Keep ea_get_ssl_ctx() optional for the client

bin/prog.c

@@ -81,7 +81,7 @@ prog_init (struct prog *prog, unsigned flags,
                                     = prog;
     prog->prog_api.ea_pmi           = &pmi;
     prog->prog_api.ea_pmi_ctx       = &prog->prog_pba;
-    prog->prog_api.ea_get_ssl_ctx   = get_ssl_ctx;
+    prog->prog_api.ea_get_ssl_ctx   = flags & LSENG_SERVER ? get_ssl_ctx : NULL;
 #if LSQUIC_PREFERRED_ADDR
     if (getenv("LSQUIC_PREFERRED_ADDR4") || getenv("LSQUIC_PREFERRED_ADDR6"))
         prog->prog_flags |= PROG_SEARCH_ADDRS;

docs/tutorial.rst

@@ -119,7 +119,7 @@ to perform various functions.  Mandatory among these are:
 - functions linked to connection and stream events,
   :member:`lsquic_engine_api.ea_stream_if`;
 - function to look up certificate to use, :member:`lsquic_engine_api.ea_lookup_cert` (in server mode); and
-- function to fetch SSL context, :member:`lsquic_engine_api.ea_get_ssl_ctx` (in server mode).
+- function to fetch SSL context, :member:`lsquic_engine_api.ea_get_ssl_ctx` (optional in client mode).
 
 The minimal structure for a client will look like this:
 
@@ -317,7 +317,7 @@ Other required engine callbacks are a set of stream and connection callbacks tha
     /* --- 8< --- snip --- 8< --- */
     .ea_stream_if       = &stream_callbacks,
     .ea_stream_if_ctx   = &some_context,
-    .ea_get_ssl_ctx     = get_ssl_ctx,  
+    .ea_get_ssl_ctx     = get_ssl_ctx,
   };
 
 

include/lsquic.h

@@ -1206,6 +1206,7 @@ struct lsquic_engine_api
     /** Function to look up certificates by SNI is used in server mode. */
     lsquic_lookup_cert_f                 ea_lookup_cert;
     void                                *ea_cert_lu_ctx;
+    /** Mandatory callback for server, optional for client. */
     struct ssl_ctx_st *                (*ea_get_ssl_ctx)(void *peer_ctx);
     /**
      * Shared hash interface is optional.  If set to zero, performance of

src/liblsquic/lsquic_enc_sess_ietf.c

@@ -817,7 +817,8 @@ iquic_esfi_create_client (const char *hostname,
             const lsquic_cid_t *dcid, const struct ver_neg *ver_neg,
             void *crypto_streams[4], const struct crypto_stream_if *cryst_if,
             const unsigned char *sess_resume, size_t sess_resume_sz,
-            struct lsquic_alarmset *alset, unsigned max_streams_uni, void* peer_ctx)
+            struct lsquic_alarmset *alset, unsigned max_streams_uni,
+            void* peer_ctx)
 {
     struct enc_sess_iquic *enc_sess;
     SSL_CTX *ssl_ctx = NULL;
@@ -885,8 +886,10 @@ iquic_esfi_create_client (const char *hostname,
         enc_sess->esi_alpn = am->alpn;
     }
 
-    ssl_ctx = enc_sess->esi_enpub->enp_get_ssl_ctx( peer_ctx );
+    if (enc_sess->esi_enpub->enp_get_ssl_ctx
-    if (!ssl_ctx)
+                && (ssl_ctx = enc_sess->esi_enpub->enp_get_ssl_ctx(peer_ctx)))
+        set_app_ctx = 1;
+    else
     {
         LSQ_DEBUG("Create new SSL_CTX");
         ssl_ctx = SSL_CTX_new(TLS_method());
@@ -910,14 +913,8 @@ iquic_esfi_create_client (const char *hostname,
             SSL_CTX_set_custom_verify(ssl_ctx, SSL_VERIFY_PEER,
                 verify_server_cert_callback);
         SSL_CTX_set_early_data_enabled(ssl_ctx, 1);
-        set_app_ctx = 0;
     }
-    else
+
-    {
-        set_app_ctx = 1;
-    }
-    
-    
     enc_sess->esi_ssl = SSL_new(ssl_ctx);
     if (!enc_sess->esi_ssl)
     {