min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Support ALPN on libressl 

Closes #690
This commit is contained in:
Steven Fackler 2018-05-20 12:52:49 -07:00
parent 440ede3b54
commit 4c1fdf1d81
4 changed files with 25 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
openssl-sys/src/lib.rs
View File

@ -2614,14 +2614,14 @@ extern "C" {
) -> *mut SSL_SESSION; ) -> *mut SSL_SESSION;
pub fn i2d_SSL_SESSION(s: *mut SSL_SESSION, pp: *mut *mut c_uchar) -> c_int; pub fn i2d_SSL_SESSION(s: *mut SSL_SESSION, pp: *mut *mut c_uchar) -> c_int;
#[cfg(ossl102)] #[cfg(any(ossl102, libressl261))]
pub fn SSL_CTX_set_alpn_protos(s: *mut SSL_CTX, data: *const c_uchar, len: c_uint) -> c_int; pub fn SSL_CTX_set_alpn_protos(s: *mut SSL_CTX, data: *const c_uchar, len: c_uint) -> c_int;
#[cfg(ossl102)] #[cfg(any(ossl102, libressl261))]
pub fn SSL_set_alpn_protos(s: *mut SSL, data: *const c_uchar, len: c_uint) -> c_int; pub fn SSL_set_alpn_protos(s: *mut SSL, data: *const c_uchar, len: c_uint) -> c_int;
// FIXME should take an Option<unsafe extern "C" fn> // FIXME should take an Option<unsafe extern "C" fn>
#[cfg(ossl102)] #[cfg(any(ossl102, libressl261))]
pub fn SSL_CTX_set_alpn_select_cb( pub fn SSL_CTX_set_alpn_select_cb(
ssl: *mut SSL_CTX, ssl: *mut SSL_CTX,
cb: extern "C" fn( cb: extern "C" fn(
@ -2634,7 +2634,7 @@ extern "C" {
) -> c_int, ) -> c_int,
arg: *mut c_void, arg: *mut c_void,
); );
#[cfg(ossl102)] #[cfg(any(ossl102, libressl261))]
pub fn SSL_get0_alpn_selected(s: *const SSL, data: *mut *const c_uchar, len: *mut c_uint); pub fn SSL_get0_alpn_selected(s: *const SSL, data: *mut *const c_uchar, len: *mut c_uint);
pub fn X509_add_ext(x: *mut X509, ext: *mut X509_EXTENSION, loc: c_int) -> c_int; pub fn X509_add_ext(x: *mut X509, ext: *mut X509_EXTENSION, loc: c_int) -> c_int;

9
openssl/src/ssl/callbacks.rs
View File

@ -1,9 +1,12 @@
use ffi; use ffi;
use foreign_types::ForeignType; use foreign_types::ForeignType;
use foreign_types::ForeignTypeRef; use foreign_types::ForeignTypeRef;
#[cfg(not(osslconf = "OPENSSL_NO_PSK"))]
use libc::c_char;
#[cfg(ossl111)] #[cfg(ossl111)]
use libc::size_t; use libc::size_t;
use libc::{c_char, c_int, c_uchar, c_uint, c_void}; use libc::{c_int, c_uchar, c_uint, c_void};
#[cfg(not(osslconf = "OPENSSL_NO_PSK"))]
use std::ffi::CStr; use std::ffi::CStr;
use std::mem; use std::mem;
use std::ptr; use std::ptr;
@ -17,7 +20,7 @@ use dh::Dh;
use ec::EcKey; use ec::EcKey;
use error::ErrorStack; use error::ErrorStack;
use pkey::Params; use pkey::Params;
#[cfg(ossl102)] #[cfg(any(ossl102, libressl261))]
use ssl::AlpnError; use ssl::AlpnError;
#[cfg(ossl111)] #[cfg(ossl111)]
use ssl::ExtensionContext; use ssl::ExtensionContext;
@ -130,7 +133,7 @@ where
} }
} }
#[cfg(any(ossl102, ossl110))] #[cfg(any(ossl102, libressl261))]
pub extern "C" fn raw_alpn_select<F>( pub extern "C" fn raw_alpn_select<F>(
ssl: *mut ffi::SSL, ssl: *mut ffi::SSL,
out: *mut *const c_uchar, out: *mut *const c_uchar,

19
openssl/src/ssl/mod.rs
View File

@ -85,6 +85,7 @@ use error::ErrorStack;
use ex_data::Index; use ex_data::Index;
#[cfg(ossl111)] #[cfg(ossl111)]
use hash::MessageDigest; use hash::MessageDigest;
#[cfg(ossl110)]
use nid::Nid; use nid::Nid;
use pkey::{HasPrivate, PKeyRef, Params, Private}; use pkey::{HasPrivate, PKeyRef, Params, Private};
use ssl::bio::BioMethod; use ssl::bio::BioMethod;
@ -506,12 +507,12 @@ impl SslAlert {
/// An error returned from an ALPN selection callback. /// An error returned from an ALPN selection callback.
/// ///
/// Requires OpenSSL 1.0.2 or newer. /// Requires OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
#[cfg(any(ossl102, ossl110))] #[cfg(any(ossl102, libressl261))]
#[derive(Debug, Copy, Clone, PartialEq, Eq)] #[derive(Debug, Copy, Clone, PartialEq, Eq)]
pub struct AlpnError(c_int); pub struct AlpnError(c_int);
#[cfg(any(ossl102, ossl110))] #[cfg(any(ossl102, libressl261))]
impl AlpnError { impl AlpnError {
/// Terminate the handshake with a fatal alert. /// Terminate the handshake with a fatal alert.
/// ///
@ -1109,10 +1110,10 @@ impl SslContextBuilder {
/// ///
/// This corresponds to [`SSL_CTX_set_alpn_protos`]. /// This corresponds to [`SSL_CTX_set_alpn_protos`].
/// ///
/// Requires OpenSSL 1.0.2 or newer. /// Requires OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
/// ///
/// [`SSL_CTX_set_alpn_protos`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_alpn_protos.html /// [`SSL_CTX_set_alpn_protos`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_alpn_protos.html
#[cfg(any(ossl102, ossl110))] #[cfg(any(ossl102, libressl261))]
pub fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack> { pub fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack> {
unsafe { unsafe {
assert!(protocols.len() <= c_uint::max_value() as usize); assert!(protocols.len() <= c_uint::max_value() as usize);
@ -1140,12 +1141,12 @@ impl SslContextBuilder {
/// ///
/// This corresponds to [`SSL_CTX_set_alpn_select_cb`]. /// This corresponds to [`SSL_CTX_set_alpn_select_cb`].
/// ///
/// Requires OpenSSL 1.0.2 or newer. /// Requires OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
/// ///
/// [`SslContextBuilder::set_alpn_protos`]: struct.SslContextBuilder.html#method.set_alpn_protos /// [`SslContextBuilder::set_alpn_protos`]: struct.SslContextBuilder.html#method.set_alpn_protos
/// [`select_next_proto`]: fn.select_next_proto.html /// [`select_next_proto`]: fn.select_next_proto.html
/// [`SSL_CTX_set_alpn_select_cb`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_alpn_protos.html /// [`SSL_CTX_set_alpn_select_cb`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_alpn_protos.html
#[cfg(any(ossl102, ossl110))] #[cfg(any(ossl102, libressl261))]
pub fn set_alpn_select_callback<F>(&mut self, callback: F) pub fn set_alpn_select_callback<F>(&mut self, callback: F)
where where
F: for<'a> Fn(&mut SslRef, &'a [u8]) -> Result<&'a [u8], AlpnError> + 'static + Sync + Send, F: for<'a> Fn(&mut SslRef, &'a [u8]) -> Result<&'a [u8], AlpnError> + 'static + Sync + Send,
@ -2283,12 +2284,12 @@ impl SslRef {
/// The protocol's name is returned is an opaque sequence of bytes. It is up to the client /// The protocol's name is returned is an opaque sequence of bytes. It is up to the client
/// to interpret it. /// to interpret it.
/// ///
/// Requires OpenSSL 1.0.2 or newer. /// Requires OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
/// ///
/// This corresponds to [`SSL_get0_alpn_selected`]. /// This corresponds to [`SSL_get0_alpn_selected`].
/// ///
/// [`SSL_get0_alpn_selected`]: https://www.openssl.org/docs/manmaster/man3/SSL_get0_next_proto_negotiated.html /// [`SSL_get0_alpn_selected`]: https://www.openssl.org/docs/manmaster/man3/SSL_get0_next_proto_negotiated.html
#[cfg(any(ossl102, ossl110))] #[cfg(any(ossl102, libressl261))]
pub fn selected_alpn_protocol(&self) -> Option<&[u8]> { pub fn selected_alpn_protocol(&self) -> Option<&[u8]> {
unsafe { unsafe {
let mut data: *const c_uchar = ptr::null(); let mut data: *const c_uchar = ptr::null();

10
openssl/src/ssl/test.rs
View File

@ -481,7 +481,7 @@ fn test_state() {
/// Tests that connecting with the client using ALPN, but the server not does not /// Tests that connecting with the client using ALPN, but the server not does not
/// break the existing connection behavior. /// break the existing connection behavior.
#[test] #[test]
#[cfg(any(ossl102, ossl110))] #[cfg(any(ossl102, libressl261))]
fn test_connect_with_unilateral_alpn() { fn test_connect_with_unilateral_alpn() {
let (_s, stream) = Server::new(); let (_s, stream) = Server::new();
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
@ -503,7 +503,7 @@ fn test_connect_with_unilateral_alpn() {
/// Tests that when both the client as well as the server use ALPN and their /// Tests that when both the client as well as the server use ALPN and their
/// lists of supported protocols have an overlap, the correct protocol is chosen. /// lists of supported protocols have an overlap, the correct protocol is chosen.
#[test] #[test]
#[cfg(any(ossl102, ossl110))] #[cfg(any(ossl102, libressl261))]
fn test_connect_with_alpn_successful_multiple_matching() { fn test_connect_with_alpn_successful_multiple_matching() {
let (_s, stream) = Server::new_alpn(); let (_s, stream) = Server::new_alpn();
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
@ -526,7 +526,7 @@ fn test_connect_with_alpn_successful_multiple_matching() {
/// lists of supported protocols have an overlap -- with only ONE protocol /// lists of supported protocols have an overlap -- with only ONE protocol
/// being valid for both. /// being valid for both.
#[test] #[test]
#[cfg(any(ossl102, ossl110))] #[cfg(any(ossl102, libressl261))]
fn test_connect_with_alpn_successful_single_match() { fn test_connect_with_alpn_successful_single_match() {
let (_s, stream) = Server::new_alpn(); let (_s, stream) = Server::new_alpn();
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
@ -548,7 +548,7 @@ fn test_connect_with_alpn_successful_single_match() {
/// Tests that when the `SslStream` is created as a server stream, the protocols /// Tests that when the `SslStream` is created as a server stream, the protocols
/// are correctly advertised to the client. /// are correctly advertised to the client.
#[test] #[test]
#[cfg(any(ossl102, ossl110))] #[cfg(any(ossl102, libressl261))]
fn test_alpn_server_advertise_multiple() { fn test_alpn_server_advertise_multiple() {
let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let listener = TcpListener::bind("127.0.0.1:0").unwrap();
let localhost = listener.local_addr().unwrap(); let localhost = listener.local_addr().unwrap();
@ -624,7 +624,7 @@ fn test_alpn_server_select_none_fatal() {
} }
#[test] #[test]
#[cfg(any(ossl102, ossl110))] #[cfg(any(ossl102, libressl261))]
fn test_alpn_server_select_none() { fn test_alpn_server_select_none() {
let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let listener = TcpListener::bind("127.0.0.1:0").unwrap();
let localhost = listener.local_addr().unwrap(); let localhost = listener.local_addr().unwrap();