mirror of
https://github.com/openssl/openssl.git
synced 2025-01-18 13:44:20 +08:00
Add setters to set the early_data callback
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6469)
This commit is contained in:
Matt Caswell
parent
5d263fb78b
commit
c9598459b6
@ -2389,13 +2389,19 @@ int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len);
|
||||
|
||||
extern const char SSL_version_str[];
|
||||
|
||||
|
||||
|
||||
typedef unsigned int (*DTLS_timer_cb)(SSL *s, unsigned int timer_us);
|
||||
|
||||
void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb);
|
||||
|
||||
|
||||
typedef int (*SSL_allow_early_data_cb_fn)(SSL *s, void *arg);
|
||||
void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx,
|
||||
SSL_allow_early_data_cb_fn cb,
|
||||
void *arg);
|
||||
void SSL_set_allow_early_data_cb(SSL *s,
|
||||
SSL_allow_early_data_cb_fn cb,
|
||||
void *arg);
|
||||
|
||||
# ifdef __cplusplus
|
||||
}
|
||||
# endif
|
||||
|
||||
@ -805,6 +805,9 @@ SSL *SSL_new(SSL_CTX *ctx)
|
||||
|
||||
s->key_update = SSL_KEY_UPDATE_NONE;
|
||||
|
||||
s->allow_early_data_cb = ctx->allow_early_data_cb;
|
||||
s->allow_early_data_cb_data = ctx->allow_early_data_cb_data;
|
||||
|
||||
if (!s->method->ssl_new(s))
|
||||
goto err;
|
||||
|
||||
@ -5483,3 +5486,19 @@ int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx,
|
||||
ctx->ticket_cb_data = arg;
|
||||
return 1;
|
||||
}
|
||||
|
||||
void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx,
|
||||
SSL_allow_early_data_cb_fn cb,
|
||||
void *arg)
|
||||
{
|
||||
ctx->allow_early_data_cb = cb;
|
||||
ctx->allow_early_data_cb_data = arg;
|
||||
}
|
||||
|
||||
void SSL_set_allow_early_data_cb(SSL *s,
|
||||
SSL_allow_early_data_cb_fn cb,
|
||||
void *arg)
|
||||
{
|
||||
s->allow_early_data_cb = cb;
|
||||
s->allow_early_data_cb_data = arg;
|
||||
}
|
||||
|
||||
@ -1047,6 +1047,10 @@ struct ssl_ctx_st {
|
||||
|
||||
/* The number of TLS1.3 tickets to automatically send */
|
||||
size_t num_tickets;
|
||||
|
||||
/* Callback to determine if early_data is acceptable or not */
|
||||
SSL_allow_early_data_cb_fn allow_early_data_cb;
|
||||
void *allow_early_data_cb_data;
|
||||
};
|
||||
|
||||
struct ssl_st {
|
||||
@ -1206,8 +1210,6 @@ struct ssl_st {
|
||||
SSL_psk_find_session_cb_func psk_find_session_cb;
|
||||
SSL_psk_use_session_cb_func psk_use_session_cb;
|
||||
|
||||
int (*allow_early_data_cb)(SSL *s, SSL_SESSION *sess);
|
||||
|
||||
SSL_CTX *ctx;
|
||||
/* Verified chain of peer */
|
||||
STACK_OF(X509) *verified_chain;
|
||||
@ -1427,6 +1429,10 @@ struct ssl_st {
|
||||
size_t sent_tickets;
|
||||
/* The next nonce value to use when we send a ticket on this connection */
|
||||
uint64_t next_ticket_nonce;
|
||||
|
||||
/* Callback to determine if early_data is acceptable or not */
|
||||
SSL_allow_early_data_cb_fn allow_early_data_cb;
|
||||
void *allow_early_data_cb_data;
|
||||
};
|
||||
|
||||
/*
|
||||
|
||||
@ -1622,7 +1622,10 @@ static int final_early_data(SSL *s, unsigned int context, int sent)
|
||||
|| s->session->ext.tick_identity != 0
|
||||
|| s->early_data_state != SSL_EARLY_DATA_ACCEPTING
|
||||
|| !s->ext.early_data_ok
|
||||
|| s->hello_retry_request != SSL_HRR_NONE) {
|
||||
|| s->hello_retry_request != SSL_HRR_NONE
|
||||
|| (s->ctx->allow_early_data_cb != NULL
|
||||
&& !s->ctx->allow_early_data_cb(s,
|
||||
s->ctx->allow_early_data_cb_data))) {
|
||||
s->ext.early_data = SSL_EARLY_DATA_REJECTED;
|
||||
} else {
|
||||
s->ext.early_data = SSL_EARLY_DATA_ACCEPTED;
|
||||
|
||||
@ -490,3 +490,5 @@ SSL_set_num_tickets 490 1_1_1 EXIST::FUNCTION:
|
||||
SSL_CTX_get_num_tickets 491 1_1_1 EXIST::FUNCTION:
|
||||
SSL_get_num_tickets 492 1_1_1 EXIST::FUNCTION:
|
||||
SSL_CTX_set_num_tickets 493 1_1_1 EXIST::FUNCTION:
|
||||
SSL_CTX_set_allow_early_data_cb 494 1_1_1 EXIST::FUNCTION:
|
||||
SSL_set_allow_early_data_cb 495 1_1_1 EXIST::FUNCTION:
|
||||
|
||||
Loading…
Reference in New Issue
Block a user