macOS/iOS Security framework for Rust

MIT license (LICENSE-MIT or

macOS/iOS Security framework for Rust

Documentation

Bindings to the Apple's Security.framework. Allows use of TLS and Keychain from Rust.

License

Licensed under either of

  • Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
  • MIT license (LICENSE-MIT or #404)

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you shall be dual licensed as above, without any additional terms or conditions.

Issues

Collection of the latest Issues

gopakumarce

gopakumarce

3

First of all thanks a lot for this lib, helps a lot writing stuff for apple ecosystem.

As far as I understand from apple documentation, SSLWrite() will call SSLWriteFunc(), but if there is any kind of error returned by SSLWriteFunc(), SSLWrite() itself will return an error of its own, ie there is no responsibility the coder has to "save" the error returned by SSLWriteFunc() and then check that after calling SSLWrite() etc.. In fact, doing that might be erroneous - consider this example.

  1. We called SSLWrite(), SSLWriteFunc() might have returned errSslWouldBlock, but SSLWrite() itself succeeded because SSL lib is gonna buffer up the data we provide (and encrypt it and call SSLWriteFunc() on the encrypted data) - so the library has now "cached" an error errSslWouldBlock in conn.err
  2. Later again we call SSLWrite(), this time just as an example say there was some error and the API returned errSSLPeerCertExpired
  3. Now write() will go and check conn.err and will find errSslWouldBlock and that is what the caller to write() gets as an error, which is incorrect

So in summary, IMO there is no need to cache conn.err and return it - unless there was a reason for it, which ill be curious to know

steven-joruk

steven-joruk

5

There have been some occasions where people introduce new APIs but forget to properly specify the respective supported OS or minimum OS version, which is understandable because it's easy to get wrong. I wouldn't be surprised if there were APIs in use today that aren't behind the correct feature flags.

Off the top of my head there might be two ways to improve the situation:

  • Make use of -mmacosx-version-min and related flags to get compile time warnings (ideally errors?) about using APIs which won't be available for the target. If this an improvement, how can we make it easy for users of the crate to use this approach? Are there any issues regarding cross compilation?
  • Perhaps bindgen could be extended to expose availability info and create feature flags for the rust implementations?

If anyone has thoughts or other suggestions I'd love to hear them.

mboetger

mboetger

3

WRT: APPLE PUBLIC SOURCE LICENSE

The license states, "This project contains documentation adapted from Apple Inc.'s Security Framework".

What documentation necessitates this license? I was hoping to use this in a project but this license is an issue for us.

inejge

inejge

help wanted
2

See sfackler/rust-native-tls#171, which also contains the test program for the leak. Cargo.lock says:

Note that I have limited access to macOS machines, and can't run GUI tools such as Instruments.

Versions

Find the latest versions by id

v0.4.1 - Feb 01, 2020

There is a newer version than this one, but GitHub isn't showing it to you.

v0.3.0 - Apr 20, 2019

  • Bump to 0.3 due to core-foundation-sys upgrade (Kornel)
  • Upgrade ctest (Kornel)
  • Fix for older rustc (#77) (Sergej Jurečko)
  • Public key DER export (#75) (Sergej Jurečko)
  • additional exports and wrappers (#73) (Sergej Jurečko)
  • Remove dependency on MacTypes-sys (luben karavelov)
  • Improve Keychain Item SearchResult(s). (Geoff Cant)

v0.2.2 - Jan 19, 2019

  • Add ALPN protocols bindings (Qifan Lu)
  • macOS Keychain support for Generic and Internet passwords (David Watson, Kornel Lesiński)
  • Add bindings for password functions (David Watson)
  • Support ALPN with weak linkage (Kazuyoshi Kato)
  • Update secure_transport.rs (Christoph Walcher)

v0.2.1 - Jun 01, 2018

  • Added accessors for certificate properties.
  • Fixed a possible crash in SslContext::peer_trust.

v0.2.0 - Mar 24, 2018

  • Dropped support for OSX 10.7.
  • Replaced enums with wrapper types and associated constants.
  • SNI and hostname verification are now configured separately in ClientBuilder.

v0.1.10 - Dec 20, 2016

  • Support client certificates in ClientBuilder.
  • Fix iOS build
  • Add a handshake2 method with async support to ClientBuilder.

v0.1.9 - Nov 08, 2016

  • SslStream no longer calls SSLClose in its destructor. A close method has been added instead.
  • Add SslContext::set_protocol_version_enabled. This is deprecated, but the replacement is not available on OSX 10.8.
  • Implement Sync and Send for all types.
  • Error now has a public constructor.
  • Add MidHandshakeSslStream::error.

Information - Updated May 13, 2022

Stars: 143
Forks: 57
Issues: 10

This is an example of a Rust server that functions as a remote schema for...

Rust + Hasura Rust server that functions as a Hasura

This is an example of a Rust server that functions as a remote schema for...

Newport Engine is a modular 2D and 3D game engine built in Rust for Rust

It is designed to be easily extendable and easy to use

Newport Engine is a modular 2D and 3D game engine built in Rust for Rust

Newport Engine is a modular 2D and 3D game engine built in Rust for Rust

It is designed to be easily extendable and easy to use

Newport Engine is a modular 2D and 3D game engine built in Rust for Rust

liboqs-rust: Rust bindings for liboqs

Qyantum Safe liboqs rust bindings

liboqs-rust: Rust bindings for liboqs

msgflo-rust: Rust participant support for MsgFlo

Flowhub visual programming IDE

msgflo-rust: Rust participant support for MsgFlo

Trojan-rust is a rust implementation for Trojan protocol that is targeted to circumvent GFW

Trojan protocol that is targeted to circumvent tokio-rs to achieve high performance async io

Trojan-rust is a rust implementation for Trojan protocol that is targeted to circumvent GFW
Actix

1.0K

How to be a full stack Rust Developer

Read Rust the Rust blog posts at Steadylearner

How to be a full stack Rust Developer

Rust library translation (rust-src/rust-std/stdlib/rustlib translation)

This is the place to translate Having a documentation in your native language is essential if you don't speak English, and still enjoyable even if...

Rust library translation (rust-src/rust-std/stdlib/rustlib translation)

False Positive for rust-lang/rust#83583

The deprecation lint proc_macro_derive_resolution_fallback is intended to catch proc macro generated code that refers to items from parent modules that should not be in scope:

False Positive for rust-lang/rust#83583

A CHIP-8 & SuperChip interpreter written in Rust using rust-sdl2

If you're getting compile errors it may be because

A CHIP-8 & SuperChip interpreter written in Rust using rust-sdl2

Rust-Svelte-on-Rust

Starter template for Rocket backend server

Rust-Svelte-on-Rust
Facebook Instagram Twitter GitHub Dribbble
Privacy