This issue was automatically generated. Feel free to close without ceremony if you do not agree with re-licensing or if it is not possible for other reasons. Respond to @cmr with any questions or concerns, or pop over to #rust-offtopic on IRC to discuss.

You're receiving this because someone (perhaps the project maintainer) published a crates.io package with the license as "MIT" xor "Apache-2.0" and the repository field pointing here.

TL;DR the Rust ecosystem is largely Apache-2.0. Being available under that license is good for interoperation. The MIT license as an add-on can be nice for GPLv2 projects to use your code.

Why?

The MIT license requires reproducing countless copies of the same copyright header with different names in the copyright field, for every MIT library in use. The Apache license does not have this drawback. However, this is not the primary motivation for me creating these issues. The Apache license also has protections from patent trolls and an explicit contribution licensing clause. However, the Apache license is incompatible with GPLv2. This is why Rust is dual-licensed as MIT/Apache (the "primary" license being Apache, MIT only for GPLv2 compat), and doing so would be wise for this project. This also makes this crate suitable for inclusion and unrestricted sharing in the Rust standard distribution and other projects using dual MIT/Apache, such as my personal ulterior motive, the Robigalia project.

Some ask, "Does this really apply to binary redistributions? Does MIT really require reproducing the whole thing?" I'm not a lawyer, and I can't give legal advice, but some Google Android apps include open source attributions using this interpretation. Others also agree with it. But, again, the copyright notice redistribution is not the primary motivation for the dual-licensing. It's stronger protections to licensees and better interoperation with the wider Rust ecosystem.

How?

To do this, get explicit approval from each contributor of copyrightable work (as not all contributions qualify for copyright, due to not being a "creative work", e.g. a typo fix) and then add the following to your README:

## License

Licensed under either of

 * Apache License, Version 2.0, ([LICENSE-APACHE](LICENSE-APACHE) or http://www.apache.org/licenses/LICENSE-2.0)
 * MIT license ([LICENSE-MIT](LICENSE-MIT) or http://opensource.org/licenses/MIT)

at your option.

### Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted
for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any
additional terms or conditions.

and in your license headers, if you have them, use the following boilerplate (based on that used in Rust):

// Copyright 2016 rust-openssl Developers
//
// Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or
// http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or
// http://opensource.org/licenses/MIT>, at your option. This file may not be
// copied, modified, or distributed except according to those terms.

It's commonly asked whether license headers are required. I'm not comfortable making an official recommendation either way, but the Apache license recommends it in their appendix on how to use the license.

Be sure to add the relevant LICENSE-{MIT,APACHE} files. You can copy these from the Rust repo for a plain-text version.

And don't forget to update the license metadata in your Cargo.toml to:

license = "MIT OR Apache-2.0"

I'll be going through projects which agree to be relicensed and have approval by the necessary contributors and doing this changes, so feel free to leave the heavy lifting to me!

Contributor checkoff

To agree to relicensing, comment with :

I license past and future contributions under the dual MIT/Apache-2.0 license, allowing licensees to chose either at their option.

Or, if you're a contributor, you can check the box in this repo next to your name. My scripts will pick this exact phrase up and check your checkbox, but I'll come through and manually review this issue later as well.

• [ ] @sfackler
• [ ] @manuels
• [x] @vhbit
• [x] @kballard
• [x] @erickt
• [x] @jmesmon
• [x] @cjcole
• [x] @alexcrichton
• [ ] @elly
• [ ] @gkoz
• [x] @DiamondLovesYou
• [x] @mlalic
• [x] @ebfe
• [x] @randombit
• [x] @Geal
• [x] @jedisct1
• [x] @jroesch
• [x] @mvdnes
• [x] @andrew-d
• [x] @Manishearth
• [x] @josephglanville
• [x] @zzmp
• [x] @Cyberunner23
• [x] @aatxe
• [ ] @Noxivs
• [x] @semmaz
• [ ] @pyrho
• [x] @cybergeek94
• [x] @alex
• [ ] @brson
• [ ] @brycefisher
• [x] @chris-morgan
• [x] @Ryman
• [x] @operutka
• [x] @reaperhulk
• [x] @retep998
• [ ] @quentinbaradat
• [ ] @xorpse
• [x] @kinghajj
• [x] @uasi
• [ ] @wg
• [ ] @bheart
• [x] @bozaro
• [x] @bombless
• [ ] @akiss77
• [x] @andor44
• [ ] @ajroetker
• [x] @brunoqc
• [x] @CarlColglazier
• [x] @coyotebush
• [x] @dkhenry
• [x] @davbo
• [x] @ebarnard
• [x] @cheme
• [x] @Kroisse
• [x] @fhartwig
• [x] @Florob
• [x] @glennw
• [x] @isra17
• [x] @jameshurst
• [x] @jamwt
• [x] @yjerem
• [x] @jimmycuadra
• [x] @jtdowney
• [x] @reem
• [x] @larsbergstrom
• [x] @ltratt
• [x] @mbrubeck
• [x] @zr40
• [x] @maximih
• [ ] @miloshadzic
• [x] @Ms2ger
• [x] @nixpulvis
• [x] @nstoddard
• [x] @overminder
• [x] @globin
• [x] @seanmonstar
• [x] @Byron
• [x] @s-panferov
• [ ] @boggle
• [x] @thommay
• [x] @Ummon
• [x] @gentoo90
• [ ] @iseki-masaya
• [x] @panicbit
• [ ] @radare

failed to run custom build command for openssl-sys v0.6.4 Process didn't exit successfully: /Users/misko/developer/rust_projects/aws-simple-sdk.rs/target/debug/build/openssl-sys-149f6ef08ad7404d/build-script-build (exit code: 101) --- stdout cargo:rustc-link-search=native=/usr/lib cargo:rustc-link-lib=ssl cargo:rustc-link-lib=crypto cargo:rustc-link-lib=z TARGET = Some("x86_64-apple-darwin") TARGET = Some("x86_64-apple-darwin") CARGO_MANIFEST_DIR = Some("/Users/misko/.cargo/registry/src/github.com-1ecc6299db9ec823/openssl-sys-0.6.4") OUT_DIR = Some("/Users/misko/developer/rust_projects/aws-simple-sdk.rs/target/debug/build/openssl-sys-149f6ef08ad7404d/out") OPT_LEVEL = Some("0") PROFILE = Some("debug") debug 0 TARGET = Some("x86_64-apple-darwin") HOST = Some("x86_64-apple-darwin") CC_x86_64-apple-darwin = None CC_x86_64_apple_darwin = None HOST_CC = None CC = None TARGET = Some("x86_64-apple-darwin") HOST = Some("x86_64-apple-darwin") CFLAGS_x86_64-apple-darwin = None CFLAGS_x86_64_apple_darwin = None HOST_CFLAGS = None CFLAGS = None running: "cc" "-O0" "-c" "-ffunction-sections" "-fdata-sections" "-g" "-m64" "-fPIC" "-o" "/Users/misko/developer/rust_projects/aws-simple-sdk.rs/target/debug/build/openssl-sys-149f6ef08ad7404d/out/src/openssl_shim.o" "/Users/misko/.cargo/registry/src/github.com-1ecc6299db9ec823/openssl-sys-0.6.4/src/openssl_shim.c"

command did not execute successfully, got: exit code: 1

--- stderr /Users/misko/.cargo/registry/src/github.com-1ecc6299db9ec823/openssl-sys-0.6.4/src/openssl_shim.c:1:10: fatal error: 'openssl/hmac.h' file not found

include <openssl/hmac.h>

     ^

1 error generated. thread '

Today I updated my host development machine and found that it was not building my source code anymore.

Got the following failure:

error: failed to run custom build command for `openssl v0.9.24`
process didn't exit successfully: `.../target/debug/build/openssl-4dcd4d0c1d4575a6/build-script-build` (exit code: 101)
--- stderr
thread 'main' panicked at 'Unable to detect OpenSSL version', .../.cargo/registry/src/github.com-1ecc6299db9ec823/openssl-0.9.24/build.rs:16:14
note: Run with `RUST_BACKTRACE=1` for a backtrace.

It needs to be upgraded to openssl-sys last releases. This is important as multiple vendors will start upgrading OpenSSL and more people will face it. For now, I downgraded my host to openssl 1.1.0

installed libssl-dev on ubuntu 18 and still get this error: error: failed to run custom build command for openssl-sys v0.9.39 process didn't exit successfully: /home/forecast/cs453_finalproj_backend/target/release/build/openssl-sys-864259d0b1f702fc/build-script-main (exit code: 101)

As openssl-sys adds the world to the link path, it prevents linking against any libs that have a different version in /usr/lib

cargo:rustc-link-search=native=/usr/lib/x86_64-linux-gnu
cargo:rustc-link-lib=ssl
cargo:rustc-link-lib=crypto

It appears that link path order is randomized by cargo, so this will cause nicely randomized link failures if other native crates are in use (or silently cause the wrong/unpatched version of a lib to be linked instead).

This can be fixed by producing the following output instead:

cargo:rustc-link-search=native=/usr/lib/x86_64-linux-gnu/libssl*
cargo:rustc-link-search=native=/usr/lib/x86_64-linux-gnu/libcrypto*
cargo:rustc-link-lib=ssl
cargo:rustc-link-lib=crypto

The reuse API I implemented for Hasher the last time proved to be very hard to use. Here's a better approach that relies on the borrow checker by using a mut reference. This time it's both Hasher and HMAC.

• Add a "one stop" compute() method for the simple use case.
• Split out update()/finalize() API into the Accumulator struct.
• Rely on borrow checker to enforce openssl call order contract (init, update+, finalize).
• Track the lifecycle explicitly as an optimization in HMAC case and to workaround Rust 1.0's unsafe destructor limitation (see https://github.com/rust-lang/rust/issues/17858#issuecomment-58280941).
• Unify Hasher and HMAC implementation details for consistency.
• Implement Writer for Accumulator.
• Add examples.
• Deprecate standalone hash() in favor of Hasher::compute().

Note that Accumulator now has very similar methods update() and write(). It could make sense to drop update(), although write() requires checking the return value...

I looked briefly at the rust-openssl build, but haven't had enough time to dig into this:

= note: "cc" "-m64" "-L" "/Users/benjaminfry/.rustup/toolchains/stable-x86_64-apple-darwin/lib/rustlib/x86_64-apple-darwin/lib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/secure_client_handle_tests-1186407fd8b3feb4.0.o" "-o" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/secure_client_handle_tests-1186407fd8b3feb4" "-Wl,-dead_strip" "-nodefaultlibs" "-L" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps" "-L" "/usr/lib" "-L" "/usr/local/opt/openssl/lib" "-L" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/build/ring-b04a0c9d4dc7829a/out/lib" "-L" "/Users/benjaminfry/.rustup/toolchains/stable-x86_64-apple-darwin/lib/rustlib/x86_64-apple-darwin/lib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/libtrust_dns_server.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/libtrust_dns.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/libtokio_core-7d79a0061e4987e4.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/libscoped_tls-53036341d2dbbe26.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/libmio-d8a3ebfe89185cdb.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/libslab-69010361762af86e.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/librand-8ea7d489d4a383a0.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/libopenssl-c9e7b933bde3d3a6.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/libdata_encoding-8503efda09142c21.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/libchrono-7342810e34d1c30d.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/librusqlite-a221a739db38f0bf.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/libtime-750bfdd52feafcb7.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/libbitflags-0e272044714c8076.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/libtoml-1a75b37a708f335b.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/librustc_serialize-6b938435173797f7.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/liblazycell-d53b754addaf1d91.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/libnix-56d9e0b660233faa.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/libring-863fd845bbadbb87.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/libfutures-21d097dc8f05f683.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/libbitflags-75746cc7f0e9d928.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/liblibsqlite3_sys-02dacca8e9891790.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/liblazy_static-7f1b96a3a3eb529d.rlib" "/Users/benjaminfry/.rustup/toolchains/stable-x86_64-apple-darwin/lib/rustlib/x86_64-apple-darwin/lib/libtest-f5a209a9.rlib" "/Users/benjaminfry/.rustup/toolchains/stable-x86_64-apple-darwin/lib/rustlib/x86_64-apple-darwin/lib/libterm-f5a209a9.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/libopenssl_sys-6c510e83c5b0b664.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/liberror_chain-5731652bab0d1a8e.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/libbacktrace-dffaf784d6265843.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/librustc_demangle-9f84838926c47318.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/libdbghelp-72843bd5c387f78b.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/libwinapi-0889532d327ff4e2.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/libnum-1fa4854b44bb6a54.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/libnum_iter-50df698bc905252c.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/libnum_integer-52fdddf28cd8e924.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/libnet2-755d3e4f87237d0e.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/libcfg_if-72c1f992b13d5087.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/liblibc-e1db4c5f3a4f3c2f.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/libuntrusted-6d5be7309ea48309.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/liblru_cache-5df7c7dfb11fae93.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/liblinked_hash_map-8bca62f90f0f04c7.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/libnum_traits-92bb90166cd1857c.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/libvoid-2cc31605fcb01ba1.rlib" "/Users/benjaminfry/.rustup/toolchains/stable-x86_64-apple-darwin/lib/rustlib/x86_64-apple-darwin/lib/libgetopts-f5a209a9.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/liblog-bf16bb9a4912b11d.rlib" "/Users/benjaminfry/Development/rust/trust-dns/target/debug/deps/libkernel32-df86a08647459244.rlib" "/Users/benjaminfry/.rustup/toolchains/stable-x86_64-apple-darwin/lib/rustlib/x86_64-apple-darwin/lib/libstd-f5a209a9.rlib" "/Users/benjaminfry/.rustup/toolchains/stable-x86_64-apple-darwin/lib/rustlib/x86_64-apple-darwin/lib/libpanic_unwind-f5a209a9.rlib" "/Users/benjaminfry/.rustup/toolchains/stable-x86_64-apple-darwin/lib/rustlib/x86_64-apple-darwin/lib/libunwind-f5a209a9.rlib" "/Users/benjaminfry/.rustup/toolchains/stable-x86_64-apple-darwin/lib/rustlib/x86_64-apple-darwin/lib/librand-f5a209a9.rlib" "/Users/benjaminfry/.rustup/toolchains/stable-x86_64-apple-darwin/lib/rustlib/x86_64-apple-darwin/lib/libcollections-f5a209a9.rlib" "/Users/benjaminfry/.rustup/toolchains/stable-x86_64-apple-darwin/lib/rustlib/x86_64-apple-darwin/lib/liballoc-f5a209a9.rlib" "/Users/benjaminfry/.rustup/toolchains/stable-x86_64-apple-darwin/lib/rustlib/x86_64-apple-darwin/lib/liballoc_jemalloc-f5a209a9.rlib" "/Users/benjaminfry/.rustup/toolchains/stable-x86_64-apple-darwin/lib/rustlib/x86_64-apple-darwin/lib/liblibc-f5a209a9.rlib" "/Users/benjaminfry/.rustup/toolchains/stable-x86_64-apple-darwin/lib/rustlib/x86_64-apple-darwin/lib/librustc_unicode-f5a209a9.rlib" "/Users/benjaminfry/.rustup/toolchains/stable-x86_64-apple-darwin/lib/rustlib/x86_64-apple-darwin/lib/libcore-f5a209a9.rlib" "/Users/benjaminfry/.rustup/toolchains/stable-x86_64-apple-darwin/lib/rustlib/x86_64-apple-darwin/lib/libcompiler_builtins-f5a209a9.rlib" "-l" "c++" "-l" "sqlite3" "-l" "sqlite3" "-l" "sqlite3" "-l" "ssl" "-l" "crypto" "-l" "System" "-l" "pthread" "-l" "c" "-l" "m"
  = note: Undefined symbols for architecture x86_64:
  "_EVP_DigestVerifyFinal", referenced from:
      openssl::sign::Verifier::finish::h2254ce4db54d0d04 in libopenssl-c9e7b933bde3d3a6.rlib(openssl-c9e7b933bde3d3a6.0.o)
  "_EVP_DigestSignFinal", referenced from:
      openssl::sign::Signer::finish::hd5e70040d912dd63 in libopenssl-c9e7b933bde3d3a6.rlib(openssl-c9e7b933bde3d3a6.0.o)
  "_EVP_DigestVerifyInit", referenced from:
      openssl::sign::Verifier::new::hb1fc11f25f026f4f in libopenssl-c9e7b933bde3d3a6.rlib(openssl-c9e7b933bde3d3a6.0.o)
  "_EVP_DigestSignInit", referenced from:
      openssl::sign::Signer::new::h3ca1d35e4b331ef5 in libopenssl-c9e7b933bde3d3a6.rlib(openssl-c9e7b933bde3d3a6.0.o)
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)

It seems to be a race condition and happens more regularly on TravisCI macOS builds, but I see it regularly on my local machine as well.

Runtime error: thread 'main' panicked at 'calledResult::unwrap()on anErrvalue: Failure(MidHandshakeSslStream { stream: SslStream { stream: TcpStream { addr: V4(127.0.0.1:39962), peer: V4(127.0.0.1:6666), fd: 3 }, ssl: Ssl { state: "SSLv3/TLS write client hello", verify_result: X509VerifyResult { code: 0, error: "ok" } } }, error: Error { code: ErrorCode(5), cause: None } })', /checkout/src/libcore/result.rs:916:5

Client code:

pub fn connect() { let connector = SslConnector::builder(SslMethod::tls()).unwrap().build();

let stream = TcpStream::connect("127.0.0.1:6666").unwrap();

let mut finalstream = connector.connect("127.0.0.1:6666", stream).unwrap(); //This line is having problems

}

Server code: pub fn start() { let listener = TcpListener::bind("127.0.0.1:6666").unwrap(); let mut acceptor = SslAcceptor::mozilla_intermediate(SslMethod::tls()) .unwrap() .build();

for stream in listener.incoming() {
    match stream {
        Ok(stream) => handle_client(stream),
        Err(e) => { /* connection failed */ }
    }
}

}

Hi everyone,

I'm trying to get a simple project setup, but I can't get openssl working (its one of the dependencies). I've followed all the steps for the windows toolchain, but it's failing in the linker saying it's missing ssl32.lib. Any ideas?

Here's cargo test --verbose:

c:\Users\Charles\Repos\rust-openssl\openssl>cargo test --verbose
       Fresh lazy_static v0.1.15
       Fresh libc v0.1.10
       Fresh rustc-serialize v0.3.16
       Fresh pkg-config v0.3.6
       Fresh bitflags v0.3.2
       Fresh winapi-build v0.1.1
       Fresh winapi v0.2.4
       Fresh cfg-if v0.1.0
       Fresh kernel32-sys v0.1.4
       Fresh advapi32-sys v0.1.2
       Fresh ws2_32-sys v0.1.0
       Fresh gcc v0.3.18
       Fresh net2 v0.2.15
       Fresh openssl-sys v0.6.7 (file:///C:/Users/Charles/Repos/rust-openssl/openssl)
   Compiling openssl v0.6.7 (file:///C:/Users/Charles/Repos/rust-openssl/openssl)
     Running `rustc src\lib.rs --crate-name openssl --crate-type lib -g --test -C metadata=08be2358417965a0 -C extra-filename=-08be2358417965a0 --out-dir C:\Users\Charles\Repos\rust-openssl\openssl\target\debug --emit=dep-info,link -L     dependency=C:\Users\Charles\Repos\rust-openssl\openssl\target\debug -L dependency=C:\Users\Charles\Repos\rust-openssl\openssl\target\debug\deps --extern net2=C:\Users\Charles\Repos\rust-openssl\openssl\target\debug\deps\libnet2-2ffd8b554b04092b.rlib --extern     bitflags=C:\Users\Charles\Repos\rust-openssl\openssl\target\debug\deps\libbitflags-c495827ddcd6a202.rlib --extern lazy_static=C:\Users\Charles\Repos\rust-openssl\openssl\target\debug\deps\liblazy_static-f3aa6dfcc7c157cc.rlib --extern     openssl_sys=C:\Users\Charles\Repos\rust-openssl\openssl\target\debug\deps\libopenssl_sys-58120a0dd01cdf9f.rlib --extern rustc_serialize=C:\Users\Charles\Repos\rust-openssl\openssl\target\debug\deps\librustc_serialize-7ff5bfc027146194.rlib --extern     libc=C:\Users\Charles\Repos\rust-openssl\openssl\target\debug\deps\liblibc-144c435538abd757.rlib -L native=C:\OpenSSL-Win64 -L native=C:\Users\Charles\Repos\rust-openssl\openssl\target\debug\build\openssl-sys-90e2af8b7f885723\out`
error: linking with `link.exe` failed: exit code: 1181
note: "C:\\Program Files (x86)\\Microsoft Visual Studio 14.0\\VC\\bin\\link.exe" "/LIBPATH:C:\\Program Files (x86)\\Microsoft Visual Studio 14.0\\VC/lib\\amd64" "/LIBPATH:C:\\Program Files (x86)\\Windows Kits\\10\\Lib\\10.0.10150.0\\ucrt\\x64" "/LIBPATH:C:\\Program Files (x86)\\Windows     Kits\\8.1\\Lib\\winv6.3\\um\\x64" "/NOLOGO" "/NXCOMPAT" "/LIBPATH:C:\\Program Files\\Rust nightly 1.5\\bin\\rustlib\\x86_64-pc-windows-msvc\\lib" "C:\\Users\\Charles\\Repos\\rust-openssl\\openssl\\target\\debug\\openssl-08be2358417965a0.0.o"     "/OUT:C:\\Users\\Charles\\Repos\\rust-openssl\\openssl\\target\\debug\\openssl-08be2358417965a0.exe" "/OPT:REF,ICF" "/DEBUG" "/LIBPATH:C:\\Users\\Charles\\Repos\\rust-openssl\\openssl\\target\\debug" "/LIBPATH:C:\\Users\\Charles\\Repos\\rust-openssl\\openssl\\target\\debug\\deps"     "/LIBPATH:C:\\OpenSSL-Win64" "/LIBPATH:C:\\Users\\Charles\\Repos\\rust-openssl\\openssl\\target\\debug\\build\\openssl-sys-90e2af8b7f885723\\out" "/LIBPATH:C:\\Program Files\\Rust nightly 1.5\\bin\\rustlib\\x86_64-pc-windows-msvc\\lib"     "/LIBPATH:c:\\Users\\Charles\\Repos\\rust-openssl\\openssl\\.rust\\bin\\x86_64-pc-windows-msvc" "/LIBPATH:c:\\Users\\Charles\\Repos\\rust-openssl\\openssl\\bin\\x86_64-pc-windows-msvc" "C:\\Users\\Charles\\Repos\\rust-openssl\\openssl\\target\\debug\\deps\\liblazy_static-f3aa6dfcc7c157cc.rlib"     "C:\\Users\\Charles\\Repos\\rust-openssl\\openssl\\target\\debug\\deps\\libnet2-2ffd8b554b04092b.rlib" "C:\\Users\\Charles\\Repos\\rust-openssl\\openssl\\target\\debug\\deps\\libopenssl_sys-58120a0dd01cdf9f.rlib" "C:\\Program Files\\Rust nightly     1.5\\bin\\rustlib\\x86_64-pc-windows-msvc\\lib\\libtest-10cbabc2.rlib" "C:\\Program Files\\Rust nightly 1.5\\bin\\rustlib\\x86_64-pc-windows-msvc\\lib\\libterm-10cbabc2.rlib" "C:\\Program Files\\Rust nightly 1.5\\bin\\rustlib\\x86_64-pc-windows-msvc\\lib\\libserialize-10cbabc2.rlib"     "C:\\Users\\Charles\\Repos\\rust-openssl\\openssl\\target\\debug\\deps\\liblibc-144c435538abd757.rlib" "C:\\Users\\Charles\\Repos\\rust-openssl\\openssl\\target\\debug\\deps\\libbitflags-c495827ddcd6a202.rlib"     "C:\\Users\\Charles\\Repos\\rust-openssl\\openssl\\target\\debug\\deps\\libcfg_if-0dcf5e6d515dd4d2.rlib" "C:\\Users\\Charles\\Repos\\rust-openssl\\openssl\\target\\debug\\deps\\librustc_serialize-7ff5bfc027146194.rlib"     "C:\\Users\\Charles\\Repos\\rust-openssl\\openssl\\target\\debug\\deps\\libws2_32-f4c2e6f3694418f6.rlib" "C:\\Users\\Charles\\Repos\\rust-openssl\\openssl\\target\\debug\\deps\\libkernel32-62844336d3806e02.rlib"     "C:\\Users\\Charles\\Repos\\rust-openssl\\openssl\\target\\debug\\deps\\libwinapi-21b078e9a1931364.rlib" "C:\\Program Files\\Rust nightly 1.5\\bin\\rustlib\\x86_64-pc-windows-msvc\\lib\\liblog-10cbabc2.rlib" "C:\\Program Files\\Rust nightly     1.5\\bin\\rustlib\\x86_64-pc-windows-msvc\\lib\\libgetopts-10cbabc2.rlib" "C:\\Program Files\\Rust nightly 1.5\\bin\\rustlib\\x86_64-pc-windows-msvc\\lib\\libstd-10cbabc2.rlib" "C:\\Program Files\\Rust nightly 1.5\\bin\\rustlib\\x86_64-pc-windows-msvc\\lib\\libcollections-10cbabc2.rlib"     "C:\\Program Files\\Rust nightly 1.5\\bin\\rustlib\\x86_64-pc-windows-msvc\\lib\\librustc_unicode-10cbabc2.rlib" "C:\\Program Files\\Rust nightly 1.5\\bin\\rustlib\\x86_64-pc-windows-msvc\\lib\\librand-10cbabc2.rlib" "C:\\Program Files\\Rust nightly     1.5\\bin\\rustlib\\x86_64-pc-windows-msvc\\lib\\liballoc-10cbabc2.rlib" "C:\\Program Files\\Rust nightly 1.5\\bin\\rustlib\\x86_64-pc-windows-msvc\\lib\\liballoc_system-10cbabc2.rlib" "C:\\Program Files\\Rust nightly 1.5\\bin\\rustlib\\x86_64-pc-windows-msvc\\lib\\liblibc-10cbabc2.rlib"     "C:\\Program Files\\Rust nightly 1.5\\bin\\rustlib\\x86_64-pc-windows-msvc\\lib\\libcore-10cbabc2.rlib" "ssl32.lib" "eay32.lib" "kernel32.lib" "kernel32.lib" "shell32.lib" "msvcrt.lib" "ws2_32.lib" "kernel32.lib" "ws2_32.lib" "userenv.lib" "advapi32.lib" "kernel32.lib" "shell32.lib" "msvcrt.lib"     "compiler-rt.lib"
note: LINK : fatal error LNK1181: cannot open input file 'ssl32.lib'

error: aborting due to previous error
Could not compile `openssl`.

Caused by:
  Process didn't exit successfully: `rustc src\lib.rs --crate-name openssl --crate-type lib -g --test -C metadata=08be2358417965a0 -C extra-filename=-08be2358417965a0 --out-dir C:\Users\Charles\Repos\rust-openssl\openssl\target\debug --emit=dep-info,link -L     dependency=C:\Users\Charles\Repos\rust-openssl\openssl\target\debug -L dependency=C:\Users\Charles\Repos\rust-openssl\openssl\target\debug\deps --extern net2=C:\Users\Charles\Repos\rust-openssl\openssl\target\debug\deps\libnet2-2ffd8b554b04092b.rlib --extern     bitflags=C:\Users\Charles\Repos\rust-openssl\openssl\target\debug\deps\libbitflags-c495827ddcd6a202.rlib --extern lazy_static=C:\Users\Charles\Repos\rust-openssl\openssl\target\debug\deps\liblazy_static-f3aa6dfcc7c157cc.rlib --extern     openssl_sys=C:\Users\Charles\Repos\rust-openssl\openssl\target\debug\deps\libopenssl_sys-58120a0dd01cdf9f.rlib --extern rustc_serialize=C:\Users\Charles\Repos\rust-openssl\openssl\target\debug\deps\librustc_serialize-7ff5bfc027146194.rlib --extern     libc=C:\Users\Charles\Repos\rust-openssl\openssl\target\debug\deps\liblibc-144c435538abd757.rlib -L native=C:\OpenSSL-Win64 -L native=C:\Users\Charles\Repos\rust-openssl\openssl\target\debug\build\openssl-sys-90e2af8b7f885723\out` (exit code: 101)

This commit is relatively major refactoring of the openssl-sys crate as well as the openssl crate itself. The end goal here was to support OpenSSL 1.1.0, and lots of other various tweaks happened along the way. The major new features are:

• OpenSSL 1.1.0 is supported
• OpenSSL 0.9.8 is no longer supported (aka all OSX users by default)
• All FFI bindings are verified with the ctest crate (same way as the libc crate)
• CI matrixes are vastly expanded to include 32/64 of all platforms, more OpenSSL version coverage, as well as ARM coverage on Linux
• The c_helpers module is completely removed along with the gcc dependency.
• The openssl-sys build script was completely rewritten
  • Now uses OPENSSL_DIR to find the installation, not include/lib env vars.
  • Better error messages for mismatched versions.
  • Better error messages for failing to find OpenSSL on a platform (more can be done here)
  • Probing of OpenSSL build-time configuration to inform the API of the *-sys crate.
• Many Cargo features have been removed as they're now enabled by default.

As this is a breaking change to both the openssl and openssl-sys crates this will necessitate a major version bump of both. There's still a few more API questions remaining but let's hash that out on a PR!

Closes #452

Using homebrew on M1 Mac, installed [email protected]. Only works if I manually set OPENSSL_DIR to /opt/homebrew/Cellar/[email protected]/1.1.1o/, where the installation is located.

Since both openssl@3 and [email protected] are supported, it would be good to recommend to use openssl@3.

https://github.com/sfackler/rust-openssl/blob/8621407a3268071e30312dfe40098b574554ea1f/openssl-sys/build/find_normal.rs#L36

Code below can be used to sign data with private key and certificate

let cms_signature = CmsContentInfo::sign(
        Some(&certificate),
        Some(&private_key),
        None,
        Some(content),
        CMSOptions::DETACHED
            | CMSOptions::CMS_NOCERTS
            | CMSOptions::BINARY
            | CMSOptions::NOSMIMECAP,
    )?;

Is there any way to specify the digest algorithm when signing? It's available in the CMS_add1_signer method of openssl library: 1

Right now if you compile against BoringSSL (i.e., point OPENSSL_DIR at it), but don't specify unstable_boringssl it will silently build, but many things won't work (e.g. https://github.com/pyca/cryptography/pull/7933#issuecomment-1364703766).

At a minimum, would it make sense to detect this situation with expando.c and fail the build, rather than silently proceeding?

Even better would be if it could detect this and work -- perhaps by BoringSSL putting the generated bssl-sys crate somewhere that could be detected.

cc: @davidben, @maurer, @benbrittain, @durin42

I suspect the right answer is to submit a PR, but I'll save this here for everyones history.

History:

1. In late 2019 someone needed set DTLS MTU, and observed that responding to BIO_CTRL_DGRAM_QUERY_MTU would do so. See #1155
2. Code to support responding to BIO_CTRL_DGRAM_QUERY_MTU got merged in #1160
3. SslStreamBuilder::set_dtls_mtu_size() gets deprecated around #1280 with SslRef::set_mtu() INCORRECTLY!
4. I observered that SslRef::set_mtu() isn't working to set the DTLS mtu in #1732

SslRef::set_mtu() ends here:

pub unsafe fn SSL_set_mtu(ssl: *mut SSL, mtu: c_long) -> c_long {
    SSL_ctrl(ssl, SSL_CTRL_SET_MTU, mtu, ptr::null_mut())
}

But to set the DTLS MTU in 1.x.x you need to respond to BIO_CTRL_DGRAM_QUERY_MTU. SSL_ctrl(ssl, SSL_CTRL_SET_MTU, mtu, ptr::null_mut()) will NOT set the dtls mtu.

I also tried SSL_ctrl(ssl,DTLS_CTRL_SET_LINK_MTU..., but this doesn't work either. Note, DTLS_CTRL_SET_LINK_MTU is NOT in the rust-openssl headers, so I think its not supported by openssl 1.1.x, maybe in 3.x.x ?

Currently the only way to set the DTLS mtu without patches is to use the deprecated SslStreamBuilder::set_dtls_mtu_size()

I am seeking help with a new test-func: #[test] fn statless_DTLS() based upon the existing #[test] fn stateless(), which is for TLS found here.

Unless, a more experienced person is willing to show how to do it, I will take a stab at it. (I vaguely understand some of this)

1. It seems that DTLSv1_listen will need to be written to make this happen.
2. If there is a DTLS MTU issue #1732 (hopefully I'm wrong). Then that would probably need resolution also, as I think the ClientHello needs to fit an a single message.

I would sure appreciate any tips or ideas on converting the stateless() test to DTLS_stateless other than what I have mentioned.

Thank you.