Keep ea_get_ssl_ctx() optional for the client

2020-10-29 13:33:26 -04:00 · 2020-10-29 13:33:26 -04:00 · b0dd78b841
parent 21bcad8707
commit b0dd78b841
4 changed files with 11 additions and 13 deletions
--- a/bin/prog.c
+++ b/bin/prog.c
@ -81,7 +81,7 @@ prog_init (struct prog *prog, unsigned flags,
                                    = prog;
    prog->prog_api.ea_pmi           = &pmi;
    prog->prog_api.ea_pmi_ctx       = &prog->prog_pba;
-    prog->prog_api.ea_get_ssl_ctx   = get_ssl_ctx;
+    prog->prog_api.ea_get_ssl_ctx   = flags & LSENG_SERVER ? get_ssl_ctx : NULL;
 #if LSQUIC_PREFERRED_ADDR
    if (getenv("LSQUIC_PREFERRED_ADDR4") || getenv("LSQUIC_PREFERRED_ADDR6"))
        prog->prog_flags |= PROG_SEARCH_ADDRS;
--- a/docs/tutorial.rst
+++ b/docs/tutorial.rst
@ -119,7 +119,7 @@ to perform various functions.  Mandatory among these are:
 - functions linked to connection and stream events,
  :member:`lsquic_engine_api.ea_stream_if`;
 - function to look up certificate to use, :member:`lsquic_engine_api.ea_lookup_cert` (in server mode); and
- function to fetch SSL context, :member:`lsquic_engine_api.ea_get_ssl_ctx` (in server mode).
+- function to fetch SSL context, :member:`lsquic_engine_api.ea_get_ssl_ctx` (optional in client mode).

 The minimal structure for a client will look like this:

@ -317,7 +317,7 @@ Other required engine callbacks are a set of stream and connection callbacks tha
    /* --- 8< --- snip --- 8< --- */
    .ea_stream_if       = &stream_callbacks,
    .ea_stream_if_ctx   = &some_context,
-    .ea_get_ssl_ctx     = get_ssl_ctx,  
+    .ea_get_ssl_ctx     = get_ssl_ctx,
  };


--- a/include/lsquic.h
+++ b/include/lsquic.h
@ -1206,6 +1206,7 @@ struct lsquic_engine_api
    /** Function to look up certificates by SNI is used in server mode. */
    lsquic_lookup_cert_f                 ea_lookup_cert;
    void                                *ea_cert_lu_ctx;
+    /** Mandatory callback for server, optional for client. */
    struct ssl_ctx_st *                (*ea_get_ssl_ctx)(void *peer_ctx);
    /**
     * Shared hash interface is optional.  If set to zero, performance of
--- a/src/liblsquic/lsquic_enc_sess_ietf.c
+++ b/src/liblsquic/lsquic_enc_sess_ietf.c
@ -817,7 +817,8 @@ iquic_esfi_create_client (const char *hostname,
            const lsquic_cid_t *dcid, const struct ver_neg *ver_neg,
            void *crypto_streams[4], const struct crypto_stream_if *cryst_if,
            const unsigned char *sess_resume, size_t sess_resume_sz,
-            struct lsquic_alarmset *alset, unsigned max_streams_uni, void* peer_ctx)
+            struct lsquic_alarmset *alset, unsigned max_streams_uni,
+            void* peer_ctx)
 {
    struct enc_sess_iquic *enc_sess;
    SSL_CTX *ssl_ctx = NULL;
@ -885,8 +886,10 @@ iquic_esfi_create_client (const char *hostname,
        enc_sess->esi_alpn = am->alpn;
    }

-    ssl_ctx = enc_sess->esi_enpub->enp_get_ssl_ctx( peer_ctx );
-    if (!ssl_ctx)
+    if (enc_sess->esi_enpub->enp_get_ssl_ctx
+                && (ssl_ctx = enc_sess->esi_enpub->enp_get_ssl_ctx(peer_ctx)))
+        set_app_ctx = 1;
+    else
    {
        LSQ_DEBUG("Create new SSL_CTX");
        ssl_ctx = SSL_CTX_new(TLS_method());
@ -910,14 +913,8 @@ iquic_esfi_create_client (const char *hostname,
            SSL_CTX_set_custom_verify(ssl_ctx, SSL_VERIFY_PEER,
                verify_server_cert_callback);
        SSL_CTX_set_early_data_enabled(ssl_ctx, 1);
-        set_app_ctx = 0;
    }
-    else
-    {
-        set_app_ctx = 1;
-    }
-    
-    
+
    enc_sess->esi_ssl = SSL_new(ssl_ctx);
    if (!enc_sess->esi_ssl)
    {