iv-org-mirror/litespeed-quic
1
0
Fork 0
mirror of https://gitea.invidious.io/iv-org/litespeed-quic.git synced 2024-08-15 00:53:43 +00:00
Code Issues Projects Releases Packages Wiki Activity

Support get_ssl_ctx callback for client

Browse source
This commit is contained in:
sumasrao 2020-10-28 18:26:57 -05:00
parent 821ffbba11
commit 21bcad8707
6 changed files with 41 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docs/tutorial.rst
View file

@ -317,7 +317,7 @@ Other required engine callbacks are a set of stream and connection callbacks tha
/* --- 8< --- snip --- 8< --- */
.ea_stream_if = &stream_callbacks,
.ea_stream_if_ctx = &some_context,
.ea_get_ssl_ctx = get_ssl_ctx, /* Server only */
.ea_get_ssl_ctx = get_ssl_ctx,
};

2
src/liblsquic/lsquic_enc_sess.h
View file

@ -264,7 +264,7 @@ struct enc_session_funcs_iquic
const struct ver_neg *, void *(crypto_streams)[4],
const struct crypto_stream_if *,
const unsigned char *, size_t,
struct lsquic_alarmset *, unsigned);
struct lsquic_alarmset *, unsigned, void*);
void
(*esfi_destroy) (enc_session_t *);

58
src/liblsquic/lsquic_enc_sess_ietf.c
View file

@ -817,10 +817,11 @@ iquic_esfi_create_client (const char *hostname,
const lsquic_cid_t *dcid, const struct ver_neg *ver_neg,
void *crypto_streams[4], const struct crypto_stream_if *cryst_if,
const unsigned char *sess_resume, size_t sess_resume_sz,
struct lsquic_alarmset *alset, unsigned max_streams_uni)
struct lsquic_alarmset *alset, unsigned max_streams_uni, void* peer_ctx)
{
struct enc_sess_iquic *enc_sess;
SSL_CTX *ssl_ctx = NULL;
int set_app_ctx = 0;
SSL_SESSION *ssl_session;
const struct alpn_map *am;
int transpa_len;
@ -884,29 +885,39 @@ iquic_esfi_create_client (const char *hostname,
enc_sess->esi_alpn = am->alpn;
}
LSQ_DEBUG("Create new SSL_CTX");
ssl_ctx = SSL_CTX_new(TLS_method());
ssl_ctx = enc_sess->esi_enpub->enp_get_ssl_ctx( peer_ctx );
if (!ssl_ctx)
{
LSQ_ERROR("cannot create SSL context: %s",
ERR_error_string(ERR_get_error(), errbuf));
goto err;
LSQ_DEBUG("Create new SSL_CTX");
ssl_ctx = SSL_CTX_new(TLS_method());
if (!ssl_ctx)
{
LSQ_ERROR("cannot create SSL context: %s",
ERR_error_string(ERR_get_error(), errbuf));
goto err;
}
SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_3_VERSION);
SSL_CTX_set_max_proto_version(ssl_ctx, TLS1_3_VERSION);
SSL_CTX_set_default_verify_paths(ssl_ctx);
SSL_CTX_set_session_cache_mode(ssl_ctx, SSL_SESS_CACHE_CLIENT);
if (enc_sess->esi_enpub->enp_stream_if->on_sess_resume_info)
SSL_CTX_sess_set_new_cb(ssl_ctx, iquic_new_session_cb);
if (enc_sess->esi_enpub->enp_kli)
SSL_CTX_set_keylog_callback(ssl_ctx, keylog_callback);
if (enc_sess->esi_enpub->enp_verify_cert
|| LSQ_LOG_ENABLED_EXT(LSQ_LOG_DEBUG, LSQLM_EVENT)
|| LSQ_LOG_ENABLED_EXT(LSQ_LOG_DEBUG, LSQLM_QLOG))
SSL_CTX_set_custom_verify(ssl_ctx, SSL_VERIFY_PEER,
verify_server_cert_callback);
SSL_CTX_set_early_data_enabled(ssl_ctx, 1);
set_app_ctx = 0;
}
SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_3_VERSION);
SSL_CTX_set_max_proto_version(ssl_ctx, TLS1_3_VERSION);
SSL_CTX_set_default_verify_paths(ssl_ctx);
SSL_CTX_set_session_cache_mode(ssl_ctx, SSL_SESS_CACHE_CLIENT);
if (enc_sess->esi_enpub->enp_stream_if->on_sess_resume_info)
SSL_CTX_sess_set_new_cb(ssl_ctx, iquic_new_session_cb);
if (enc_sess->esi_enpub->enp_kli)
SSL_CTX_set_keylog_callback(ssl_ctx, keylog_callback);
if (enc_sess->esi_enpub->enp_verify_cert
|| LSQ_LOG_ENABLED_EXT(LSQ_LOG_DEBUG, LSQLM_EVENT)
|| LSQ_LOG_ENABLED_EXT(LSQ_LOG_DEBUG, LSQLM_QLOG))
SSL_CTX_set_custom_verify(ssl_ctx, SSL_VERIFY_PEER,
verify_server_cert_callback);
SSL_CTX_set_early_data_enabled(ssl_ctx, 1);
else
{
set_app_ctx = 1;
}
enc_sess->esi_ssl = SSL_new(ssl_ctx);
if (!enc_sess->esi_ssl)
{
@ -975,13 +986,14 @@ iquic_esfi_create_client (const char *hostname,
lsquic_alarmset_init_alarm(enc_sess->esi_alset, AL_SESS_TICKET,
no_sess_ticket, enc_sess);
SSL_CTX_free(ssl_ctx);
if( !set_app_ctx )
SSL_CTX_free(ssl_ctx);
return enc_sess;
err:
if (enc_sess)
iquic_esfi_destroy(enc_sess);
if (ssl_ctx)
if (!set_app_ctx && ssl_ctx)
SSL_CTX_free(ssl_ctx);
return NULL;
}

2
src/liblsquic/lsquic_engine.c
View file

@ -1747,7 +1747,7 @@ lsquic_engine_connect (lsquic_engine_t *engine, enum lsquic_version version,
if (versions & LSQUIC_IETF_VERSIONS)
conn = lsquic_ietf_full_conn_client_new(&engine->pub, versions,
flags, hostname, base_plpmtu,
is_ipv4, sess_resume, sess_resume_len, token, token_sz);
is_ipv4, sess_resume, sess_resume_len, token, token_sz, peer_ctx);
else
conn = lsquic_gquic_full_conn_client_new(&engine->pub, versions,
flags, hostname, base_plpmtu, is_ipv4,

2
src/liblsquic/lsquic_full_conn.h
View file

@ -19,7 +19,7 @@ lsquic_ietf_full_conn_client_new (struct lsquic_engine_public *,
unsigned flags /* Only FC_SERVER and FC_HTTP */,
const char *hostname, unsigned short base_plpmtu, int is_ipv4,
const unsigned char *sess_resume, size_t,
const unsigned char *token, size_t);
const unsigned char *token, size_t, void* peer_ctx);
typedef struct lsquic_conn *
(*server_conn_ctor_f) (struct lsquic_engine_public *,

4
src/liblsquic/lsquic_full_conn_ietf.c
View file

@ -1303,7 +1303,7 @@ lsquic_ietf_full_conn_client_new (struct lsquic_engine_public *enpub,
unsigned versions, unsigned flags,
const char *hostname, unsigned short base_plpmtu, int is_ipv4,
const unsigned char *sess_resume, size_t sess_resume_sz,
const unsigned char *token, size_t token_sz)
const unsigned char *token, size_t token_sz, void* peer_ctx)
{
const struct transport_params *params;
const struct enc_session_funcs_iquic *esfi;
@ -1397,7 +1397,7 @@ lsquic_ietf_full_conn_client_new (struct lsquic_engine_public *enpub,
&conn->ifc_u.cli.ifcli_ver_neg,
(void **) conn->ifc_u.cli.crypto_streams, &crypto_stream_if,
sess_resume, sess_resume_sz, &conn->ifc_alset,
conn->ifc_max_streams_in[SD_UNI]);
conn->ifc_max_streams_in[SD_UNI], peer_ctx);
if (!conn->ifc_conn.cn_enc_session)
goto err2;