From 667e3f44b99450fbf9b1d80a8949183ce295fbf8 Mon Sep 17 00:00:00 2001 From: Geoffroy Couprie Date: Sun, 22 Nov 2015 20:01:56 +0100 Subject: [PATCH] Avoid freeing the SSL object when Ssl is dropped --- openssl/src/ssl/mod.rs | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 736e6b4c..e49b28b2 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -305,19 +305,19 @@ extern fn raw_verify_with_data(preverify_ok: c_int, extern fn raw_sni(ssl: *mut ffi::SSL, ad: &mut c_int, arg: *mut c_void) -> c_int { - println!("openssl called raw_sni. ad=={:?}", *ad); unsafe { let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl); let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, SNI_IDX); let callback: Option = mem::transmute(callback); - let mut ssl = Ssl { ssl: ssl }; - println!("openssl got callback"); + let mut s = Ssl { ssl: ssl }; let res = match callback { None => ffi::SSL_TLSEXT_ERR_ALERT_FATAL, - Some(callback) => callback(&mut ssl, ad) + Some(callback) => callback(&mut s, ad) }; - println!("openssl got callback result: {}", res); + + // Allows dropping the Ssl instance without calling SSL_FREE on the SSL object + s.ssl = ptr::null_mut() as *mut ffi::SSL; res } } @@ -329,15 +329,18 @@ extern fn raw_sni_with_data(ssl: *mut ffi::SSL, ad: &mut c_int, arg: *mut c_v let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, SNI_IDX); let callback: Option> = mem::transmute(callback); - let mut ssl = Ssl { ssl: ssl }; + let mut s = Ssl { ssl: ssl }; let data: Box = mem::transmute(arg); let res = match callback { None => ffi::SSL_TLSEXT_ERR_ALERT_FATAL, - Some(callback) => callback(&mut ssl, ad, &*data) + Some(callback) => callback(&mut s, ad, &*data) }; + // Allows dropping the Ssl instance without calling SSL_FREE on the SSL object + s.ssl = ptr::null_mut() as *mut ffi::SSL; + // Since data might be required on the next verification // it is time to forget about it and avoid dropping // data will be freed once OpenSSL considers it is time @@ -541,7 +544,10 @@ impl SslContext { } } - /// Configures the certificate verification method for new connections. + /// Configures the server name indication (SNI) callback for new connections + /// + /// obtain the server name with `get_servername` then set the corresponding context + /// with `set_ssl_context` pub fn set_servername_callback(&mut self, callback: Option) { unsafe { ffi::SSL_CTX_set_ex_data(self.ctx, SNI_IDX, @@ -552,6 +558,8 @@ impl SslContext { } } + /// Configures the server name indication (SNI) callback for new connections + /// carrying supplied data pub fn set_servername_callback_with_data(&mut self, callback: ServerNameCallbackData, data: T) where T: Any + 'static { @@ -969,23 +977,24 @@ impl Ssl { } } - /// Returns the server name for the current connection + /// Returns the server's name for the current connection pub fn get_servername(&self) -> Option { let name = unsafe { ffi::SSL_get_servername(self.ssl, ffi::TLSEXT_NAMETYPE_host_name) }; if name == ptr::null() { return None; } - println!("openssl will return servername"); unsafe { String::from_utf8(CStr::from_ptr(name).to_bytes().to_vec()).ok() } } + /// change the context corresponding to the current connection pub fn set_ssl_context(&self, ctx: &SslContext) -> SslContext { SslContext { ctx: unsafe { ffi::SSL_set_SSL_CTX(self.ssl, ctx.ctx) } } } + /// obtain the context corresponding to the current connection pub fn get_ssl_context(&self) -> SslContext { let ssl_ctx = unsafe { ffi::SSL_get_SSL_CTX(self.ssl) }; SslContext { ctx: ssl_ctx }