Skip to content

Commit

Permalink
Merge pull request #2327 from ViktoriiaKovalova/add-select-alpn-cb
Browse files Browse the repository at this point in the history
Enable set_alpn_select_callback for BoringSSL
  • Loading branch information
sfackler authored Nov 13, 2024
2 parents 96607c6 + cf40611 commit d3d7c12
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 12 deletions.
4 changes: 2 additions & 2 deletions openssl/src/ssl/callbacks.rs
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ use crate::dh::Dh;
use crate::ec::EcKey;
use crate::error::ErrorStack;
use crate::pkey::Params;
#[cfg(any(ossl102, libressl261))]
#[cfg(any(ossl102, libressl261, boringssl))]
use crate::ssl::AlpnError;
use crate::ssl::{
try_get_session_ctx_index, SniError, Ssl, SslAlert, SslContext, SslContextRef, SslRef,
Expand Down Expand Up @@ -178,7 +178,7 @@ where
}
}

#[cfg(any(ossl102, libressl261))]
#[cfg(any(ossl102, libressl261, boringssl))]
pub extern "C" fn raw_alpn_select<F>(
ssl: *mut ffi::SSL,
out: *mut *const c_uchar,
Expand Down
21 changes: 14 additions & 7 deletions openssl/src/ssl/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -602,17 +602,17 @@ impl SslAlert {

/// An error returned from an ALPN selection callback.
///
/// Requires OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
#[cfg(any(ossl102, libressl261))]
/// Requires BoringSSL or OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
#[cfg(any(ossl102, libressl261, boringssl))]
#[derive(Debug, Copy, Clone, PartialEq, Eq)]
pub struct AlpnError(c_int);

#[cfg(any(ossl102, libressl261))]
#[cfg(any(ossl102, libressl261, boringssl))]
impl AlpnError {
/// Terminate the handshake with a fatal alert.
///
/// Requires OpenSSL 1.1.0 or newer.
#[cfg(ossl110)]
/// Requires BoringSSL or OpenSSL 1.1.0 or newer.
#[cfg(any(ossl110, boringssl))]
pub const ALERT_FATAL: AlpnError = AlpnError(ffi::SSL_TLSEXT_ERR_ALERT_FATAL);

/// Do not select a protocol, but continue the handshake.
Expand Down Expand Up @@ -1267,23 +1267,30 @@ impl SslContextBuilder {
/// of those protocols on success. The [`select_next_proto`] function implements the standard
/// protocol selection algorithm.
///
/// Requires OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
/// Requires BoringSSL or OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
///
/// [`SslContextBuilder::set_alpn_protos`]: struct.SslContextBuilder.html#method.set_alpn_protos
/// [`select_next_proto`]: fn.select_next_proto.html
#[corresponds(SSL_CTX_set_alpn_select_cb)]
#[cfg(any(ossl102, libressl261))]
#[cfg(any(ossl102, libressl261, boringssl))]
pub fn set_alpn_select_callback<F>(&mut self, callback: F)
where
F: for<'a> Fn(&mut SslRef, &'a [u8]) -> Result<&'a [u8], AlpnError> + 'static + Sync + Send,
{
unsafe {
self.set_ex_data(SslContext::cached_ex_index::<F>(), callback);
#[cfg(not(boringssl))]
ffi::SSL_CTX_set_alpn_select_cb__fixed_rust(
self.as_ptr(),
Some(callbacks::raw_alpn_select::<F>),
ptr::null_mut(),
);
#[cfg(boringssl)]
ffi::SSL_CTX_set_alpn_select_cb(
self.as_ptr(),
Some(callbacks::raw_alpn_select::<F>),
ptr::null_mut(),
);
}
}

Expand Down
6 changes: 3 additions & 3 deletions openssl/src/ssl/test/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -502,7 +502,7 @@ fn test_connect_with_srtp_ssl() {
/// Tests that when the `SslStream` is created as a server stream, the protocols
/// are correctly advertised to the client.
#[test]
#[cfg(any(ossl102, libressl261))]
#[cfg(any(ossl102, libressl261, boringssl))]
fn test_alpn_server_advertise_multiple() {
let mut server = Server::builder();
server.ctx().set_alpn_select_callback(|_, client| {
Expand All @@ -517,7 +517,7 @@ fn test_alpn_server_advertise_multiple() {
}

#[test]
#[cfg(ossl110)]
#[cfg(any(ossl110, boringssl))]
fn test_alpn_server_select_none_fatal() {
let mut server = Server::builder();
server.ctx().set_alpn_select_callback(|_, client| {
Expand All @@ -533,7 +533,7 @@ fn test_alpn_server_select_none_fatal() {
}

#[test]
#[cfg(any(ossl102, libressl261))]
#[cfg(any(ossl102, libressl261, boringssl))]
fn test_alpn_server_select_none() {
static CALLED_BACK: AtomicBool = AtomicBool::new(false);

Expand Down

0 comments on commit d3d7c12

Please sign in to comment.