min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Avoid freeing the SSL object when Ssl is dropped

This commit is contained in:
Geoffroy Couprie 2015-11-22 20:01:56 +01:00
parent dba3a0ced2
commit 667e3f44b9
1 changed files with 19 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
openssl/src/ssl/mod.rs
View File

@ -305,19 +305,19 @@ extern fn raw_verify_with_data<T>(preverify_ok: c_int,
extern fn raw_sni(ssl: *mut ffi::SSL, ad: &mut c_int, arg: *mut c_void)
-> c_int {
println!("openssl called raw_sni. ad=={:?}", *ad);
unsafe {
let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl);
let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, SNI_IDX);
let callback: Option<ServerNameCallback> = mem::transmute(callback);
let mut ssl = Ssl { ssl: ssl };
println!("openssl got callback");
let mut s = Ssl { ssl: ssl };
let res = match callback {
None => ffi::SSL_TLSEXT_ERR_ALERT_FATAL,
Some(callback) => callback(&mut ssl, ad)
Some(callback) => callback(&mut s, ad)
};
println!("openssl got callback result: {}", res);
// Allows dropping the Ssl instance without calling SSL_FREE on the SSL object
s.ssl = ptr::null_mut() as *mut ffi::SSL;
res
}
}
@ -329,15 +329,18 @@ extern fn raw_sni_with_data<T>(ssl: *mut ffi::SSL, ad: &mut c_int, arg: *mut c_v
let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, SNI_IDX);
let callback: Option<ServerNameCallbackData<T>> = mem::transmute(callback);
let mut ssl = Ssl { ssl: ssl };
let mut s = Ssl { ssl: ssl };
let data: Box<T> = mem::transmute(arg);
let res = match callback {
None => ffi::SSL_TLSEXT_ERR_ALERT_FATAL,
Some(callback) => callback(&mut ssl, ad, &*data)
Some(callback) => callback(&mut s, ad, &*data)
};
// Allows dropping the Ssl instance without calling SSL_FREE on the SSL object
s.ssl = ptr::null_mut() as *mut ffi::SSL;
// Since data might be required on the next verification
// it is time to forget about it and avoid dropping
// data will be freed once OpenSSL considers it is time
@ -541,7 +544,10 @@ impl SslContext {
}
}
/// Configures the certificate verification method for new connections.
/// Configures the server name indication (SNI) callback for new connections
///
/// obtain the server name with `get_servername` then set the corresponding context
/// with `set_ssl_context`
pub fn set_servername_callback(&mut self, callback: Option<ServerNameCallback>) {
unsafe {
ffi::SSL_CTX_set_ex_data(self.ctx, SNI_IDX,
@ -552,6 +558,8 @@ impl SslContext {
}
}
/// Configures the server name indication (SNI) callback for new connections
/// carrying supplied data
pub fn set_servername_callback_with_data<T>(&mut self, callback: ServerNameCallbackData<T>,
data: T)
where T: Any + 'static {
@ -969,23 +977,24 @@ impl Ssl {
}
}
/// Returns the server name for the current connection
/// Returns the server's name for the current connection
pub fn get_servername(&self) -> Option<String> {
let name = unsafe { ffi::SSL_get_servername(self.ssl, ffi::TLSEXT_NAMETYPE_host_name) };
if name == ptr::null() {
return None;
}
println!("openssl will return servername");
unsafe {
String::from_utf8(CStr::from_ptr(name).to_bytes().to_vec()).ok()
}
}
/// change the context corresponding to the current connection
pub fn set_ssl_context(&self, ctx: &SslContext) -> SslContext {
SslContext { ctx: unsafe { ffi::SSL_set_SSL_CTX(self.ssl, ctx.ctx) } }
}
/// obtain the context corresponding to the current connection
pub fn get_ssl_context(&self) -> SslContext {
let ssl_ctx = unsafe { ffi::SSL_get_SSL_CTX(self.ssl) };
SslContext { ctx: ssl_ctx }