min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Expose set_permute_extensions

This commit is contained in:
Yury Yarashevich 2024-07-09 23:53:27 +02:00 committed by Rushil Mehra
parent 4725a930d5
commit 31665926c9
1 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
boring/src/ssl/mod.rs
View File

@ -1846,6 +1846,20 @@ impl SslContextBuilder {
unsafe { ffi::SSL_CTX_set_grease_enabled(self.as_ptr(), enabled as _) } unsafe { ffi::SSL_CTX_set_grease_enabled(self.as_ptr(), enabled as _) }
} }
/// Configures whether ClientHello extensions should be permuted.
///
/// This corresponds to [`SSL_CTX_set_permute_extensions`].
///
/// [`SSL_CTX_set_permute_extensions`]: https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#SSL_CTX_set_permute_extensions
///
/// Note: This is gated to non-fips because the fips feature builds with a separate
/// version of BoringSSL which doesn't yet include these APIs.
/// Once the submoduled fips commit is upgraded, these gates can be removed.
#[cfg(not(feature = "fips"))]
pub fn set_permute_extensions(&mut self, enabled: bool) {
unsafe { ffi::SSL_CTX_set_permute_extensions(self.as_ptr(), enabled as _) }
}
/// Sets the context's supported signature verification algorithms. /// Sets the context's supported signature verification algorithms.
/// ///
/// This corresponds to [`SSL_CTX_set_verify_algorithm_prefs`] /// This corresponds to [`SSL_CTX_set_verify_algorithm_prefs`]
@ -2944,6 +2958,20 @@ impl SslRef {
unsafe { cvt(ffi::SSL_set_tmp_ecdh(self.as_ptr(), key.as_ptr()) as c_int).map(|_| ()) } unsafe { cvt(ffi::SSL_set_tmp_ecdh(self.as_ptr(), key.as_ptr()) as c_int).map(|_| ()) }
} }
/// Configures whether ClientHello extensions should be permuted.
///
/// This corresponds to [`SSL_set_permute_extensions`].
///
/// [`SSL_set_permute_extensions`]: https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#SSL_set_permute_extensions
///
/// Note: This is gated to non-fips because the fips feature builds with a separate
/// version of BoringSSL which doesn't yet include these APIs.
/// Once the submoduled fips commit is upgraded, these gates can be removed.
#[cfg(not(feature = "fips"))]
pub fn set_permute_extensions(&mut self, enabled: bool) {
unsafe { ffi::SSL_set_permute_extensions(self.as_ptr(), enabled as _) }
}
/// Like [`SslContextBuilder::set_alpn_protos`]. /// Like [`SslContextBuilder::set_alpn_protos`].
/// ///
/// This corresponds to [`SSL_set_alpn_protos`]. /// This corresponds to [`SSL_set_alpn_protos`].