iv-org-mirror/litespeed-quic
1
0
Fork 0
mirror of https://gitea.invidious.io/iv-org/litespeed-quic.git synced 2024-08-15 00:53:43 +00:00
Code Issues Projects Releases Packages Wiki Activity

Support get_ssl_ctx callback for client

Browse source
This commit is contained in:
sumasrao 2020-10-28 18:26:57 -05:00
parent 821ffbba11
commit 21bcad8707
6 changed files with 41 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docs/tutorial.rst
View file

@ -317,7 +317,7 @@ Other required engine callbacks are a set of stream and connection callbacks tha
/* --- 8< --- snip --- 8< --- */ /* --- 8< --- snip --- 8< --- */
.ea_stream_if = &stream_callbacks, .ea_stream_if = &stream_callbacks,
.ea_stream_if_ctx = &some_context, .ea_stream_if_ctx = &some_context,
.ea_get_ssl_ctx = get_ssl_ctx, /* Server only */ .ea_get_ssl_ctx = get_ssl_ctx,
}; };

2
src/liblsquic/lsquic_enc_sess.h
View file

@ -264,7 +264,7 @@ struct enc_session_funcs_iquic
const struct ver_neg *, void *(crypto_streams)[4], const struct ver_neg *, void *(crypto_streams)[4],
const struct crypto_stream_if *, const struct crypto_stream_if *,
const unsigned char *, size_t, const unsigned char *, size_t,
struct lsquic_alarmset *, unsigned); struct lsquic_alarmset *, unsigned, void*);
void void
(*esfi_destroy) (enc_session_t *); (*esfi_destroy) (enc_session_t *);

58
src/liblsquic/lsquic_enc_sess_ietf.c
View file

@ -817,10 +817,11 @@ iquic_esfi_create_client (const char *hostname,
const lsquic_cid_t *dcid, const struct ver_neg *ver_neg, const lsquic_cid_t *dcid, const struct ver_neg *ver_neg,
void *crypto_streams[4], const struct crypto_stream_if *cryst_if, void *crypto_streams[4], const struct crypto_stream_if *cryst_if,
const unsigned char *sess_resume, size_t sess_resume_sz, const unsigned char *sess_resume, size_t sess_resume_sz,
struct lsquic_alarmset *alset, unsigned max_streams_uni) struct lsquic_alarmset *alset, unsigned max_streams_uni, void* peer_ctx)
{ {
struct enc_sess_iquic *enc_sess; struct enc_sess_iquic *enc_sess;
SSL_CTX *ssl_ctx = NULL; SSL_CTX *ssl_ctx = NULL;
int set_app_ctx = 0;
SSL_SESSION *ssl_session; SSL_SESSION *ssl_session;
const struct alpn_map *am; const struct alpn_map *am;
int transpa_len; int transpa_len;
@ -884,29 +885,39 @@ iquic_esfi_create_client (const char *hostname,
enc_sess->esi_alpn = am->alpn; enc_sess->esi_alpn = am->alpn;
} }
LSQ_DEBUG("Create new SSL_CTX"); ssl_ctx = enc_sess->esi_enpub->enp_get_ssl_ctx( peer_ctx );
ssl_ctx = SSL_CTX_new(TLS_method());
if (!ssl_ctx) if (!ssl_ctx)
{ {
LSQ_ERROR("cannot create SSL context: %s", LSQ_DEBUG("Create new SSL_CTX");
ERR_error_string(ERR_get_error(), errbuf)); ssl_ctx = SSL_CTX_new(TLS_method());
goto err; if (!ssl_ctx)
{
LSQ_ERROR("cannot create SSL context: %s",
ERR_error_string(ERR_get_error(), errbuf));
goto err;
}
SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_3_VERSION);
SSL_CTX_set_max_proto_version(ssl_ctx, TLS1_3_VERSION);
SSL_CTX_set_default_verify_paths(ssl_ctx);
SSL_CTX_set_session_cache_mode(ssl_ctx, SSL_SESS_CACHE_CLIENT);
if (enc_sess->esi_enpub->enp_stream_if->on_sess_resume_info)
SSL_CTX_sess_set_new_cb(ssl_ctx, iquic_new_session_cb);
if (enc_sess->esi_enpub->enp_kli)
SSL_CTX_set_keylog_callback(ssl_ctx, keylog_callback);
if (enc_sess->esi_enpub->enp_verify_cert
|| LSQ_LOG_ENABLED_EXT(LSQ_LOG_DEBUG, LSQLM_EVENT)
|| LSQ_LOG_ENABLED_EXT(LSQ_LOG_DEBUG, LSQLM_QLOG))
SSL_CTX_set_custom_verify(ssl_ctx, SSL_VERIFY_PEER,
verify_server_cert_callback);
SSL_CTX_set_early_data_enabled(ssl_ctx, 1);
set_app_ctx = 0;
} }
SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_3_VERSION); else
SSL_CTX_set_max_proto_version(ssl_ctx, TLS1_3_VERSION); {
SSL_CTX_set_default_verify_paths(ssl_ctx); set_app_ctx = 1;
SSL_CTX_set_session_cache_mode(ssl_ctx, SSL_SESS_CACHE_CLIENT); }
if (enc_sess->esi_enpub->enp_stream_if->on_sess_resume_info)
SSL_CTX_sess_set_new_cb(ssl_ctx, iquic_new_session_cb);
if (enc_sess->esi_enpub->enp_kli)
SSL_CTX_set_keylog_callback(ssl_ctx, keylog_callback);
if (enc_sess->esi_enpub->enp_verify_cert
|| LSQ_LOG_ENABLED_EXT(LSQ_LOG_DEBUG, LSQLM_EVENT)
|| LSQ_LOG_ENABLED_EXT(LSQ_LOG_DEBUG, LSQLM_QLOG))
SSL_CTX_set_custom_verify(ssl_ctx, SSL_VERIFY_PEER,
verify_server_cert_callback);
SSL_CTX_set_early_data_enabled(ssl_ctx, 1);
enc_sess->esi_ssl = SSL_new(ssl_ctx); enc_sess->esi_ssl = SSL_new(ssl_ctx);
if (!enc_sess->esi_ssl) if (!enc_sess->esi_ssl)
{ {
@ -975,13 +986,14 @@ iquic_esfi_create_client (const char *hostname,
lsquic_alarmset_init_alarm(enc_sess->esi_alset, AL_SESS_TICKET, lsquic_alarmset_init_alarm(enc_sess->esi_alset, AL_SESS_TICKET,
no_sess_ticket, enc_sess); no_sess_ticket, enc_sess);
SSL_CTX_free(ssl_ctx); if( !set_app_ctx )
SSL_CTX_free(ssl_ctx);
return enc_sess; return enc_sess;
err: err:
if (enc_sess) if (enc_sess)
iquic_esfi_destroy(enc_sess); iquic_esfi_destroy(enc_sess);
if (ssl_ctx) if (!set_app_ctx && ssl_ctx)
SSL_CTX_free(ssl_ctx); SSL_CTX_free(ssl_ctx);
return NULL; return NULL;
} }

2
src/liblsquic/lsquic_engine.c
View file

@ -1747,7 +1747,7 @@ lsquic_engine_connect (lsquic_engine_t *engine, enum lsquic_version version,
if (versions & LSQUIC_IETF_VERSIONS) if (versions & LSQUIC_IETF_VERSIONS)
conn = lsquic_ietf_full_conn_client_new(&engine->pub, versions, conn = lsquic_ietf_full_conn_client_new(&engine->pub, versions,
flags, hostname, base_plpmtu, flags, hostname, base_plpmtu,
is_ipv4, sess_resume, sess_resume_len, token, token_sz); is_ipv4, sess_resume, sess_resume_len, token, token_sz, peer_ctx);
else else
conn = lsquic_gquic_full_conn_client_new(&engine->pub, versions, conn = lsquic_gquic_full_conn_client_new(&engine->pub, versions,
flags, hostname, base_plpmtu, is_ipv4, flags, hostname, base_plpmtu, is_ipv4,

2
src/liblsquic/lsquic_full_conn.h
View file

@ -19,7 +19,7 @@ lsquic_ietf_full_conn_client_new (struct lsquic_engine_public *,
unsigned flags /* Only FC_SERVER and FC_HTTP */, unsigned flags /* Only FC_SERVER and FC_HTTP */,
const char *hostname, unsigned short base_plpmtu, int is_ipv4, const char *hostname, unsigned short base_plpmtu, int is_ipv4,
const unsigned char *sess_resume, size_t, const unsigned char *sess_resume, size_t,
const unsigned char *token, size_t); const unsigned char *token, size_t, void* peer_ctx);
typedef struct lsquic_conn * typedef struct lsquic_conn *
(*server_conn_ctor_f) (struct lsquic_engine_public *, (*server_conn_ctor_f) (struct lsquic_engine_public *,

4
src/liblsquic/lsquic_full_conn_ietf.c
View file

@ -1303,7 +1303,7 @@ lsquic_ietf_full_conn_client_new (struct lsquic_engine_public *enpub,
unsigned versions, unsigned flags, unsigned versions, unsigned flags,
const char *hostname, unsigned short base_plpmtu, int is_ipv4, const char *hostname, unsigned short base_plpmtu, int is_ipv4,
const unsigned char *sess_resume, size_t sess_resume_sz, const unsigned char *sess_resume, size_t sess_resume_sz,
const unsigned char *token, size_t token_sz) const unsigned char *token, size_t token_sz, void* peer_ctx)
{ {
const struct transport_params *params; const struct transport_params *params;
const struct enc_session_funcs_iquic *esfi; const struct enc_session_funcs_iquic *esfi;
@ -1397,7 +1397,7 @@ lsquic_ietf_full_conn_client_new (struct lsquic_engine_public *enpub,
&conn->ifc_u.cli.ifcli_ver_neg, &conn->ifc_u.cli.ifcli_ver_neg,
(void **) conn->ifc_u.cli.crypto_streams, &crypto_stream_if, (void **) conn->ifc_u.cli.crypto_streams, &crypto_stream_if,
sess_resume, sess_resume_sz, &conn->ifc_alset, sess_resume, sess_resume_sz, &conn->ifc_alset,
conn->ifc_max_streams_in[SD_UNI]); conn->ifc_max_streams_in[SD_UNI], peer_ctx);
if (!conn->ifc_conn.cn_enc_session) if (!conn->ifc_conn.cn_enc_session)
goto err2; goto err2;