bc4e47a321
Fix lookup errors with SNI callback.
...
The job of an SNI callback is typically to swap out the context
associated with an SSL depending on the domain the client is trying to
talk to. Typically, only the callbacks associated with the current
context are used, but this is not the case for the SNI callback.
If SNI is run for a second time on a connection (i.e. in a
renegotiation) and the context was replaced with one that didn't itself
register an SNI callback, the old callback would run but wouldn't be
able to find its state in the context's ex data. To work around this, we
pass the pointer to the callback data directly to the callback to make
sure it's always available. It still lives in ex data to handle the
lifetime management.
Closes #979
2018-08-31 20:23:55 -07:00
2df87cfd59
Fix doc reference
2018-08-19 20:19:10 -07:00
ef7721092d
SRTP cleanup
2018-08-19 18:50:11 -07:00
59c578cf04
Add methods for DTLS/SRTP key handshake
2018-08-14 16:04:33 +02:00
1396143c66
Add get_shutdown and set_shutdown
2018-08-08 13:19:55 -07:00
ee5215bd31
SslSessionRef methods return static strings
...
Closes #961
2018-07-19 20:22:57 -07:00
6440ee04ef
Merge pull request #943 from lolzballs/master
...
Add wrapper for SSL_CTX_set_psk_server_callback
2018-06-17 15:47:00 -07:00
115cb730b0
Switch to accessors in libressl where possible
...
Some accessors are mysteriously still macros so we can't make everything
opaque yet, unfortunately.
cc #909
2018-06-09 21:49:36 -07:00
cdc90c7e9d
Add SslRef::set_alpn_protos
2018-06-04 20:19:27 -07:00
0745d66927
Update to 1.1.1-pre7
...
The initial session ticket is now sent as part of SSL_accept, so some
tests need to write a single byte through the stream to make sure that
both ends have fully completed to avoid test flakes.
TLSv1.3 cipher suite control has been extracted from the normal cipher
list into a separate method: SslContextBuilder::set_ciphersuites.
2018-06-02 13:58:56 -07:00
5d8a44612d
add test for psk; deprecated set_psk_callback
2018-06-02 13:47:52 -04:00
b1eb1224f5
Merge remote-tracking branch 'origin/master'
2018-06-02 10:56:31 -04:00
3456add537
Add SslRef::verified_chain
2018-05-29 21:53:22 -07:00
3cd33cdd8b
Don't panic on bogus servernames
...
Also add a second version of the method to avoid filtering out non-utf8
names.
Closes #930
2018-05-24 20:22:15 -07:00
c0876cc8c6
Add bindings to SSL_get_finished and SSL_get_peer_finished
...
These are used for the tls-unique SCRAM channel binding mode.
2018-05-24 20:00:28 -07:00
c7db3d18ad
Merge pull request #920 from Ralith/max-early-data-accessors
...
TLS1.3 early data support
2018-05-22 20:42:46 -07:00
2e478fdcf4
Expose early I/O
2018-05-22 20:25:28 -07:00
7a7f98a32c
Revert "Move proto version accessors to SslContextRef"
2018-05-20 20:55:20 -07:00
b976b5fd52
Move proto version accessors to SslContextRef
...
Add a Derf impl for SslContextBuilder so existing use still works.
2018-05-20 20:47:00 -07:00
4c1fdf1d81
Support ALPN on libressl
...
Closes #690
2018-05-20 12:52:49 -07:00
a6fcef01c0
Overhaul openssl cfgs
...
Also expose hostname verification on libressl
2018-05-20 12:33:02 -07:00
d991566f2b
Support min/max version in LibreSSL
...
Their implementations of the accessors don't behave expected with no
bounds, so we ignore those bits of the tests.
2018-05-19 19:57:12 -07:00
69c75a178b
Expose early keying material export
2018-05-17 13:16:41 -07:00
d5d414b16f
Expose max TLS1.3 early data accessors
2018-05-17 12:02:32 -07:00
47a68e2929
Add wrapper for SSL_CTX_set_psk_server_callback
2018-05-16 17:49:36 -04:00
ff2c7ffefd
Merge Ssl impl blocks
2018-05-12 16:50:50 +01:00
c25b6f3e26
Clean up SSL callbacks
...
Also add an Arc to avoid a weird use after free edge case if a callback
changes a callback.
2018-05-12 15:02:53 +01:00
5cfbe7ac6a
Disable tests that talk to Google on LibreSSL 2.5.0
...
They're flickering, and I'm assuming it's just because that version is
so old.
2018-05-12 13:59:22 +01:00
e5d65306e7
Change SslContext callback handling
...
Use the existing infrastructure!
2018-05-12 13:19:01 +01:00
7a1b59d605
Fix base version for min/max proto accessors
...
Closes #911
2018-05-09 20:04:43 +01:00
47431f66bb
Expose SslSession <-> DER conversion
2018-04-29 01:54:16 -07:00
e423da2d12
Merge pull request #858 from Ralith/stateless-api
...
Introduce SslStreamBuilder
2018-03-31 11:28:03 -07:00
1bbe1b6a8f
Clean up a couple of holdovers from old features
2018-03-29 10:20:18 +02:00
99fdb2bd0b
Introduce SslStreamBuilder
2018-03-28 18:14:48 -07:00
bbb1cb61f6
Update to OpenSSL 1.1.1-pre3
2018-03-28 18:14:44 -07:00
7c33346960
Remove version-specific features
...
Closes #852
2018-03-19 00:41:33 -07:00
09b1fe9a0d
Expose additional cipher and digest accessors
2018-03-16 20:33:23 -07:00
9f5ef88880
Add a Sync + Send bound to the custom ext type
...
It's stored inside of the Ssl, so this is probably tecnically
necessarly?
2018-03-11 15:36:47 -07:00
d0329473bd
Merge branch 'master' into custom-extensions
2018-03-11 15:27:28 -07:00
e02dbde2f7
Generic custom extension add fn return type
2018-03-10 22:30:54 -08:00
562fe79f4c
Add one more set of impls
2018-03-10 08:53:46 -08:00
b0bc1c770e
High-level API for OpenSSL 1.1.1 custom extension support
2018-03-09 20:33:49 -08:00
f92de22b8d
Add SslOptions::ENABLE_MIDDLEBOX_COMPAT
2018-03-03 14:57:38 -08:00
b7ba577339
Add min/max protocol version support
2018-02-25 23:20:10 -08:00
e04dbfa3ee
Expose cookie generate/verify callback setters
2018-02-25 20:05:15 -08:00
f72f35e9bd
Add RFC 5705 support
2018-02-23 22:04:57 -08:00
7e0591a377
Actually add version stuff
2018-02-21 23:25:28 -08:00
2daaf3fdea
Add some debugging-related bindings
2018-02-17 17:49:49 -08:00
90d5f85511
Add SSL_version binding
2018-02-17 13:44:21 -08:00
3f5e3f095e
Fix session cloning
2018-02-17 10:12:47 -08:00
Steven Fackler