From ef81d97a30ce0277be9eba813131f07f9328e3a6 Mon Sep 17 00:00:00 2001 From: Viktoriia Kovalova Date: Wed, 13 Nov 2024 15:42:48 +0000 Subject: [PATCH 1/2] Enable set_alpn_select_callback for BoringSSL --- openssl/src/ssl/callbacks.rs | 4 ++-- openssl/src/ssl/mod.rs | 21 ++++++++++++++------- 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/openssl/src/ssl/callbacks.rs b/openssl/src/ssl/callbacks.rs index ccf530850..f7e51a5d3 100644 --- a/openssl/src/ssl/callbacks.rs +++ b/openssl/src/ssl/callbacks.rs @@ -19,7 +19,7 @@ use crate::dh::Dh; use crate::ec::EcKey; use crate::error::ErrorStack; use crate::pkey::Params; -#[cfg(any(ossl102, libressl261))] +#[cfg(any(ossl102, libressl261, boringssl))] use crate::ssl::AlpnError; use crate::ssl::{ try_get_session_ctx_index, SniError, Ssl, SslAlert, SslContext, SslContextRef, SslRef, @@ -178,7 +178,7 @@ where } } -#[cfg(any(ossl102, libressl261))] +#[cfg(any(ossl102, libressl261, boringssl))] pub extern "C" fn raw_alpn_select( ssl: *mut ffi::SSL, out: *mut *const c_uchar, diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index d9b2a724f..f5a696ab5 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -602,17 +602,17 @@ impl SslAlert { /// An error returned from an ALPN selection callback. /// -/// Requires OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer. -#[cfg(any(ossl102, libressl261))] +/// Requires BoringSSL or OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer. +#[cfg(any(ossl102, libressl261, boringssl))] #[derive(Debug, Copy, Clone, PartialEq, Eq)] pub struct AlpnError(c_int); -#[cfg(any(ossl102, libressl261))] +#[cfg(any(ossl102, libressl261, boringssl))] impl AlpnError { /// Terminate the handshake with a fatal alert. /// - /// Requires OpenSSL 1.1.0 or newer. - #[cfg(ossl110)] + /// Requires BoringSSL or OpenSSL 1.1.0 or newer. + #[cfg(any(ossl110, boringssl))] pub const ALERT_FATAL: AlpnError = AlpnError(ffi::SSL_TLSEXT_ERR_ALERT_FATAL); /// Do not select a protocol, but continue the handshake. @@ -1267,23 +1267,30 @@ impl SslContextBuilder { /// of those protocols on success. The [`select_next_proto`] function implements the standard /// protocol selection algorithm. /// - /// Requires OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer. + /// Requires BoringSSL or OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer. /// /// [`SslContextBuilder::set_alpn_protos`]: struct.SslContextBuilder.html#method.set_alpn_protos /// [`select_next_proto`]: fn.select_next_proto.html #[corresponds(SSL_CTX_set_alpn_select_cb)] - #[cfg(any(ossl102, libressl261))] + #[cfg(any(ossl102, libressl261, boringssl))] pub fn set_alpn_select_callback(&mut self, callback: F) where F: for<'a> Fn(&mut SslRef, &'a [u8]) -> Result<&'a [u8], AlpnError> + 'static + Sync + Send, { unsafe { self.set_ex_data(SslContext::cached_ex_index::(), callback); + #[cfg(not(boringssl))] ffi::SSL_CTX_set_alpn_select_cb__fixed_rust( self.as_ptr(), Some(callbacks::raw_alpn_select::), ptr::null_mut(), ); + #[cfg(boringssl)] + ffi::SSL_CTX_set_alpn_select_cb( + self.as_ptr(), + Some(callbacks::raw_alpn_select::), + ptr::null_mut(), + ); } } From cf40611ed321848d1df7e9d2d1e96361b802af3d Mon Sep 17 00:00:00 2001 From: Viktoriia Kovalova Date: Wed, 13 Nov 2024 15:42:48 +0000 Subject: [PATCH 2/2] Enable tests --- openssl/src/ssl/test/mod.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/openssl/src/ssl/test/mod.rs b/openssl/src/ssl/test/mod.rs index 2c5fd000a..282558f80 100644 --- a/openssl/src/ssl/test/mod.rs +++ b/openssl/src/ssl/test/mod.rs @@ -502,7 +502,7 @@ fn test_connect_with_srtp_ssl() { /// Tests that when the `SslStream` is created as a server stream, the protocols /// are correctly advertised to the client. #[test] -#[cfg(any(ossl102, libressl261))] +#[cfg(any(ossl102, libressl261, boringssl))] fn test_alpn_server_advertise_multiple() { let mut server = Server::builder(); server.ctx().set_alpn_select_callback(|_, client| { @@ -517,7 +517,7 @@ fn test_alpn_server_advertise_multiple() { } #[test] -#[cfg(ossl110)] +#[cfg(any(ossl110, boringssl))] fn test_alpn_server_select_none_fatal() { let mut server = Server::builder(); server.ctx().set_alpn_select_callback(|_, client| { @@ -533,7 +533,7 @@ fn test_alpn_server_select_none_fatal() { } #[test] -#[cfg(any(ossl102, libressl261))] +#[cfg(any(ossl102, libressl261, boringssl))] fn test_alpn_server_select_none() { static CALLED_BACK: AtomicBool = AtomicBool::new(false);