyResult"</span>) |
| .field(<span class="string">"code"</span>, <span class="kw-2">&</span><span class="self">self</span>.<span class="number">0</span>) |
| .field(<span class="string">"error"</span>, <span class="kw-2">&</span><span class="self">self</span>.error_string()) |
| .finish() |
| } |
| } |
| |
| <span class="kw">impl </span>fmt::Display <span class="kw">for </span>X509VerifyResult { |
| <span class="kw">fn </span>fmt(<span class="kw-2">&</span><span class="self">self</span>, fmt: <span class="kw-2">&mut </span>fmt::Formatter<<span class="lifetime">'_</span>>) -> fmt::Result { |
| fmt.write_str(<span class="self">self</span>.error_string()) |
| } |
| } |
| |
| <span class="kw">impl </span>Error <span class="kw">for </span>X509VerifyResult {} |
| |
| <span class="kw">impl </span>X509VerifyResult { |
| <span class="doccomment">/// Creates an `X509VerifyResult` from a raw error number. |
| /// |
| /// # Safety |
| /// |
| /// Some methods on `X509VerifyResult` are not thread safe if the error |
| /// number is invalid. |
| </span><span class="kw">pub unsafe fn </span>from_raw(err: c_int) -> X509VerifyResult { |
| X509VerifyResult(err) |
| } |
| |
| <span class="doccomment">/// Return the integer representation of an `X509VerifyResult`. |
| </span><span class="attribute">#[allow(clippy::trivially_copy_pass_by_ref)] |
| </span><span class="kw">pub fn </span>as_raw(<span class="kw-2">&</span><span class="self">self</span>) -> c_int { |
| <span class="self">self</span>.<span class="number">0 |
| </span>} |
| |
| <span class="doccomment">/// Return a human readable error string from the verification error. |
| /// |
| /// This corresponds to [`X509_verify_cert_error_string`]. |
| /// |
| /// [`X509_verify_cert_error_string`]: https://www.openssl.org/docs/manmaster/crypto/X509_verify_cert_error_string.html |
| </span><span class="attribute">#[allow(clippy::trivially_copy_pass_by_ref)] |
| </span><span class="kw">pub fn </span>error_string(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="kw-2">&</span><span class="lifetime">'static </span>str { |
| ffi::init(); |
| |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>s = ffi::X509_verify_cert_error_string(<span class="self">self</span>.<span class="number">0 </span><span class="kw">as </span>c_long); |
| str::from_utf8(CStr::from_ptr(s).to_bytes()).unwrap() |
| } |
| } |
| |
| <span class="doccomment">/// Successful peer certificate verification. |
| </span><span class="kw">pub const </span>OK: X509VerifyResult = X509VerifyResult(ffi::X509_V_OK); |
| <span class="doccomment">/// Application verification failure. |
| </span><span class="kw">pub const </span>APPLICATION_VERIFICATION: X509VerifyResult = |
| X509VerifyResult(ffi::X509_V_ERR_APPLICATION_VERIFICATION); |
| } |
| |
| <span class="macro">foreign_type_and_impl_send_sync! </span>{ |
| <span class="kw">type </span>CType = ffi::GENERAL_NAME; |
| <span class="kw">fn </span>drop = ffi::GENERAL_NAME_free; |
| |
| <span class="doccomment">/// An `X509` certificate alternative names. |
| </span><span class="kw">pub struct </span>GeneralName; |
| <span class="doccomment">/// Reference to `GeneralName`. |
| </span><span class="kw">pub struct </span>GeneralNameRef; |
| } |
| |
| <span class="kw">impl </span>GeneralName { |
| <span class="kw">unsafe fn </span>new( |
| type_: c_int, |
| asn1_type: Asn1Type, |
| value: <span class="kw-2">&</span>[u8], |
| ) -> <span class="prelude-ty">Result</span><GeneralName, ErrorStack> { |
| ffi::init(); |
| <span class="kw">let </span>gn = GeneralName::from_ptr(cvt_p(ffi::GENERAL_NAME_new())<span class="question-mark">?</span>); |
| (<span class="kw-2">*</span>gn.as_ptr()).type_ = type_; |
| <span class="kw">let </span>s = cvt_p(ffi::ASN1_STRING_type_new(asn1_type.as_raw()))<span class="question-mark">?</span>; |
| ffi::ASN1_STRING_set(s, value.as_ptr().cast(), value.len().try_into().unwrap()); |
| |
| <span class="attribute">#[cfg(boringssl)] |
| </span>{ |
| (<span class="kw-2">*</span>gn.as_ptr()).d.ptr = s.cast(); |
| } |
| <span class="attribute">#[cfg(not(boringssl))] |
| </span>{ |
| (<span class="kw-2">*</span>gn.as_ptr()).d = s.cast(); |
| } |
| |
| <span class="prelude-val">Ok</span>(gn) |
| } |
| |
| <span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">fn </span>new_email(email: <span class="kw-2">&</span>[u8]) -> <span class="prelude-ty">Result</span><GeneralName, ErrorStack> { |
| <span class="kw">unsafe </span>{ GeneralName::new(ffi::GEN_EMAIL, Asn1Type::IA5STRING, email) } |
| } |
| |
| <span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">fn </span>new_dns(dns: <span class="kw-2">&</span>[u8]) -> <span class="prelude-ty">Result</span><GeneralName, ErrorStack> { |
| <span class="kw">unsafe </span>{ GeneralName::new(ffi::GEN_DNS, Asn1Type::IA5STRING, dns) } |
| } |
| |
| <span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">fn </span>new_uri(uri: <span class="kw-2">&</span>[u8]) -> <span class="prelude-ty">Result</span><GeneralName, ErrorStack> { |
| <span class="kw">unsafe </span>{ GeneralName::new(ffi::GEN_URI, Asn1Type::IA5STRING, uri) } |
| } |
| |
| <span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">fn </span>new_ip(ip: IpAddr) -> <span class="prelude-ty">Result</span><GeneralName, ErrorStack> { |
| <span class="kw">match </span>ip { |
| IpAddr::V4(addr) => <span class="kw">unsafe </span>{ |
| GeneralName::new(ffi::GEN_IPADD, Asn1Type::OCTET_STRING, <span class="kw-2">&</span>addr.octets()) |
| }, |
| IpAddr::V6(addr) => <span class="kw">unsafe </span>{ |
| GeneralName::new(ffi::GEN_IPADD, Asn1Type::OCTET_STRING, <span class="kw-2">&</span>addr.octets()) |
| }, |
| } |
| } |
| |
| <span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">fn </span>new_rid(oid: Asn1Object) -> <span class="prelude-ty">Result</span><GeneralName, ErrorStack> { |
| <span class="kw">unsafe </span>{ |
| ffi::init(); |
| <span class="kw">let </span>gn = cvt_p(ffi::GENERAL_NAME_new())<span class="question-mark">?</span>; |
| (<span class="kw-2">*</span>gn).type_ = ffi::GEN_RID; |
| |
| <span class="attribute">#[cfg(boringssl)] |
| </span>{ |
| (<span class="kw-2">*</span>gn).d.registeredID = oid.as_ptr(); |
| } |
| <span class="attribute">#[cfg(not(boringssl))] |
| </span>{ |
| (<span class="kw-2">*</span>gn).d = oid.as_ptr().cast(); |
| } |
| |
| mem::forget(oid); |
| |
| <span class="prelude-val">Ok</span>(GeneralName::from_ptr(gn)) |
| } |
| } |
| |
| <span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">fn </span>new_other_name( |
| oid: Asn1Object, |
| value: <span class="kw-2">&</span>Vec<u8>, |
| ) -> <span class="prelude-ty">Result</span><GeneralName, ErrorStack> { |
| <span class="kw">unsafe </span>{ |
| ffi::init(); |
| |
| <span class="kw">let </span>typ = cvt_p(ffi::d2i_ASN1_TYPE( |
| ptr::null_mut(), |
| <span class="kw-2">&mut </span>value.as_ptr().cast(), |
| value.len().try_into().unwrap(), |
| ))<span class="question-mark">?</span>; |
| |
| <span class="kw">let </span>gn = cvt_p(ffi::GENERAL_NAME_new())<span class="question-mark">?</span>; |
| (<span class="kw-2">*</span>gn).type_ = ffi::GEN_OTHERNAME; |
| |
| <span class="kw">if let </span><span class="prelude-val">Err</span>(e) = cvt(ffi::GENERAL_NAME_set0_othername( |
| gn, |
| oid.as_ptr().cast(), |
| typ, |
| )) { |
| ffi::GENERAL_NAME_free(gn); |
| <span class="kw">return </span><span class="prelude-val">Err</span>(e); |
| } |
| |
| mem::forget(oid); |
| |
| <span class="prelude-val">Ok</span>(GeneralName::from_ptr(gn)) |
| } |
| } |
| } |
| |
| <span class="kw">impl </span>GeneralNameRef { |
| <span class="kw">fn </span>ia5_string(<span class="kw-2">&</span><span class="self">self</span>, ffi_type: c_int) -> <span class="prelude-ty">Option</span><<span class="kw-2">&</span>str> { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">if </span>(<span class="kw-2">*</span><span class="self">self</span>.as_ptr()).type_ != ffi_type { |
| <span class="kw">return </span><span class="prelude-val">None</span>; |
| } |
| |
| <span class="attribute">#[cfg(boringssl)] |
| </span><span class="kw">let </span>d = (<span class="kw-2">*</span><span class="self">self</span>.as_ptr()).d.ptr; |
| <span class="attribute">#[cfg(not(boringssl))] |
| </span><span class="kw">let </span>d = (<span class="kw-2">*</span><span class="self">self</span>.as_ptr()).d; |
| |
| <span class="kw">let </span>ptr = ASN1_STRING_get0_data(d <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>); |
| <span class="kw">let </span>len = ffi::ASN1_STRING_length(d <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>); |
| |
| <span class="kw">let </span>slice = slice::from_raw_parts(ptr <span class="kw">as </span><span class="kw-2">*const </span>u8, len <span class="kw">as </span>usize); |
| <span class="comment">// IA5Strings are stated to be ASCII (specifically IA5). Hopefully |
| // OpenSSL checks that when loading a certificate but if not we'll |
| // use this instead of from_utf8_unchecked just in case. |
| </span>str::from_utf8(slice).ok() |
| } |
| } |
| |
| <span class="doccomment">/// Returns the contents of this `GeneralName` if it is an `rfc822Name`. |
| </span><span class="kw">pub fn </span>email(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="prelude-ty">Option</span><<span class="kw-2">&</span>str> { |
| <span class="self">self</span>.ia5_string(ffi::GEN_EMAIL) |
| } |
| |
| <span class="doccomment">/// Returns the contents of this `GeneralName` if it is a `directoryName`. |
| </span><span class="kw">pub fn </span>directory_name(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="prelude-ty">Option</span><<span class="kw-2">&</span>X509NameRef> { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">if </span>(<span class="kw-2">*</span><span class="self">self</span>.as_ptr()).type_ != ffi::GEN_DIRNAME { |
| <span class="kw">return </span><span class="prelude-val">None</span>; |
| } |
| |
| <span class="attribute">#[cfg(boringssl)] |
| </span><span class="kw">let </span>d = (<span class="kw-2">*</span><span class="self">self</span>.as_ptr()).d.ptr; |
| <span class="attribute">#[cfg(not(boringssl))] |
| </span><span class="kw">let </span>d = (<span class="kw-2">*</span><span class="self">self</span>.as_ptr()).d; |
| |
| <span class="prelude-val">Some</span>(X509NameRef::from_const_ptr(d <span class="kw">as </span><span class="kw-2">*const </span><span class="kw">_</span>)) |
| } |
| } |
| |
| <span class="doccomment">/// Returns the contents of this `GeneralName` if it is a `dNSName`. |
| </span><span class="kw">pub fn </span>dnsname(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="prelude-ty">Option</span><<span class="kw-2">&</span>str> { |
| <span class="self">self</span>.ia5_string(ffi::GEN_DNS) |
| } |
| |
| <span class="doccomment">/// Returns the contents of this `GeneralName` if it is an `uniformResourceIdentifier`. |
| </span><span class="kw">pub fn </span>uri(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="prelude-ty">Option</span><<span class="kw-2">&</span>str> { |
| <span class="self">self</span>.ia5_string(ffi::GEN_URI) |
| } |
| |
| <span class="doccomment">/// Returns the contents of this `GeneralName` if it is an `iPAddress`. |
| </span><span class="kw">pub fn </span>ipaddress(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="prelude-ty">Option</span><<span class="kw-2">&</span>[u8]> { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">if </span>(<span class="kw-2">*</span><span class="self">self</span>.as_ptr()).type_ != ffi::GEN_IPADD { |
| <span class="kw">return </span><span class="prelude-val">None</span>; |
| } |
| <span class="attribute">#[cfg(boringssl)] |
| </span><span class="kw">let </span>d: <span class="kw-2">*const </span>ffi::ASN1_STRING = std::mem::transmute((<span class="kw-2">*</span><span class="self">self</span>.as_ptr()).d); |
| <span class="attribute">#[cfg(not(boringssl))] |
| </span><span class="kw">let </span>d = (<span class="kw-2">*</span><span class="self">self</span>.as_ptr()).d; |
| |
| <span class="kw">let </span>ptr = ASN1_STRING_get0_data(d <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>); |
| <span class="kw">let </span>len = ffi::ASN1_STRING_length(d <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>); |
| |
| <span class="prelude-val">Some</span>(slice::from_raw_parts(ptr <span class="kw">as </span><span class="kw-2">*const </span>u8, len <span class="kw">as </span>usize)) |
| } |
| } |
| } |
| |
| <span class="kw">impl </span>fmt::Debug <span class="kw">for </span>GeneralNameRef { |
| <span class="kw">fn </span>fmt(<span class="kw-2">&</span><span class="self">self</span>, formatter: <span class="kw-2">&mut </span>fmt::Formatter<<span class="lifetime">'_</span>>) -> fmt::Result { |
| <span class="kw">if let </span><span class="prelude-val">Some</span>(email) = <span class="self">self</span>.email() { |
| formatter.write_str(email) |
| } <span class="kw">else if let </span><span class="prelude-val">Some</span>(dnsname) = <span class="self">self</span>.dnsname() { |
| formatter.write_str(dnsname) |
| } <span class="kw">else if let </span><span class="prelude-val">Some</span>(uri) = <span class="self">self</span>.uri() { |
| formatter.write_str(uri) |
| } <span class="kw">else if let </span><span class="prelude-val">Some</span>(ipaddress) = <span class="self">self</span>.ipaddress() { |
| <span class="kw">let </span>address = <[u8; <span class="number">16</span>]>::try_from(ipaddress) |
| .map(IpAddr::from) |
| .or_else(|<span class="kw">_</span>| <[u8; <span class="number">4</span>]>::try_from(ipaddress).map(IpAddr::from)); |
| <span class="kw">match </span>address { |
| <span class="prelude-val">Ok</span>(a) => fmt::Debug::fmt(<span class="kw-2">&</span>a, formatter), |
| <span class="prelude-val">Err</span>(<span class="kw">_</span>) => fmt::Debug::fmt(ipaddress, formatter), |
| } |
| } <span class="kw">else </span>{ |
| formatter.write_str(<span class="string">"(empty)"</span>) |
| } |
| } |
| } |
| |
| <span class="kw">impl </span>Stackable <span class="kw">for </span>GeneralName { |
| <span class="kw">type </span>StackType = ffi::stack_st_GENERAL_NAME; |
| } |
| |
| <span class="macro">foreign_type_and_impl_send_sync! </span>{ |
| <span class="kw">type </span>CType = ffi::DIST_POINT; |
| <span class="kw">fn </span>drop = ffi::DIST_POINT_free; |
| |
| <span class="doccomment">/// A `X509` distribution point. |
| </span><span class="kw">pub struct </span>DistPoint; |
| <span class="doccomment">/// Reference to `DistPoint`. |
| </span><span class="kw">pub struct </span>DistPointRef; |
| } |
| |
| <span class="kw">impl </span>DistPointRef { |
| <span class="doccomment">/// Returns the name of this distribution point if it exists |
| </span><span class="kw">pub fn </span>distpoint(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="prelude-ty">Option</span><<span class="kw-2">&</span>DistPointNameRef> { |
| <span class="kw">unsafe </span>{ DistPointNameRef::from_const_ptr_opt((<span class="kw-2">*</span><span class="self">self</span>.as_ptr()).distpoint) } |
| } |
| } |
| |
| <span class="macro">foreign_type_and_impl_send_sync! </span>{ |
| <span class="kw">type </span>CType = ffi::DIST_POINT_NAME; |
| <span class="kw">fn </span>drop = ffi::DIST_POINT_NAME_free; |
| |
| <span class="doccomment">/// A `X509` distribution point. |
| </span><span class="kw">pub struct </span>DistPointName; |
| <span class="doccomment">/// Reference to `DistPointName`. |
| </span><span class="kw">pub struct </span>DistPointNameRef; |
| } |
| |
| <span class="kw">impl </span>DistPointNameRef { |
| <span class="doccomment">/// Returns the contents of this DistPointName if it is a fullname. |
| </span><span class="kw">pub fn </span>fullname(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="prelude-ty">Option</span><<span class="kw-2">&</span>StackRef<GeneralName>> { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">if </span>(<span class="kw-2">*</span><span class="self">self</span>.as_ptr()).type_ != <span class="number">0 </span>{ |
| <span class="kw">return </span><span class="prelude-val">None</span>; |
| } |
| StackRef::from_const_ptr_opt((<span class="kw-2">*</span><span class="self">self</span>.as_ptr()).name.fullname) |
| } |
| } |
| } |
| |
| <span class="kw">impl </span>Stackable <span class="kw">for </span>DistPoint { |
| <span class="kw">type </span>StackType = ffi::stack_st_DIST_POINT; |
| } |
| |
| <span class="macro">foreign_type_and_impl_send_sync! </span>{ |
| <span class="kw">type </span>CType = ffi::ACCESS_DESCRIPTION; |
| <span class="kw">fn </span>drop = ffi::ACCESS_DESCRIPTION_free; |
| |
| <span class="doccomment">/// `AccessDescription` of certificate authority information. |
| </span><span class="kw">pub struct </span>AccessDescription; |
| <span class="doccomment">/// Reference to `AccessDescription`. |
| </span><span class="kw">pub struct </span>AccessDescriptionRef; |
| } |
| |
| <span class="kw">impl </span>AccessDescriptionRef { |
| <span class="doccomment">/// Returns the access method OID. |
| </span><span class="kw">pub fn </span>method(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="kw-2">&</span>Asn1ObjectRef { |
| <span class="kw">unsafe </span>{ Asn1ObjectRef::from_ptr((<span class="kw-2">*</span><span class="self">self</span>.as_ptr()).method) } |
| } |
| |
| <span class="comment">// Returns the access location. |
| </span><span class="kw">pub fn </span>location(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="kw-2">&</span>GeneralNameRef { |
| <span class="kw">unsafe </span>{ GeneralNameRef::from_ptr((<span class="kw-2">*</span><span class="self">self</span>.as_ptr()).location) } |
| } |
| } |
| |
| <span class="kw">impl </span>Stackable <span class="kw">for </span>AccessDescription { |
| <span class="kw">type </span>StackType = ffi::stack_st_ACCESS_DESCRIPTION; |
| } |
| |
| <span class="macro">foreign_type_and_impl_send_sync! </span>{ |
| <span class="kw">type </span>CType = ffi::X509_ALGOR; |
| <span class="kw">fn </span>drop = ffi::X509_ALGOR_free; |
| |
| <span class="doccomment">/// An `X509` certificate signature algorithm. |
| </span><span class="kw">pub struct </span>X509Algorithm; |
| <span class="doccomment">/// Reference to `X509Algorithm`. |
| </span><span class="kw">pub struct </span>X509AlgorithmRef; |
| } |
| |
| <span class="kw">impl </span>X509AlgorithmRef { |
| <span class="doccomment">/// Returns the ASN.1 OID of this algorithm. |
| </span><span class="kw">pub fn </span>object(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="kw-2">&</span>Asn1ObjectRef { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span><span class="kw-2">mut </span>oid = ptr::null(); |
| X509_ALGOR_get0(<span class="kw-2">&mut </span>oid, ptr::null_mut(), ptr::null_mut(), <span class="self">self</span>.as_ptr()); |
| Asn1ObjectRef::from_const_ptr_opt(oid).expect(<span class="string">"algorithm oid must not be null"</span>) |
| } |
| } |
| } |
| |
| <span class="macro">foreign_type_and_impl_send_sync! </span>{ |
| <span class="kw">type </span>CType = ffi::X509_OBJECT; |
| <span class="kw">fn </span>drop = X509_OBJECT_free; |
| |
| <span class="doccomment">/// An `X509` or an X509 certificate revocation list. |
| </span><span class="kw">pub struct </span>X509Object; |
| <span class="doccomment">/// Reference to `X509Object` |
| </span><span class="kw">pub struct </span>X509ObjectRef; |
| } |
| |
| <span class="kw">impl </span>X509ObjectRef { |
| <span class="kw">pub fn </span>x509(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="prelude-ty">Option</span><<span class="kw-2">&</span>X509Ref> { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>ptr = X509_OBJECT_get0_X509(<span class="self">self</span>.as_ptr()); |
| X509Ref::from_const_ptr_opt(ptr) |
| } |
| } |
| } |
| |
| <span class="kw">impl </span>Stackable <span class="kw">for </span>X509Object { |
| <span class="kw">type </span>StackType = ffi::stack_st_X509_OBJECT; |
| } |
| |
| <span class="macro">cfg_if! </span>{ |
| <span class="kw">if </span><span class="attribute">#[cfg(any(boringssl, ossl110, libressl273))] </span>{ |
| <span class="kw">use </span>ffi::{X509_getm_notAfter, X509_getm_notBefore, X509_up_ref, X509_get0_signature}; |
| } <span class="kw">else </span>{ |
| <span class="attribute">#[allow(bad_style)] |
| </span><span class="kw">unsafe fn </span>X509_getm_notAfter(x: <span class="kw-2">*mut </span>ffi::X509) -> <span class="kw-2">*mut </span>ffi::ASN1_TIME { |
| (<span class="kw-2">*</span>(<span class="kw-2">*</span>(<span class="kw-2">*</span>x).cert_info).validity).notAfter |
| } |
| |
| <span class="attribute">#[allow(bad_style)] |
| </span><span class="kw">unsafe fn </span>X509_getm_notBefore(x: <span class="kw-2">*mut </span>ffi::X509) -> <span class="kw-2">*mut </span>ffi::ASN1_TIME { |
| (<span class="kw-2">*</span>(<span class="kw-2">*</span>(<span class="kw-2">*</span>x).cert_info).validity).notBefore |
| } |
| |
| <span class="attribute">#[allow(bad_style)] |
| </span><span class="kw">unsafe fn </span>X509_up_ref(x: <span class="kw-2">*mut </span>ffi::X509) { |
| ffi::CRYPTO_add_lock( |
| <span class="kw-2">&mut </span>(<span class="kw-2">*</span>x).references, |
| <span class="number">1</span>, |
| ffi::CRYPTO_LOCK_X509, |
| <span class="string">"mod.rs\0"</span>.as_ptr() <span class="kw">as </span><span class="kw-2">*const </span><span class="kw">_</span>, |
| <span class="macro">line!</span>() <span class="kw">as </span>c_int, |
| ); |
| } |
| |
| <span class="attribute">#[allow(bad_style)] |
| </span><span class="kw">unsafe fn </span>X509_get0_signature( |
| psig: <span class="kw-2">*mut *const </span>ffi::ASN1_BIT_STRING, |
| palg: <span class="kw-2">*mut *const </span>ffi::X509_ALGOR, |
| x: <span class="kw-2">*const </span>ffi::X509, |
| ) { |
| <span class="kw">if </span>!psig.is_null() { |
| <span class="kw-2">*</span>psig = (<span class="kw-2">*</span>x).signature; |
| } |
| <span class="kw">if </span>!palg.is_null() { |
| <span class="kw-2">*</span>palg = (<span class="kw-2">*</span>x).sig_alg; |
| } |
| } |
| } |
| } |
| |
| <span class="macro">cfg_if! </span>{ |
| <span class="kw">if </span><span class="attribute">#[cfg(any(boringssl, ossl110, libressl350))] </span>{ |
| <span class="kw">use </span>ffi::{ |
| X509_ALGOR_get0, ASN1_STRING_get0_data, X509_STORE_CTX_get0_chain, X509_set1_notAfter, |
| X509_set1_notBefore, X509_REQ_get_version, X509_REQ_get_subject_name, |
| }; |
| } <span class="kw">else </span>{ |
| <span class="kw">use </span>ffi::{ |
| ASN1_STRING_data <span class="kw">as </span>ASN1_STRING_get0_data, |
| X509_STORE_CTX_get_chain <span class="kw">as </span>X509_STORE_CTX_get0_chain, |
| X509_set_notAfter <span class="kw">as </span>X509_set1_notAfter, |
| X509_set_notBefore <span class="kw">as </span>X509_set1_notBefore, |
| }; |
| |
| <span class="attribute">#[allow(bad_style)] |
| </span><span class="kw">unsafe fn </span>X509_REQ_get_version(x: <span class="kw-2">*mut </span>ffi::X509_REQ) -> ::libc::c_long { |
| ffi::ASN1_INTEGER_get((<span class="kw-2">*</span>(<span class="kw-2">*</span>x).req_info).version) |
| } |
| |
| <span class="attribute">#[allow(bad_style)] |
| </span><span class="kw">unsafe fn </span>X509_REQ_get_subject_name(x: <span class="kw-2">*mut </span>ffi::X509_REQ) -> <span class="kw-2">*mut </span>::ffi::X509_NAME { |
| (<span class="kw-2">*</span>(<span class="kw-2">*</span>x).req_info).subject |
| } |
| |
| <span class="attribute">#[allow(bad_style)] |
| </span><span class="kw">unsafe fn </span>X509_ALGOR_get0( |
| paobj: <span class="kw-2">*mut *const </span>ffi::ASN1_OBJECT, |
| pptype: <span class="kw-2">*mut </span>c_int, |
| pval: <span class="kw-2">*mut *mut </span>::libc::c_void, |
| alg: <span class="kw-2">*const </span>ffi::X509_ALGOR, |
| ) { |
| <span class="kw">if </span>!paobj.is_null() { |
| <span class="kw-2">*</span>paobj = (<span class="kw-2">*</span>alg).algorithm; |
| } |
| <span class="macro">assert!</span>(pptype.is_null()); |
| <span class="macro">assert!</span>(pval.is_null()); |
| } |
| } |
| } |
| |
| <span class="macro">cfg_if! </span>{ |
| <span class="kw">if </span><span class="attribute">#[cfg(any(ossl110, boringssl, libressl270))] </span>{ |
| <span class="kw">use </span>ffi::X509_OBJECT_get0_X509; |
| } <span class="kw">else </span>{ |
| <span class="attribute">#[allow(bad_style)] |
| </span><span class="kw">unsafe fn </span>X509_OBJECT_get0_X509(x: <span class="kw-2">*mut </span>ffi::X509_OBJECT) -> <span class="kw-2">*mut </span>ffi::X509 { |
| <span class="kw">if </span>(<span class="kw-2">*</span>x).type_ == ffi::X509_LU_X509 { |
| (<span class="kw-2">*</span>x).data.x509 |
| } <span class="kw">else </span>{ |
| ptr::null_mut() |
| } |
| } |
| } |
| } |
| |
| <span class="macro">cfg_if! </span>{ |
| <span class="kw">if </span><span class="attribute">#[cfg(any(ossl110, libressl350))] </span>{ |
| <span class="kw">use </span>ffi::X509_OBJECT_free; |
| } <span class="kw">else if </span><span class="attribute">#[cfg(boringssl)] </span>{ |
| <span class="kw">use </span>ffi::X509_OBJECT_free_contents <span class="kw">as </span>X509_OBJECT_free; |
| } <span class="kw">else </span>{ |
| <span class="attribute">#[allow(bad_style)] |
| </span><span class="kw">unsafe fn </span>X509_OBJECT_free(x: <span class="kw-2">*mut </span>ffi::X509_OBJECT) { |
| ffi::X509_OBJECT_free_contents(x); |
| ffi::CRYPTO_free(x <span class="kw">as </span><span class="kw-2">*mut </span>libc::c_void); |
| } |
| } |
| } |
| |
| <span class="macro">cfg_if! </span>{ |
| <span class="kw">if </span><span class="attribute">#[cfg(any(ossl110, libressl350, boringssl))] </span>{ |
| <span class="kw">use </span>ffi::{ |
| X509_CRL_get_issuer, X509_CRL_get0_nextUpdate, X509_CRL_get0_lastUpdate, |
| X509_CRL_get_REVOKED, |
| X509_REVOKED_get0_revocationDate, X509_REVOKED_get0_serialNumber, |
| }; |
| } <span class="kw">else </span>{ |
| <span class="attribute">#[allow(bad_style)] |
| </span><span class="kw">unsafe fn </span>X509_CRL_get0_lastUpdate(x: <span class="kw-2">*const </span>ffi::X509_CRL) -> <span class="kw-2">*mut </span>ffi::ASN1_TIME { |
| (<span class="kw-2">*</span>(<span class="kw-2">*</span>x).crl).lastUpdate |
| } |
| <span class="attribute">#[allow(bad_style)] |
| </span><span class="kw">unsafe fn </span>X509_CRL_get0_nextUpdate(x: <span class="kw-2">*const </span>ffi::X509_CRL) -> <span class="kw-2">*mut </span>ffi::ASN1_TIME { |
| (<span class="kw-2">*</span>(<span class="kw-2">*</span>x).crl).nextUpdate |
| } |
| <span class="attribute">#[allow(bad_style)] |
| </span><span class="kw">unsafe fn </span>X509_CRL_get_issuer(x: <span class="kw-2">*const </span>ffi::X509_CRL) -> <span class="kw-2">*mut </span>ffi::X509_NAME { |
| (<span class="kw-2">*</span>(<span class="kw-2">*</span>x).crl).issuer |
| } |
| <span class="attribute">#[allow(bad_style)] |
| </span><span class="kw">unsafe fn </span>X509_CRL_get_REVOKED(x: <span class="kw-2">*const </span>ffi::X509_CRL) -> <span class="kw-2">*mut </span>ffi::stack_st_X509_REVOKED { |
| (<span class="kw-2">*</span>(<span class="kw-2">*</span>x).crl).revoked |
| } |
| <span class="attribute">#[allow(bad_style)] |
| </span><span class="kw">unsafe fn </span>X509_REVOKED_get0_serialNumber(x: <span class="kw-2">*const </span>ffi::X509_REVOKED) -> <span class="kw-2">*mut </span>ffi::ASN1_INTEGER { |
| (<span class="kw-2">*</span>x).serialNumber |
| } |
| <span class="attribute">#[allow(bad_style)] |
| </span><span class="kw">unsafe fn </span>X509_REVOKED_get0_revocationDate(x: <span class="kw-2">*const </span>ffi::X509_REVOKED) -> <span class="kw-2">*mut </span>ffi::ASN1_TIME { |
| (<span class="kw-2">*</span>x).revocationDate |
| } |
| } |
| } |
| |
| <span class="attribute">#[derive(Copy, Clone, PartialEq, Eq)] |
| </span><span class="kw">pub struct </span>X509PurposeId(c_int); |
| |
| <span class="kw">impl </span>X509PurposeId { |
| <span class="kw">pub const </span>SSL_CLIENT: X509PurposeId = X509PurposeId(ffi::X509_PURPOSE_SSL_CLIENT); |
| <span class="kw">pub const </span>SSL_SERVER: X509PurposeId = X509PurposeId(ffi::X509_PURPOSE_SSL_SERVER); |
| <span class="kw">pub const </span>NS_SSL_SERVER: X509PurposeId = X509PurposeId(ffi::X509_PURPOSE_NS_SSL_SERVER); |
| <span class="kw">pub const </span>SMIME_SIGN: X509PurposeId = X509PurposeId(ffi::X509_PURPOSE_SMIME_SIGN); |
| <span class="kw">pub const </span>SMIME_ENCRYPT: X509PurposeId = X509PurposeId(ffi::X509_PURPOSE_SMIME_ENCRYPT); |
| <span class="kw">pub const </span>CRL_SIGN: X509PurposeId = X509PurposeId(ffi::X509_PURPOSE_CRL_SIGN); |
| <span class="kw">pub const </span>ANY: X509PurposeId = X509PurposeId(ffi::X509_PURPOSE_ANY); |
| <span class="kw">pub const </span>OCSP_HELPER: X509PurposeId = X509PurposeId(ffi::X509_PURPOSE_OCSP_HELPER); |
| <span class="kw">pub const </span>TIMESTAMP_SIGN: X509PurposeId = X509PurposeId(ffi::X509_PURPOSE_TIMESTAMP_SIGN); |
| |
| <span class="doccomment">/// Constructs an `X509PurposeId` from a raw OpenSSL value. |
| </span><span class="kw">pub fn </span>from_raw(id: c_int) -> <span class="self">Self </span>{ |
| X509PurposeId(id) |
| } |
| |
| <span class="doccomment">/// Returns the raw OpenSSL value represented by this type. |
| </span><span class="kw">pub fn </span>as_raw(<span class="kw-2">&</span><span class="self">self</span>) -> c_int { |
| <span class="self">self</span>.<span class="number">0 |
| </span>} |
| } |
| |
| <span class="doccomment">/// A reference to an [`X509_PURPOSE`]. |
| </span><span class="kw">pub struct </span>X509PurposeRef(Opaque); |
| |
| <span class="doccomment">/// Implements a wrapper type for the static `X509_PURPOSE` table in OpenSSL. |
| </span><span class="kw">impl </span>ForeignTypeRef <span class="kw">for </span>X509PurposeRef { |
| <span class="kw">type </span>CType = ffi::X509_PURPOSE; |
| } |
| |
| <span class="kw">impl </span>X509PurposeRef { |
| <span class="doccomment">/// Get the internal table index of an X509_PURPOSE for a given short name. Valid short |
| /// names include |
| /// - "sslclient", |
| /// - "sslserver", |
| /// - "nssslserver", |
| /// - "smimesign", |
| /// - "smimeencrypt", |
| /// - "crlsign", |
| /// - "any", |
| /// - "ocsphelper", |
| /// - "timestampsign" |
| /// The index can be used with `X509PurposeRef::from_idx()` to get the purpose. |
| </span><span class="attribute">#[allow(clippy::unnecessary_cast)] |
| </span><span class="kw">pub fn </span>get_by_sname(sname: <span class="kw-2">&</span>str) -> <span class="prelude-ty">Result</span><c_int, ErrorStack> { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>sname = CString::new(sname).unwrap(); |
| <span class="macro">cfg_if! </span>{ |
| <span class="kw">if </span><span class="attribute">#[cfg(any(ossl110, libressl280))] </span>{ |
| <span class="kw">let </span>purpose = cvt_n(ffi::X509_PURPOSE_get_by_sname(sname.as_ptr() <span class="kw">as </span><span class="kw-2">*const </span><span class="kw">_</span>))<span class="question-mark">?</span>; |
| } <span class="kw">else </span>{ |
| <span class="kw">let </span>purpose = cvt_n(ffi::X509_PURPOSE_get_by_sname(sname.as_ptr() <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>))<span class="question-mark">?</span>; |
| } |
| } |
| <span class="prelude-val">Ok</span>(purpose) |
| } |
| } |
| <span class="doccomment">/// Get an `X509PurposeRef` for a given index value. The index can be obtained from e.g. |
| /// `X509PurposeRef::get_by_sname()`. |
| </span><span class="attribute">#[corresponds(X509_PURPOSE_get0)] |
| </span><span class="kw">pub fn </span>from_idx(idx: c_int) -> <span class="prelude-ty">Result</span><<span class="kw-2">&</span><span class="lifetime">'static </span>X509PurposeRef, ErrorStack> { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>ptr = cvt_p(ffi::X509_PURPOSE_get0(idx))<span class="question-mark">?</span>; |
| <span class="prelude-val">Ok</span>(X509PurposeRef::from_ptr(ptr)) |
| } |
| } |
| |
| <span class="doccomment">/// Get the purpose value from an X509Purpose structure. This value is one of |
| /// - `X509_PURPOSE_SSL_CLIENT` |
| /// - `X509_PURPOSE_SSL_SERVER` |
| /// - `X509_PURPOSE_NS_SSL_SERVER` |
| /// - `X509_PURPOSE_SMIME_SIGN` |
| /// - `X509_PURPOSE_SMIME_ENCRYPT` |
| /// - `X509_PURPOSE_CRL_SIGN` |
| /// - `X509_PURPOSE_ANY` |
| /// - `X509_PURPOSE_OCSP_HELPER` |
| /// - `X509_PURPOSE_TIMESTAMP_SIGN` |
| </span><span class="kw">pub fn </span>purpose(<span class="kw-2">&</span><span class="self">self</span>) -> X509PurposeId { |
| <span class="kw">unsafe </span>{ |
| <span class="kw">let </span>x509_purpose: <span class="kw-2">*mut </span>ffi::X509_PURPOSE = <span class="self">self</span>.as_ptr(); |
| X509PurposeId::from_raw((<span class="kw-2">*</span>x509_purpose).purpose) |
| } |
| } |
| } |
| </code></pre></div> |
| </section></div></main><div id="rustdoc-vars" data-root-path="../../../" data-current-crate="openssl" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.66.0-nightly (5c8bff74b 2022-10-21)" ></div></body></html> |