Expose load_verify_locations like rust-openssl

2026-02-13 19:56:42 +00:00 · 2026-02-13 19:56:42 +00:00 · fa3a4ca915
commit fa3a4ca915
parent 434585d90d
1 changed files with 22 additions and 10 deletions
--- a/boring/src/ssl/mod.rs
+++ b/boring/src/ssl/mod.rs
@ -1272,15 +1272,26 @@ impl SslContextBuilder {
    /// The file should contain a sequence of PEM-formatted CA certificates.
    #[corresponds(SSL_CTX_load_verify_locations)]
    pub fn set_ca_file<P: AsRef<Path>>(&mut self, file: P) -> Result<(), ErrorStack> {
+        self.load_verify_locations(Some(file.as_ref()), None)
+    }
+
+    /// Loads trusted root certificates from a file and/or a directory.
+    #[corresponds(SSL_CTX_load_verify_locations)]
+    pub fn load_verify_locations(
+        &mut self,
+        ca_file: Option<&Path>,
+        ca_path: Option<&Path>,
+    ) -> Result<(), ErrorStack> {
        self.ctx.check_x509();

-        let file = CString::new(file.as_ref().as_os_str().as_encoded_bytes())
-            .map_err(ErrorStack::internal_error)?;
+        let ca_file = ca_file.map(path_to_cstring).transpose()?;
+        let ca_path = ca_path.map(path_to_cstring).transpose()?;
+
        unsafe {
            cvt(ffi::SSL_CTX_load_verify_locations(
                self.as_ptr(),
-                file.as_ptr(),
-                ptr::null(),
+                ca_file.as_ref().map_or(ptr::null(), |s| s.as_ptr()),
+                ca_path.as_ref().map_or(ptr::null(), |s| s.as_ptr()),
            ))
        }
    }
@ -1341,8 +1352,7 @@ impl SslContextBuilder {
    ) -> Result<(), ErrorStack> {
        self.ctx.check_x509();

-        let file = CString::new(file.as_ref().as_os_str().as_encoded_bytes())
-            .map_err(ErrorStack::internal_error)?;
+        let file = path_to_cstring(file.as_ref())?;
        unsafe {
            cvt(ffi::SSL_CTX_use_certificate_file(
                self.as_ptr(),
@ -1362,8 +1372,7 @@ impl SslContextBuilder {
        &mut self,
        file: P,
    ) -> Result<(), ErrorStack> {
-        let file = CString::new(file.as_ref().as_os_str().as_encoded_bytes())
-            .map_err(ErrorStack::internal_error)?;
+        let file = path_to_cstring(file.as_ref())?;
        unsafe {
            cvt(ffi::SSL_CTX_use_certificate_chain_file(
                self.as_ptr(),
@ -1403,8 +1412,7 @@ impl SslContextBuilder {
        file: P,
        file_type: SslFiletype,
    ) -> Result<(), ErrorStack> {
-        let file = CString::new(file.as_ref().as_os_str().as_encoded_bytes())
-            .map_err(ErrorStack::internal_error)?;
+        let file = path_to_cstring(file.as_ref())?;
        unsafe {
            cvt(ffi::SSL_CTX_use_PrivateKey_file(
                self.as_ptr(),
@ -4574,3 +4582,7 @@ unsafe fn get_new_idx(f: ffi::CRYPTO_EX_free) -> c_int {
 unsafe fn get_new_ssl_idx(f: ffi::CRYPTO_EX_free) -> c_int {
    ffi::SSL_get_ex_new_index(0, ptr::null_mut(), ptr::null_mut(), None, f)
 }
+
+fn path_to_cstring(path: &Path) -> Result<CString, ErrorStack> {
+    CString::new(path.as_os_str().as_encoded_bytes()).map_err(ErrorStack::internal_error)
+}