Skip to content

Fix verify_mode() panic on unmodeled verify mode bits#2651

Merged
alex merged 2 commits into
rust-openssl:masterfrom
alex:claude/jolly-gates-2takP
Jun 8, 2026
Merged

Fix verify_mode() panic on unmodeled verify mode bits#2651
alex merged 2 commits into
rust-openssl:masterfrom
alex:claude/jolly-gates-2takP

Conversation

@alex

@alex alex commented Jun 8, 2026

Copy link
Copy Markdown
Collaborator

SslContextRef::verify_mode() and SslRef::verify_mode() used from_bits(...).expect(...), which panics if OpenSSL returns verify mode bits not modeled by SslVerifyMode — e.g. SSL_VERIFY_CLIENT_ONCE (0x4) or SSL_VERIFY_POST_HANDSHAKE (0x8), both of which OpenSSL happily accepts via set_verify.

  • Add SSL_VERIFY_CLIENT_ONCE and SSL_VERIFY_POST_HANDSHAKE to openssl-sys, and corresponding SslVerifyMode::CLIENT_ONCE / POST_HANDSHAKE flags.
  • Switch the getters to from_bits_retain so unknown bits are preserved rather than panicking.

https://claude.ai/code/session_01SpKgNpVDkf7ihjxpZYZ4o3

claude added 2 commits June 7, 2026 23:54
@claude
Fix verify_mode() panic on unmodeled verify mode bits
cb885a0 
SslContextRef::verify_mode() and SslRef::verify_mode() used
from_bits(...).expect(...), which panics if OpenSSL returns verify mode
bits not modeled by SslVerifyMode — e.g. SSL_VERIFY_CLIENT_ONCE (0x4) or
SSL_VERIFY_POST_HANDSHAKE (0x8), both of which OpenSSL happily accepts
via set_verify.

- Add SSL_VERIFY_CLIENT_ONCE and SSL_VERIFY_POST_HANDSHAKE to
  openssl-sys, and corresponding SslVerifyMode::CLIENT_ONCE /
  POST_HANDSHAKE flags.
- Switch the getters to from_bits_retain so unknown bits are preserved
  rather than panicking.

https://claude.ai/code/session_01SpKgNpVDkf7ihjxpZYZ4o3
@claude
Fix unused_mut warning in verify_mode test on BoringSSL/AWS-LC
a04a3bd 
On BoringSSL and AWS-LC both cfg-gated flag additions compile out,
leaving `mode` unmutated, which fails CI under -Dwarnings.
@alex alex merged commit d059c43 into rust-openssl:master Jun 8, 2026
87 checks passed
@alex alex deleted the claude/jolly-gates-2takP branch June 8, 2026 02:42
@reaperhulk reaperhulk mentioned this pull request Jun 12, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@botovq botovq botovq approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@alex @botovq @claude