Skip to content

Commit 1a6d7ba

Browse files
GoiradGoirad
committed
revert unnecessary changes
1 parent c400390 commit 1a6d7ba

File tree

1 file changed

+17
-15
lines changed

1 file changed

+17
-15
lines changed

src/imp/openssl.rs

Lines changed: 17 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ use self::openssl::ssl::{
1010
self, MidHandshakeSslStream, SslAcceptor, SslConnector, SslContextBuilder, SslMethod,
1111
SslVerifyMode,
1212
};
13-
use self::openssl::x509::{X509VerifyResult, X509};
13+
use self::openssl::x509::{X509, X509VerifyResult};
1414
use std::error;
1515
use std::fmt;
1616
use std::io;
@@ -155,7 +155,7 @@ impl From<ErrorStack> for Error {
155155
pub struct Identity {
156156
pkey: PKey<Private>,
157157
cert: X509,
158-
chain: Option<Vec<X509>>,
158+
chain: Vec<X509>,
159159
}
160160

161161
impl Identity {
@@ -165,19 +165,19 @@ impl Identity {
165165
Ok(Identity {
166166
pkey: parsed.pkey,
167167
cert: parsed.cert,
168-
chain: parsed.chain.map(|stack| stack.into_iter().collect()),
168+
chain: parsed.chain.into_iter().flat_map(|x| x).collect(),
169169
})
170170
}
171171

172172
pub fn from_pkcs8(buf: &[u8], key: &[u8]) -> Result<Identity, Error> {
173173
let pkey = PKey::private_key_from_pem(key)?;
174-
let p_block = pem::PemBlock::new(buf);
175-
let mut chain: Vec<X509> = p_block.map(|buf| X509::from_pem(buf).unwrap()).collect();
176-
let cert = chain.pop();
174+
let mut cert_chain = pem::PemBlock::new(buf).map(|buf| X509::from_pem(buf).unwrap());
175+
let cert = cert_chain.next();
176+
let chain = cert_chain.collect();
177177
Ok(Identity {
178178
pkey,
179179
cert: cert.expect("need identity cert"),
180-
chain: Some(chain),
180+
chain: chain,
181181
})
182182
}
183183
}
@@ -277,10 +277,11 @@ impl TlsConnector {
277277
if let Some(ref identity) = builder.identity {
278278
connector.set_certificate(&identity.0.cert)?;
279279
connector.set_private_key(&identity.0.pkey)?;
280-
if let Some(ref chain) = identity.0.chain {
281-
for cert in chain.iter().rev() {
282-
connector.add_extra_chain_cert(cert.to_owned())?;
283-
}
280+
for cert in identity.0.chain.iter() {
281+
// https://www.openssl.org/docs/manmaster/man3/SSL_CTX_add_extra_chain_cert.html
282+
// specifies that "When sending a certificate chain, extra chain certificates are
283+
// sent in order following the end entity certificate."
284+
connector.add_extra_chain_cert(cert.to_owned())?;
284285
}
285286
}
286287
supported_protocols(builder.min_protocol, builder.max_protocol, &mut connector)?;
@@ -328,10 +329,11 @@ impl TlsAcceptor {
328329
let mut acceptor = SslAcceptor::mozilla_intermediate(SslMethod::tls())?;
329330
acceptor.set_private_key(&builder.identity.0.pkey)?;
330331
acceptor.set_certificate(&builder.identity.0.cert)?;
331-
if let Some(ref chain) = builder.identity.0.chain {
332-
for cert in chain.iter().rev() {
333-
acceptor.add_extra_chain_cert(cert.to_owned())?;
334-
}
332+
for cert in builder.identity.0.chain.iter() {
333+
// https://www.openssl.org/docs/manmaster/man3/SSL_CTX_add_extra_chain_cert.html
334+
// specifies that "When sending a certificate chain, extra chain certificates are
335+
// sent in order following the end entity certificate."
336+
acceptor.add_extra_chain_cert(cert.to_owned())?;
335337
}
336338
supported_protocols(builder.min_protocol, builder.max_protocol, &mut acceptor)?;
337339

0 commit comments

Comments
 (0)