From 38f4705b1dd1b0851944ee799e11c6011dc7b807 Mon Sep 17 00:00:00 2001 From: Benjamin Saunders Date: Sun, 4 Mar 2018 22:04:41 -0800 Subject: [PATCH 1/3] FFI for OpenSSL 1.1.1 custom extension support --- openssl-sys/src/lib.rs | 6 +++++ openssl-sys/src/ossl10x.rs | 3 +++ openssl-sys/src/ossl110.rs | 1 + openssl-sys/src/ossl111.rs | 54 +++++++++++++++++++++++++++++++++++++- systest/build.rs | 2 +- 5 files changed, 64 insertions(+), 2 deletions(-) diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 77f69188..d0697435 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -1203,6 +1203,12 @@ pub const RSA_X931_PADDING: c_int = 5; pub const SHA_LBLOCK: c_int = 16; +pub const SSL3_AD_ILLEGAL_PARAMETER: c_int = 47; +pub const SSL_AD_ILLEGAL_PARAMETER: c_int = SSL3_AD_ILLEGAL_PARAMETER; + +pub const TLS1_AD_DECODE_ERROR: c_int = 50; +pub const SSL_AD_DECODE_ERROR: c_int = TLS1_AD_DECODE_ERROR; + pub const TLS1_AD_UNRECOGNIZED_NAME: c_int = 112; pub const SSL_AD_UNRECOGNIZED_NAME: c_int = TLS1_AD_UNRECOGNIZED_NAME; diff --git a/openssl-sys/src/ossl10x.rs b/openssl-sys/src/ossl10x.rs index f8ff7193..87024ac4 100644 --- a/openssl-sys/src/ossl10x.rs +++ b/openssl-sys/src/ossl10x.rs @@ -969,4 +969,7 @@ extern "C" { pub fn SSLeay() -> c_ulong; pub fn SSLeay_version(key: c_int) -> *const c_char; + + #[cfg(ossl102)] + pub fn SSL_extension_supported(ext_type: c_uint) -> c_int; } diff --git a/openssl-sys/src/ossl110.rs b/openssl-sys/src/ossl110.rs index b02c296d..1ab30772 100644 --- a/openssl-sys/src/ossl110.rs +++ b/openssl-sys/src/ossl110.rs @@ -363,4 +363,5 @@ extern "C" { ) -> *mut PKCS12; pub fn X509_REQ_get_version(req: *const X509_REQ) -> c_long; pub fn X509_REQ_get_subject_name(req: *const X509_REQ) -> *mut ::X509_NAME; + pub fn SSL_extension_supported(ext_type: c_uint) -> c_int; } diff --git a/openssl-sys/src/ossl111.rs b/openssl-sys/src/ossl111.rs index 27bc4b54..cca06fda 100644 --- a/openssl-sys/src/ossl111.rs +++ b/openssl-sys/src/ossl111.rs @@ -1,15 +1,67 @@ -use libc::{c_char, c_int, c_ulong}; +use libc::{c_char, c_uchar, c_int, c_uint, c_ulong, size_t, c_void}; pub type SSL_CTX_keylog_cb_func = Option; +pub type SSL_custom_ext_add_cb_ex = + Option c_int>; + +pub type SSL_custom_ext_free_cb_ex = + Option; + +pub type SSL_custom_ext_parse_cb_ex = + Option c_int>; + pub const SSL_COOKIE_LENGTH: c_int = 255; pub const SSL_OP_ENABLE_MIDDLEBOX_COMPAT: c_ulong = 0x00100000; pub const TLS1_3_VERSION: c_int = 0x304; +pub const SSL_EXT_TLS_ONLY: c_uint = 0x0001; +/* This extension is only allowed in DTLS */ +pub const SSL_EXT_DTLS_ONLY: c_uint = 0x0002; +/* Some extensions may be allowed in DTLS but we don't implement them for it */ +pub const SSL_EXT_TLS_IMPLEMENTATION_ONLY: c_uint = 0x0004; +/* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */ +pub const SSL_EXT_SSL3_ALLOWED: c_uint = 0x0008; +/* Extension is only defined for TLS1.2 and below */ +pub const SSL_EXT_TLS1_2_AND_BELOW_ONLY: c_uint = 0x0010; +/* Extension is only defined for TLS1.3 and above */ +pub const SSL_EXT_TLS1_3_ONLY: c_uint = 0x0020; +/* Ignore this extension during parsing if we are resuming */ +pub const SSL_EXT_IGNORE_ON_RESUMPTION: c_uint = 0x0040; +pub const SSL_EXT_CLIENT_HELLO: c_uint = 0x0080; +/* Really means TLS1.2 or below */ +pub const SSL_EXT_TLS1_2_SERVER_HELLO: c_uint = 0x0100; +pub const SSL_EXT_TLS1_3_SERVER_HELLO: c_uint = 0x0200; +pub const SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS: c_uint = 0x0400; +pub const SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST: c_uint = 0x0800; +pub const SSL_EXT_TLS1_3_CERTIFICATE: c_uint = 0x1000; +pub const SSL_EXT_TLS1_3_NEW_SESSION_TICKET: c_uint = 0x2000; +pub const SSL_EXT_TLS1_3_CERTIFICATE_REQUEST: c_uint = 0x4000; + + extern "C" { pub fn SSL_CTX_set_keylog_callback(ctx: *mut ::SSL_CTX, cb: SSL_CTX_keylog_cb_func); + pub fn SSL_CTX_add_custom_ext(ctx: *mut ::SSL_CTX, ext_type: c_uint, context: c_uint, + add_cb: SSL_custom_ext_add_cb_ex, + free_cb: SSL_custom_ext_free_cb_ex, + add_arg: *mut c_void, + parse_cb: SSL_custom_ext_parse_cb_ex, + parse_arg: *mut c_void) -> c_int; pub fn SSL_stateless(s: *mut ::SSL) -> c_int; } diff --git a/systest/build.rs b/systest/build.rs index 76d0a950..a3aa3386 100644 --- a/systest/build.rs +++ b/systest/build.rs @@ -109,7 +109,7 @@ fn main() { cfg.skip_signededness(|s| { s.ends_with("_cb") || s.ends_with("_CB") || s.ends_with("_cb_fn") || s.starts_with("CRYPTO_") || s == "PasswordCallback" - || s.ends_with("_cb_func") + || s.ends_with("_cb_func") || s.ends_with("_cb_ex") }); cfg.field_name(|_s, field| { if field == "type_" { From b0bc1c770e74eff45ae71e2c30e4a6f5fbaae600 Mon Sep 17 00:00:00 2001 From: Benjamin Saunders Date: Mon, 5 Mar 2018 01:27:36 -0800 Subject: [PATCH 2/3] High-level API for OpenSSL 1.1.1 custom extension support --- openssl/src/ssl/callbacks.rs | 93 ++++++++++++++++++++++++++++++++++++ openssl/src/ssl/mod.rs | 76 +++++++++++++++++++++++++++++ openssl/src/ssl/test.rs | 38 +++++++++++++++ 3 files changed, 207 insertions(+) diff --git a/openssl/src/ssl/callbacks.rs b/openssl/src/ssl/callbacks.rs index 60d40fc7..ca257e13 100644 --- a/openssl/src/ssl/callbacks.rs +++ b/openssl/src/ssl/callbacks.rs @@ -1,5 +1,9 @@ use ffi; use libc::{c_char, c_int, c_uchar, c_uint, c_void}; +#[cfg(all(feature = "v111", ossl111))] +use libc::size_t; +#[cfg(all(feature = "v111", ossl111))] +use std::borrow::Cow; use std::ffi::CStr; use std::ptr; use std::slice; @@ -20,6 +24,10 @@ use ssl::{get_callback_idx, get_ssl_callback_idx, SniError, SslAlert, SslContext all(feature = "v111", ossl111)))] use ssl::AlpnError; use x509::X509StoreContextRef; +#[cfg(all(feature = "v111", ossl111))] +use ssl::ExtensionContext; +#[cfg(all(feature = "v111", ossl111))] +use x509::X509Ref; pub extern "C" fn raw_verify(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX) -> c_int where @@ -416,3 +424,88 @@ where callback(ssl, slice) as c_int } } + +#[cfg(all(feature = "v111", ossl111))] +pub struct CustomExtAddState(Option>); + +#[cfg(all(feature = "v111", ossl111))] +pub extern "C" fn raw_custom_ext_add(ssl: *mut ffi::SSL, _: c_uint, + context: c_uint, + out: *mut *const c_uchar, + outlen: *mut size_t, x: *mut ffi::X509, + chainidx: size_t, al: *mut c_int, + _: *mut c_void) + -> c_int + where F: Fn(&mut SslRef, ExtensionContext, Option<(usize, &X509Ref)>) -> Result>, SslAlert> + 'static +{ + unsafe { + let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl as *const _); + let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::()); + let callback = &*(callback as *mut F); + let ssl = SslRef::from_ptr_mut(ssl); + let ectx = ExtensionContext::from_bits_truncate(context); + let cert = if ectx.contains(ExtensionContext::TLS1_3_CERTIFICATE) { Some((chainidx, X509Ref::from_ptr(x))) } else { None }; + match (callback)(ssl, ectx, cert) { + Ok(None) => 0, + Ok(Some(buf)) => { + *outlen = buf.len() as size_t; + *out = buf.as_ptr(); + + let idx = get_ssl_callback_idx::(); + let ptr = ffi::SSL_get_ex_data(ssl.as_ptr(), idx); + if ptr.is_null() { + let x = Box::into_raw(Box::::new(CustomExtAddState(Some(buf)))) as *mut c_void; + ffi::SSL_set_ex_data(ssl.as_ptr(), idx, x); + } else { + *(ptr as *mut _) = CustomExtAddState(Some(buf)) + } + 1 + } + Err(alert) => { + *al = alert.0; + -1 + } + } + } +} + +#[cfg(all(feature = "v111", ossl111))] +pub extern "C" fn raw_custom_ext_free(ssl: *mut ffi::SSL, _: c_uint, + _: c_uint, + _: *mut *const c_uchar, + _: *mut c_void) +{ + unsafe { + let state = ffi::SSL_get_ex_data(ssl, get_ssl_callback_idx::()); + let state = &mut (*(state as *mut CustomExtAddState)).0; + state.take(); + } +} + +#[cfg(all(feature = "v111", ossl111))] +pub extern "C" fn raw_custom_ext_parse(ssl: *mut ffi::SSL, _: c_uint, + context: c_uint, + input: *const c_uchar, + inlen: size_t, x: *mut ffi::X509, + chainidx: size_t, al: *mut c_int, + _: *mut c_void) + -> c_int + where F: FnMut(&mut SslRef, ExtensionContext, &[u8], Option<(usize, &X509Ref)>) -> Result<(), SslAlert> + 'static +{ + unsafe { + let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl as *const _); + let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::()); + let ssl = SslRef::from_ptr_mut(ssl); + let callback = &mut *(callback as *mut F); + let ectx = ExtensionContext::from_bits_truncate(context); + let slice = slice::from_raw_parts(input as *const u8, inlen as usize); + let cert = if ectx.contains(ExtensionContext::TLS1_3_CERTIFICATE) { Some((chainidx, X509Ref::from_ptr(x))) } else { None }; + match callback(ssl, ectx, slice, cert) { + Ok(()) => 1, + Err(alert) => { + *al = alert.0; + 0 + } + } + } +} diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 5431df13..402fa1ce 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -61,6 +61,8 @@ use ffi; use foreign_types::{ForeignType, ForeignTypeRef, Opaque}; use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void}; use std::any::TypeId; +#[cfg(all(feature = "v111", ossl111))] +use std::borrow::Cow; use std::cmp; use std::collections::HashMap; use std::ffi::{CStr, CString}; @@ -363,6 +365,36 @@ bitflags! { } } +#[cfg(all(feature = "v111", ossl111))] +bitflags! { + /// Which messages and under which conditions an extension should be added or expected. + pub struct ExtensionContext: c_uint { + /// This extension is only allowed in TLS + const TLS_ONLY = ffi::SSL_EXT_TLS_ONLY; + /// This extension is only allowed in DTLS + const DTLS_ONLY = ffi::SSL_EXT_DTLS_ONLY; + /// Some extensions may be allowed in DTLS but we don't implement them for it + const TLS_IMPLEMENTATION_ONLY = ffi::SSL_EXT_TLS_IMPLEMENTATION_ONLY; + /// Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is + const SSL3_ALLOWED = ffi::SSL_EXT_SSL3_ALLOWED; + /// Extension is only defined for TLS1.2 and below + const TLS1_2_AND_BELOW_ONLY = ffi::SSL_EXT_TLS1_2_AND_BELOW_ONLY; + /// Extension is only defined for TLS1.3 and above + const TLS1_3_ONLY = ffi::SSL_EXT_TLS1_3_ONLY; + /// Ignore this extension during parsing if we are resuming + const IGNORE_ON_RESUMPTION = ffi::SSL_EXT_IGNORE_ON_RESUMPTION; + const CLIENT_HELLO = ffi::SSL_EXT_CLIENT_HELLO; + /// Really means TLS1.2 or below + const TLS1_2_SERVER_HELLO = ffi::SSL_EXT_TLS1_2_SERVER_HELLO; + const TLS1_3_SERVER_HELLO = ffi::SSL_EXT_TLS1_3_SERVER_HELLO; + const TLS1_3_ENCRYPTED_EXTENSIONS = ffi::SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS; + const TLS1_3_HELLO_RETRY_REQUEST = ffi::SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST; + const TLS1_3_CERTIFICATE = ffi::SSL_EXT_TLS1_3_CERTIFICATE; + const TLS1_3_NEW_SESSION_TICKET = ffi::SSL_EXT_TLS1_3_NEW_SESSION_TICKET; + const TLS1_3_CERTIFICATE_REQUEST = ffi::SSL_EXT_TLS1_3_CERTIFICATE_REQUEST; + } +} + /// An identifier of the format of a certificate or key file. #[derive(Copy, Clone)] pub struct SslFiletype(c_int); @@ -501,6 +533,8 @@ pub struct SslAlert(c_int); impl SslAlert { /// Alert 112 - `unrecognized_name`. pub const UNRECOGNIZED_NAME: SslAlert = SslAlert(ffi::SSL_AD_UNRECOGNIZED_NAME); + pub const ILLEGAL_PARAMETER: SslAlert = SslAlert(ffi::SSL_AD_ILLEGAL_PARAMETER); + pub const DECODE_ERROR: SslAlert = SslAlert(ffi::SSL_AD_DECODE_ERROR); } /// An error returned from an ALPN selection callback. @@ -1471,6 +1505,48 @@ impl SslContextBuilder { } } + /// Adds a custom extension for a TLS/DTLS client or server for all supported protocol versions. + /// + /// This corresponds to [`SSL_CTX_add_custom_ext`]. + /// + /// [`SSL_CTX_add_custom_ext`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_add_custom_ext.html + #[cfg(all(feature = "v111", ossl111))] + pub fn add_custom_ext(&mut self, ext_type: u16, context: ExtensionContext, add_cb: AddFn, parse_cb: ParseFn) + -> Result<(), ErrorStack> + where AddFn: Fn(&mut SslRef, ExtensionContext, Option<(usize, &X509Ref)>) + -> Result>, SslAlert> + 'static + Sync + Send, + ParseFn: Fn(&mut SslRef, ExtensionContext, &[u8], Option<(usize, &X509Ref)>) + -> Result<(), SslAlert> + 'static + Sync + Send, + { + let ret = unsafe { + let add_cb = Box::new(add_cb); + ffi::SSL_CTX_set_ex_data( + self.as_ptr(), + get_callback_idx::(), + Box::into_raw(add_cb) as *mut _ + ); + + let parse_cb = Box::new(parse_cb); + ffi::SSL_CTX_set_ex_data( + self.as_ptr(), + get_callback_idx::(), + Box::into_raw(parse_cb) as *mut _, + ); + + ffi::SSL_CTX_add_custom_ext(self.as_ptr(), ext_type as c_uint, context.bits(), + Some(raw_custom_ext_add::), + Some(raw_custom_ext_free), + ptr::null_mut(), + Some(raw_custom_ext_parse::), + ptr::null_mut()) + }; + if ret == 1 { + Ok(()) + } else { + Err(ErrorStack::get()) + } + } + /// Consumes the builder, returning a new `SslContext`. pub fn build(self) -> SslContext { self.0 diff --git a/openssl/src/ssl/test.rs b/openssl/src/ssl/test.rs index ae8c12de..3f1e8476 100644 --- a/openssl/src/ssl/test.rs +++ b/openssl/src/ssl/test.rs @@ -1353,6 +1353,44 @@ fn no_version_overlap() { guard.join().unwrap(); } +#[test] +#[cfg(all(feature = "v111", ossl111))] +fn custom_extensions() { + static FOUND_EXTENSION: AtomicBool = ATOMIC_BOOL_INIT; + + let listener = TcpListener::bind("127.0.0.1:0").unwrap(); + let addr = listener.local_addr().unwrap(); + + let guard = thread::spawn(move || { + let stream = listener.accept().unwrap().0; + let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); + ctx.set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM) + .unwrap(); + ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM) + .unwrap(); + ctx.add_custom_ext( + 12345, ssl::ExtensionContext::CLIENT_HELLO, + |_, _, _| unreachable!(), + |_, _, data, _| { FOUND_EXTENSION.store(data == b"hello", Ordering::SeqCst); Ok(()) } + ).unwrap(); + let ssl = Ssl::new(&ctx.build()).unwrap(); + ssl.accept(stream).unwrap(); + }); + + let stream = TcpStream::connect(addr).unwrap(); + let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); + ctx.add_custom_ext( + 12345, ssl::ExtensionContext::CLIENT_HELLO, + |_, _, _| Ok(Some(b"hello"[..].into())), + |_, _, _, _| unreachable!() + ).unwrap(); + let ssl = Ssl::new(&ctx.build()).unwrap(); + ssl.connect(stream).unwrap(); + + guard.join().unwrap(); + assert!(FOUND_EXTENSION.load(Ordering::SeqCst)); +} + fn _check_kinds() { fn is_send() {} fn is_sync() {} From e02dbde2f71a3406169c58e03a6cc8b90928945f Mon Sep 17 00:00:00 2001 From: Benjamin Saunders Date: Sat, 10 Mar 2018 22:30:54 -0800 Subject: [PATCH 3/3] Generic custom extension add fn return type --- openssl/src/ssl/callbacks.rs | 42 ++++++++++++++++++------------------ openssl/src/ssl/mod.rs | 14 ++++++------ openssl/src/ssl/test.rs | 4 ++-- 3 files changed, 30 insertions(+), 30 deletions(-) diff --git a/openssl/src/ssl/callbacks.rs b/openssl/src/ssl/callbacks.rs index ca257e13..0531274c 100644 --- a/openssl/src/ssl/callbacks.rs +++ b/openssl/src/ssl/callbacks.rs @@ -2,8 +2,6 @@ use ffi; use libc::{c_char, c_int, c_uchar, c_uint, c_void}; #[cfg(all(feature = "v111", ossl111))] use libc::size_t; -#[cfg(all(feature = "v111", ossl111))] -use std::borrow::Cow; use std::ffi::CStr; use std::ptr; use std::slice; @@ -426,17 +424,18 @@ where } #[cfg(all(feature = "v111", ossl111))] -pub struct CustomExtAddState(Option>); +pub struct CustomExtAddState(Option); #[cfg(all(feature = "v111", ossl111))] -pub extern "C" fn raw_custom_ext_add(ssl: *mut ffi::SSL, _: c_uint, - context: c_uint, - out: *mut *const c_uchar, - outlen: *mut size_t, x: *mut ffi::X509, - chainidx: size_t, al: *mut c_int, - _: *mut c_void) - -> c_int - where F: Fn(&mut SslRef, ExtensionContext, Option<(usize, &X509Ref)>) -> Result>, SslAlert> + 'static +pub extern "C" fn raw_custom_ext_add(ssl: *mut ffi::SSL, _: c_uint, + context: c_uint, + out: *mut *const c_uchar, + outlen: *mut size_t, x: *mut ffi::X509, + chainidx: size_t, al: *mut c_int, + _: *mut c_void) + -> c_int + where F: Fn(&mut SslRef, ExtensionContext, Option<(usize, &X509Ref)>) -> Result, SslAlert> + 'static, + T: AsRef<[u8]> + 'static, { unsafe { let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl as *const _); @@ -448,13 +447,13 @@ pub extern "C" fn raw_custom_ext_add(ssl: *mut ffi::SSL, _: c_uint, match (callback)(ssl, ectx, cert) { Ok(None) => 0, Ok(Some(buf)) => { - *outlen = buf.len() as size_t; - *out = buf.as_ptr(); + *outlen = buf.as_ref().len() as size_t; + *out = buf.as_ref().as_ptr(); - let idx = get_ssl_callback_idx::(); + let idx = get_ssl_callback_idx::>(); let ptr = ffi::SSL_get_ex_data(ssl.as_ptr(), idx); if ptr.is_null() { - let x = Box::into_raw(Box::::new(CustomExtAddState(Some(buf)))) as *mut c_void; + let x = Box::into_raw(Box::>::new(CustomExtAddState(Some(buf)))) as *mut c_void; ffi::SSL_set_ex_data(ssl.as_ptr(), idx, x); } else { *(ptr as *mut _) = CustomExtAddState(Some(buf)) @@ -470,14 +469,15 @@ pub extern "C" fn raw_custom_ext_add(ssl: *mut ffi::SSL, _: c_uint, } #[cfg(all(feature = "v111", ossl111))] -pub extern "C" fn raw_custom_ext_free(ssl: *mut ffi::SSL, _: c_uint, - _: c_uint, - _: *mut *const c_uchar, - _: *mut c_void) +pub extern "C" fn raw_custom_ext_free(ssl: *mut ffi::SSL, _: c_uint, + _: c_uint, + _: *mut *const c_uchar, + _: *mut c_void) + where T: 'static { unsafe { - let state = ffi::SSL_get_ex_data(ssl, get_ssl_callback_idx::()); - let state = &mut (*(state as *mut CustomExtAddState)).0; + let state = ffi::SSL_get_ex_data(ssl, get_ssl_callback_idx::>()); + let state = &mut (*(state as *mut CustomExtAddState)).0; state.take(); } } diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 402fa1ce..6a140c14 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -61,8 +61,6 @@ use ffi; use foreign_types::{ForeignType, ForeignTypeRef, Opaque}; use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void}; use std::any::TypeId; -#[cfg(all(feature = "v111", ossl111))] -use std::borrow::Cow; use std::cmp; use std::collections::HashMap; use std::ffi::{CStr, CString}; @@ -1511,10 +1509,12 @@ impl SslContextBuilder { /// /// [`SSL_CTX_add_custom_ext`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_add_custom_ext.html #[cfg(all(feature = "v111", ossl111))] - pub fn add_custom_ext(&mut self, ext_type: u16, context: ExtensionContext, add_cb: AddFn, parse_cb: ParseFn) - -> Result<(), ErrorStack> + pub fn add_custom_ext( + &mut self, ext_type: u16, context: ExtensionContext, add_cb: AddFn, parse_cb: ParseFn + ) -> Result<(), ErrorStack> where AddFn: Fn(&mut SslRef, ExtensionContext, Option<(usize, &X509Ref)>) - -> Result>, SslAlert> + 'static + Sync + Send, + -> Result, SslAlert> + 'static + Sync + Send, + T: AsRef<[u8]> + 'static, ParseFn: Fn(&mut SslRef, ExtensionContext, &[u8], Option<(usize, &X509Ref)>) -> Result<(), SslAlert> + 'static + Sync + Send, { @@ -1534,8 +1534,8 @@ impl SslContextBuilder { ); ffi::SSL_CTX_add_custom_ext(self.as_ptr(), ext_type as c_uint, context.bits(), - Some(raw_custom_ext_add::), - Some(raw_custom_ext_free), + Some(raw_custom_ext_add::), + Some(raw_custom_ext_free::), ptr::null_mut(), Some(raw_custom_ext_parse::), ptr::null_mut()) diff --git a/openssl/src/ssl/test.rs b/openssl/src/ssl/test.rs index 3f1e8476..8be3e4d6 100644 --- a/openssl/src/ssl/test.rs +++ b/openssl/src/ssl/test.rs @@ -1370,7 +1370,7 @@ fn custom_extensions() { .unwrap(); ctx.add_custom_ext( 12345, ssl::ExtensionContext::CLIENT_HELLO, - |_, _, _| unreachable!(), + |_, _, _| -> Result, _> { unreachable!() }, |_, _, data, _| { FOUND_EXTENSION.store(data == b"hello", Ordering::SeqCst); Ok(()) } ).unwrap(); let ssl = Ssl::new(&ctx.build()).unwrap(); @@ -1381,7 +1381,7 @@ fn custom_extensions() { let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); ctx.add_custom_ext( 12345, ssl::ExtensionContext::CLIENT_HELLO, - |_, _, _| Ok(Some(b"hello"[..].into())), + |_, _, _| Ok(Some(b"hello")), |_, _, _, _| unreachable!() ).unwrap(); let ssl = Ssl::new(&ctx.build()).unwrap();