min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Expose SSL_set_enable_ech_grease

This commit is contained in:
Rushil Mehra 2025-02-12 09:18:17 -08:00 committed by Kornel
parent 24003a04e8
commit 05270fa100
2 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
boring/src/ssl/mod.rs
View File

@ -3708,6 +3708,17 @@ impl SslRef {
pub fn ech_accepted(&self) -> bool { pub fn ech_accepted(&self) -> bool {
unsafe { ffi::SSL_ech_accepted(self.as_ptr()) != 0 } unsafe { ffi::SSL_ech_accepted(self.as_ptr()) != 0 }
} }
// Whether or not to enable ECH grease on `SSL`.
#[cfg(not(feature = "fips"))]
#[corresponds(SSL_set_enable_ech_grease)]
pub fn set_enable_ech_grease(&self, enable: bool) {
let enable = if enable { 1 } else { 0 };
unsafe {
ffi::SSL_set_enable_ech_grease(self.as_ptr(), enable);
}
}
} }
/// An SSL stream midway through the handshake process. /// An SSL stream midway through the handshake process.

12
boring/src/ssl/test/ech.rs
View File

@ -58,3 +58,15 @@ fn ech_rejection() {
assert!(failed_ssl_stream.ssl().get_ech_retry_configs().is_some()); assert!(failed_ssl_stream.ssl().get_ech_retry_configs().is_some());
assert!(!failed_ssl_stream.ssl().ech_accepted()) assert!(!failed_ssl_stream.ssl().ech_accepted())
} }
#[test]
fn ech_grease() {
let server = Server::builder().build();
let mut client = server.client_with_root_ca().build().builder();
// Verified with a pcap locally that the ECH extension gets sent due to GREASE
client.ssl().set_enable_ech_grease(true);
let ssl_stream = client.connect();
assert!(!ssl_stream.ssl().ech_accepted())
}