Add functions for getting/setting SNI/ALPN info in SSL_SESSION
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
This commit is contained in:
Matt Caswell
parent
dd5b98c55a
commit
67738645dc
4 changed files with 78 additions and 2 deletions
|
|
@ -2,13 +2,24 @@
|
|||
|
||||
=head1 NAME
|
||||
|
||||
SSL_SESSION_get0_hostname - retrieve the SNI hostname associated with a session
|
||||
SSL_SESSION_get0_hostname,
|
||||
SSL_SESSION_set1_hostname,
|
||||
SSL_SESSION_get0_alpn_selected,
|
||||
SSL_SESSION_set1_alpn_selected
|
||||
- get and set SNI and ALPN data ssociated with a session
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s);
|
||||
int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname);
|
||||
|
||||
void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,
|
||||
const unsigned char **alpn,
|
||||
size_t *len);
|
||||
int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn,
|
||||
size_t len);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
|
|
@ -18,6 +29,17 @@ client when the session was created, or NULL if no value was sent.
|
|||
The value returned is a pointer to memory maintained within B<s> and
|
||||
should not be free'd.
|
||||
|
||||
SSL_SESSION_set1_hostname() sets the SNI value for the hostname to a copy of
|
||||
the string provided in hostname.
|
||||
|
||||
SSL_SESSION_get0_alpn_selected() retrieves the selected ALPN protocol for this
|
||||
session and its associated length in bytes. The returned value of B<*alpn> is a
|
||||
pointer to memory maintained within B<s> and should not be free'd.
|
||||
|
||||
SSL_SESSION_set1_alpn_selected() sets the ALPN protocol for this session to the
|
||||
value in B<*alpn> which should be of length B<len> bytes. A copy of this value
|
||||
is taken.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<ssl(7)>,
|
||||
|
|
@ -25,9 +47,14 @@ L<d2i_SSL_SESSION(3)>,
|
|||
L<SSL_SESSION_get_time(3)>,
|
||||
L<SSL_SESSION_free(3)>
|
||||
|
||||
=head1 HISTORY
|
||||
|
||||
SSL_SESSION_set1_hostname(), SSL_SESSION_get0_alpn_selected() and
|
||||
SSL_SESSION_set1_alpn_selected() were added in OpenSSL 1.1.1.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the OpenSSL license (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
|||
|
|
@ -1535,6 +1535,13 @@ __owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s);
|
|||
__owur int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version);
|
||||
|
||||
__owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s);
|
||||
__owur int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname);
|
||||
void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,
|
||||
const unsigned char **alpn,
|
||||
size_t *len);
|
||||
__owur int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s,
|
||||
const unsigned char *alpn,
|
||||
size_t len);
|
||||
__owur const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s);
|
||||
__owur int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher);
|
||||
__owur int SSL_SESSION_has_ticket(const SSL_SESSION *s);
|
||||
|
|
|
|||
|
|
@ -906,6 +906,18 @@ const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s)
|
|||
return s->ext.hostname;
|
||||
}
|
||||
|
||||
int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname)
|
||||
{
|
||||
OPENSSL_free(s->ext.hostname);
|
||||
if (hostname == NULL) {
|
||||
s->ext.hostname = NULL;
|
||||
return 1;
|
||||
}
|
||||
s->ext.hostname = OPENSSL_strdup(hostname);
|
||||
|
||||
return s->ext.hostname != NULL;
|
||||
}
|
||||
|
||||
int SSL_SESSION_has_ticket(const SSL_SESSION *s)
|
||||
{
|
||||
return (s->ext.ticklen > 0) ? 1 : 0;
|
||||
|
|
@ -936,6 +948,33 @@ int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data)
|
|||
return 1;
|
||||
}
|
||||
|
||||
void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,
|
||||
const unsigned char **alpn,
|
||||
size_t *len)
|
||||
{
|
||||
*alpn = s->ext.alpn_selected;
|
||||
*len = s->ext.alpn_selected_len;
|
||||
}
|
||||
|
||||
int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn,
|
||||
size_t len)
|
||||
{
|
||||
OPENSSL_free(s->ext.alpn_selected);
|
||||
if (alpn == NULL || len == 0) {
|
||||
s->ext.alpn_selected = NULL;
|
||||
s->ext.alpn_selected_len = 0;
|
||||
return 1;
|
||||
}
|
||||
s->ext.alpn_selected = OPENSSL_memdup(alpn, len);
|
||||
if (s->ext.alpn_selected == NULL) {
|
||||
s->ext.alpn_selected_len = 0;
|
||||
return 0;
|
||||
}
|
||||
s->ext.alpn_selected_len = len;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
|
||||
{
|
||||
return s->peer;
|
||||
|
|
|
|||
|
|
@ -466,3 +466,6 @@ SSL_SESSION_dup 466 1_1_1 EXIST::FUNCTION:
|
|||
SSL_get_pending_cipher 467 1_1_1 EXIST::FUNCTION:
|
||||
SSL_CIPHER_get_protocol_id 468 1_1_1 EXIST::FUNCTION:
|
||||
SSL_SESSION_set_max_early_data 469 1_1_1 EXIST::FUNCTION:
|
||||
SSL_SESSION_set1_alpn_selected 470 1_1_1 EXIST::FUNCTION:
|
||||
SSL_SESSION_set1_hostname 471 1_1_1 EXIST::FUNCTION:
|
||||
SSL_SESSION_get0_alpn_selected 472 1_1_1 EXIST::FUNCTION:
|
||||
|
|
|
|||
Loading…
Reference in a new issue