From 67738645dc0b044fc7d120a3c67af5635d0d78ec Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 3 Aug 2017 10:13:31 +0100 Subject: [PATCH] Add functions for getting/setting SNI/ALPN info in SSL_SESSION Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/3926) --- doc/man3/SSL_SESSION_get0_hostname.pod | 31 ++++++++++++++++++-- include/openssl/ssl.h | 7 +++++ ssl/ssl_sess.c | 39 ++++++++++++++++++++++++++ util/libssl.num | 3 ++ 4 files changed, 78 insertions(+), 2 deletions(-) diff --git a/doc/man3/SSL_SESSION_get0_hostname.pod b/doc/man3/SSL_SESSION_get0_hostname.pod index 4ed7e40a86..642daaa531 100644 --- a/doc/man3/SSL_SESSION_get0_hostname.pod +++ b/doc/man3/SSL_SESSION_get0_hostname.pod @@ -2,13 +2,24 @@ =head1 NAME -SSL_SESSION_get0_hostname - retrieve the SNI hostname associated with a session +SSL_SESSION_get0_hostname, +SSL_SESSION_set1_hostname, +SSL_SESSION_get0_alpn_selected, +SSL_SESSION_set1_alpn_selected +- get and set SNI and ALPN data ssociated with a session =head1 SYNOPSIS #include const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s); + int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname); + + void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s, + const unsigned char **alpn, + size_t *len); + int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn, + size_t len); =head1 DESCRIPTION @@ -18,6 +29,17 @@ client when the session was created, or NULL if no value was sent. The value returned is a pointer to memory maintained within B and should not be free'd. +SSL_SESSION_set1_hostname() sets the SNI value for the hostname to a copy of +the string provided in hostname. + +SSL_SESSION_get0_alpn_selected() retrieves the selected ALPN protocol for this +session and its associated length in bytes. The returned value of B<*alpn> is a +pointer to memory maintained within B and should not be free'd. + +SSL_SESSION_set1_alpn_selected() sets the ALPN protocol for this session to the +value in B<*alpn> which should be of length B bytes. A copy of this value +is taken. + =head1 SEE ALSO L, @@ -25,9 +47,14 @@ L, L, L +=head1 HISTORY + +SSL_SESSION_set1_hostname(), SSL_SESSION_get0_alpn_selected() and +SSL_SESSION_set1_alpn_selected() were added in OpenSSL 1.1.1. + =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 077e8513b0..248408f691 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1535,6 +1535,13 @@ __owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s); __owur int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version); __owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s); +__owur int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname); +void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s, + const unsigned char **alpn, + size_t *len); +__owur int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, + const unsigned char *alpn, + size_t len); __owur const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s); __owur int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher); __owur int SSL_SESSION_has_ticket(const SSL_SESSION *s); diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 6292d01126..1482a3e7c7 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -906,6 +906,18 @@ const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s) return s->ext.hostname; } +int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname) +{ + OPENSSL_free(s->ext.hostname); + if (hostname == NULL) { + s->ext.hostname = NULL; + return 1; + } + s->ext.hostname = OPENSSL_strdup(hostname); + + return s->ext.hostname != NULL; +} + int SSL_SESSION_has_ticket(const SSL_SESSION *s) { return (s->ext.ticklen > 0) ? 1 : 0; @@ -936,6 +948,33 @@ int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data) return 1; } +void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s, + const unsigned char **alpn, + size_t *len) +{ + *alpn = s->ext.alpn_selected; + *len = s->ext.alpn_selected_len; +} + +int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn, + size_t len) +{ + OPENSSL_free(s->ext.alpn_selected); + if (alpn == NULL || len == 0) { + s->ext.alpn_selected = NULL; + s->ext.alpn_selected_len = 0; + return 1; + } + s->ext.alpn_selected = OPENSSL_memdup(alpn, len); + if (s->ext.alpn_selected == NULL) { + s->ext.alpn_selected_len = 0; + return 0; + } + s->ext.alpn_selected_len = len; + + return 1; +} + X509 *SSL_SESSION_get0_peer(SSL_SESSION *s) { return s->peer; diff --git a/util/libssl.num b/util/libssl.num index f3d1baacb5..14a70234e3 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -466,3 +466,6 @@ SSL_SESSION_dup 466 1_1_1 EXIST::FUNCTION: SSL_get_pending_cipher 467 1_1_1 EXIST::FUNCTION: SSL_CIPHER_get_protocol_id 468 1_1_1 EXIST::FUNCTION: SSL_SESSION_set_max_early_data 469 1_1_1 EXIST::FUNCTION: +SSL_SESSION_set1_alpn_selected 470 1_1_1 EXIST::FUNCTION: +SSL_SESSION_set1_hostname 471 1_1_1 EXIST::FUNCTION: +SSL_SESSION_get0_alpn_selected 472 1_1_1 EXIST::FUNCTION: