Skip to content

Commit 56c7e5c

Browse files
dgarskedgarske
authored
Merge pull request #7054 from cconlon/sslAlpnSelectCb
Add wolfSSL_set_alpn_select_cb() for setting ALPN select callback on WOLFSSL session
2 parents b7b20ed + 269542e commit 56c7e5c

3 files changed

Lines changed: 99 additions & 0 deletions

File tree

src/ssl.c

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30233,6 +30233,20 @@ int wolfSSL_select_next_proto(unsigned char **out, unsigned char *outLen,
3023330233
return OPENSSL_NPN_NO_OVERLAP;
3023430234
}
3023530235

30236+
void wolfSSL_set_alpn_select_cb(WOLFSSL *ssl,
30237+
int (*cb) (WOLFSSL *ssl,
30238+
const unsigned char **out,
30239+
unsigned char *outlen,
30240+
const unsigned char *in,
30241+
unsigned int inlen,
30242+
void *arg), void *arg)
30243+
{
30244+
if (ssl != NULL) {
30245+
ssl->alpnSelect = cb;
30246+
ssl->alpnSelectArg = arg;
30247+
}
30248+
}
30249+
3023630250
void wolfSSL_CTX_set_alpn_select_cb(WOLFSSL_CTX *ctx,
3023730251
int (*cb) (WOLFSSL *ssl,
3023830252
const unsigned char **out,

tests/api.c

Lines changed: 78 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10670,6 +10670,60 @@ static void verify_ALPN_client_list(WOLFSSL* ssl)
1067010670
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_FreePeerProtocol(ssl, &clist));
1067110671
}
1067210672

10673+
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
10674+
defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
10675+
10676+
/* ALPN select callback, success with spdy/2 */
10677+
static int select_ALPN_spdy2(WOLFSSL *ssl, const unsigned char **out,
10678+
unsigned char *outlen, const unsigned char *in,
10679+
unsigned int inlen, void *arg)
10680+
{
10681+
/* spdy/2 */
10682+
const char proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x32};
10683+
10684+
(void)ssl;
10685+
(void)arg;
10686+
10687+
/* adding +1 since LEN byte comes first */
10688+
if (inlen < sizeof(proto) + 1) {
10689+
return SSL_TLSEXT_ERR_ALERT_FATAL;
10690+
}
10691+
10692+
if (XMEMCMP(in + 1, proto, sizeof(proto)) == 0) {
10693+
*out = in + 1;
10694+
*outlen = (unsigned char)sizeof(proto);
10695+
return SSL_TLSEXT_ERR_OK;
10696+
}
10697+
10698+
return SSL_TLSEXT_ERR_ALERT_FATAL;
10699+
}
10700+
10701+
/* ALPN select callback, force failure */
10702+
static int select_ALPN_failure(WOLFSSL *ssl, const unsigned char **out,
10703+
unsigned char *outlen, const unsigned char *in,
10704+
unsigned int inlen, void *arg)
10705+
{
10706+
(void)ssl;
10707+
(void)out;
10708+
(void)outlen;
10709+
(void)in;
10710+
(void)inlen;
10711+
(void)arg;
10712+
10713+
return SSL_TLSEXT_ERR_ALERT_FATAL;
10714+
}
10715+
10716+
static void use_ALPN_spdy2_callback(WOLFSSL* ssl)
10717+
{
10718+
wolfSSL_set_alpn_select_cb(ssl, select_ALPN_spdy2, NULL);
10719+
}
10720+
10721+
static void use_ALPN_failure_callback(WOLFSSL* ssl)
10722+
{
10723+
wolfSSL_set_alpn_select_cb(ssl, select_ALPN_failure, NULL);
10724+
}
10725+
#endif /* OPENSSL_ALL | NGINX | HAPROXY | LIGHTY | QUIC */
10726+
1067310727
static int test_wolfSSL_UseALPN_connection(void)
1067410728
{
1067510729
int res = TEST_SKIPPED;
@@ -10725,6 +10779,30 @@ static int test_wolfSSL_UseALPN_connection(void)
1072510779
server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_unknown; server_cb.on_result = verify_ALPN_FATAL_ERROR_on_client;
1072610780
test_wolfSSL_client_server(&client_cb, &server_cb);
1072710781

10782+
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
10783+
defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
10784+
10785+
/* WOLFSSL-level ALPN select callback tests */
10786+
/* Callback: success (one protocol, spdy/2) */
10787+
client_cb.ctx_ready = NULL;
10788+
client_cb.ssl_ready = use_ALPN_one;
10789+
client_cb.on_result = verify_ALPN_matching_spdy2;
10790+
server_cb.ctx_ready = NULL;
10791+
server_cb.ssl_ready = use_ALPN_spdy2_callback;
10792+
server_cb.on_result = verify_ALPN_matching_spdy2;
10793+
test_wolfSSL_client_server(&client_cb, &server_cb);
10794+
10795+
/* Callback: failure (one client protocol, spdy/2) */
10796+
client_cb.ctx_ready = NULL;
10797+
client_cb.ssl_ready = use_ALPN_one;
10798+
client_cb.on_result = NULL;
10799+
server_cb.ctx_ready = NULL;
10800+
server_cb.ssl_ready = use_ALPN_failure_callback;
10801+
server_cb.on_result = verify_ALPN_FATAL_ERROR_on_client;
10802+
test_wolfSSL_client_server(&client_cb, &server_cb);
10803+
10804+
#endif /* OPENSSL_ALL | NGINX | HAPROXY | LIGHTY */
10805+
1072810806
res = TEST_RES_CHECK(1);
1072910807
#endif /* !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */
1073010808
return res;

wolfssl/ssl.h

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5025,6 +5025,13 @@ WOLFSSL_API int wolfSSL_select_next_proto(unsigned char **out,
50255025
const unsigned char *in, unsigned int inlen,
50265026
const unsigned char *client,
50275027
unsigned int client_len);
5028+
WOLFSSL_API void wolfSSL_set_alpn_select_cb(WOLFSSL *ssl,
5029+
int (*cb) (WOLFSSL *ssl,
5030+
const unsigned char **out,
5031+
unsigned char *outlen,
5032+
const unsigned char *in,
5033+
unsigned int inlen,
5034+
void *arg), void *arg);
50285035
WOLFSSL_API void wolfSSL_CTX_set_alpn_select_cb(WOLFSSL_CTX *ctx,
50295036
int (*cb) (WOLFSSL *ssl,
50305037
const unsigned char **out,

0 commit comments

Comments
 (0)