From b0dd78b8418951a68c9570cf65cedb6dd106a712 Mon Sep 17 00:00:00 2001 From: Dmitri Tikhonov Date: Thu, 29 Oct 2020 13:33:26 -0400 Subject: [PATCH] Keep ea_get_ssl_ctx() optional for the client --- bin/prog.c | 2 +- docs/tutorial.rst | 4 ++-- include/lsquic.h | 1 + src/liblsquic/lsquic_enc_sess_ietf.c | 17 +++++++---------- 4 files changed, 11 insertions(+), 13 deletions(-) diff --git a/bin/prog.c b/bin/prog.c index aaa91ad..af66294 100644 --- a/bin/prog.c +++ b/bin/prog.c @@ -81,7 +81,7 @@ prog_init (struct prog *prog, unsigned flags, = prog; prog->prog_api.ea_pmi = &pmi; prog->prog_api.ea_pmi_ctx = &prog->prog_pba; - prog->prog_api.ea_get_ssl_ctx = get_ssl_ctx; + prog->prog_api.ea_get_ssl_ctx = flags & LSENG_SERVER ? get_ssl_ctx : NULL; #if LSQUIC_PREFERRED_ADDR if (getenv("LSQUIC_PREFERRED_ADDR4") || getenv("LSQUIC_PREFERRED_ADDR6")) prog->prog_flags |= PROG_SEARCH_ADDRS; diff --git a/docs/tutorial.rst b/docs/tutorial.rst index dd0692d..86f356c 100644 --- a/docs/tutorial.rst +++ b/docs/tutorial.rst @@ -119,7 +119,7 @@ to perform various functions. Mandatory among these are: - functions linked to connection and stream events, :member:`lsquic_engine_api.ea_stream_if`; - function to look up certificate to use, :member:`lsquic_engine_api.ea_lookup_cert` (in server mode); and -- function to fetch SSL context, :member:`lsquic_engine_api.ea_get_ssl_ctx` (in server mode). +- function to fetch SSL context, :member:`lsquic_engine_api.ea_get_ssl_ctx` (optional in client mode). The minimal structure for a client will look like this: @@ -317,7 +317,7 @@ Other required engine callbacks are a set of stream and connection callbacks tha /* --- 8< --- snip --- 8< --- */ .ea_stream_if = &stream_callbacks, .ea_stream_if_ctx = &some_context, - .ea_get_ssl_ctx = get_ssl_ctx, + .ea_get_ssl_ctx = get_ssl_ctx, }; diff --git a/include/lsquic.h b/include/lsquic.h index 840657d..54996a7 100644 --- a/include/lsquic.h +++ b/include/lsquic.h @@ -1206,6 +1206,7 @@ struct lsquic_engine_api /** Function to look up certificates by SNI is used in server mode. */ lsquic_lookup_cert_f ea_lookup_cert; void *ea_cert_lu_ctx; + /** Mandatory callback for server, optional for client. */ struct ssl_ctx_st * (*ea_get_ssl_ctx)(void *peer_ctx); /** * Shared hash interface is optional. If set to zero, performance of diff --git a/src/liblsquic/lsquic_enc_sess_ietf.c b/src/liblsquic/lsquic_enc_sess_ietf.c index e9af0b4..236e25a 100644 --- a/src/liblsquic/lsquic_enc_sess_ietf.c +++ b/src/liblsquic/lsquic_enc_sess_ietf.c @@ -817,7 +817,8 @@ iquic_esfi_create_client (const char *hostname, const lsquic_cid_t *dcid, const struct ver_neg *ver_neg, void *crypto_streams[4], const struct crypto_stream_if *cryst_if, const unsigned char *sess_resume, size_t sess_resume_sz, - struct lsquic_alarmset *alset, unsigned max_streams_uni, void* peer_ctx) + struct lsquic_alarmset *alset, unsigned max_streams_uni, + void* peer_ctx) { struct enc_sess_iquic *enc_sess; SSL_CTX *ssl_ctx = NULL; @@ -885,8 +886,10 @@ iquic_esfi_create_client (const char *hostname, enc_sess->esi_alpn = am->alpn; } - ssl_ctx = enc_sess->esi_enpub->enp_get_ssl_ctx( peer_ctx ); - if (!ssl_ctx) + if (enc_sess->esi_enpub->enp_get_ssl_ctx + && (ssl_ctx = enc_sess->esi_enpub->enp_get_ssl_ctx(peer_ctx))) + set_app_ctx = 1; + else { LSQ_DEBUG("Create new SSL_CTX"); ssl_ctx = SSL_CTX_new(TLS_method()); @@ -910,14 +913,8 @@ iquic_esfi_create_client (const char *hostname, SSL_CTX_set_custom_verify(ssl_ctx, SSL_VERIFY_PEER, verify_server_cert_callback); SSL_CTX_set_early_data_enabled(ssl_ctx, 1); - set_app_ctx = 0; } - else - { - set_app_ctx = 1; - } - - + enc_sess->esi_ssl = SSL_new(ssl_ctx); if (!enc_sess->esi_ssl) {