Keep ea_get_ssl_ctx() optional for the client

This commit is contained in:
Dmitri Tikhonov 2020-10-29 13:33:26 -04:00
parent 21bcad8707
commit b0dd78b841
4 changed files with 11 additions and 13 deletions

View file

@ -81,7 +81,7 @@ prog_init (struct prog *prog, unsigned flags,
= prog;
prog->prog_api.ea_pmi = &pmi;
prog->prog_api.ea_pmi_ctx = &prog->prog_pba;
prog->prog_api.ea_get_ssl_ctx = get_ssl_ctx;
prog->prog_api.ea_get_ssl_ctx = flags & LSENG_SERVER ? get_ssl_ctx : NULL;
#if LSQUIC_PREFERRED_ADDR
if (getenv("LSQUIC_PREFERRED_ADDR4") || getenv("LSQUIC_PREFERRED_ADDR6"))
prog->prog_flags |= PROG_SEARCH_ADDRS;

View file

@ -119,7 +119,7 @@ to perform various functions. Mandatory among these are:
- functions linked to connection and stream events,
:member:`lsquic_engine_api.ea_stream_if`;
- function to look up certificate to use, :member:`lsquic_engine_api.ea_lookup_cert` (in server mode); and
- function to fetch SSL context, :member:`lsquic_engine_api.ea_get_ssl_ctx` (in server mode).
- function to fetch SSL context, :member:`lsquic_engine_api.ea_get_ssl_ctx` (optional in client mode).
The minimal structure for a client will look like this:
@ -317,7 +317,7 @@ Other required engine callbacks are a set of stream and connection callbacks tha
/* --- 8< --- snip --- 8< --- */
.ea_stream_if = &stream_callbacks,
.ea_stream_if_ctx = &some_context,
.ea_get_ssl_ctx = get_ssl_ctx,
.ea_get_ssl_ctx = get_ssl_ctx,
};

View file

@ -1206,6 +1206,7 @@ struct lsquic_engine_api
/** Function to look up certificates by SNI is used in server mode. */
lsquic_lookup_cert_f ea_lookup_cert;
void *ea_cert_lu_ctx;
/** Mandatory callback for server, optional for client. */
struct ssl_ctx_st * (*ea_get_ssl_ctx)(void *peer_ctx);
/**
* Shared hash interface is optional. If set to zero, performance of

View file

@ -817,7 +817,8 @@ iquic_esfi_create_client (const char *hostname,
const lsquic_cid_t *dcid, const struct ver_neg *ver_neg,
void *crypto_streams[4], const struct crypto_stream_if *cryst_if,
const unsigned char *sess_resume, size_t sess_resume_sz,
struct lsquic_alarmset *alset, unsigned max_streams_uni, void* peer_ctx)
struct lsquic_alarmset *alset, unsigned max_streams_uni,
void* peer_ctx)
{
struct enc_sess_iquic *enc_sess;
SSL_CTX *ssl_ctx = NULL;
@ -885,8 +886,10 @@ iquic_esfi_create_client (const char *hostname,
enc_sess->esi_alpn = am->alpn;
}
ssl_ctx = enc_sess->esi_enpub->enp_get_ssl_ctx( peer_ctx );
if (!ssl_ctx)
if (enc_sess->esi_enpub->enp_get_ssl_ctx
&& (ssl_ctx = enc_sess->esi_enpub->enp_get_ssl_ctx(peer_ctx)))
set_app_ctx = 1;
else
{
LSQ_DEBUG("Create new SSL_CTX");
ssl_ctx = SSL_CTX_new(TLS_method());
@ -910,14 +913,8 @@ iquic_esfi_create_client (const char *hostname,
SSL_CTX_set_custom_verify(ssl_ctx, SSL_VERIFY_PEER,
verify_server_cert_callback);
SSL_CTX_set_early_data_enabled(ssl_ctx, 1);
set_app_ctx = 0;
}
else
{
set_app_ctx = 1;
}
enc_sess->esi_ssl = SSL_new(ssl_ctx);
if (!enc_sess->esi_ssl)
{