diff options
| author | Matt Caswell <matt@openssl.org> | 2017-08-03 10:13:31 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2017-08-31 15:03:34 +0100 |
| commit | 67738645dc0b044fc7d120a3c67af5635d0d78ec (patch) | |
| tree | a3f8dd7fc56c96a4feaf50feab97c56c807d1d9c | |
| parent | dd5b98c55a64f574958a1a8aef2546692ff30ad9 (diff) | |
| download | openssl-67738645dc0b044fc7d120a3c67af5635d0d78ec.zip openssl-67738645dc0b044fc7d120a3c67af5635d0d78ec.tar.gz openssl-67738645dc0b044fc7d120a3c67af5635d0d78ec.tar.bz2 | |
Add functions for getting/setting SNI/ALPN info in SSL_SESSION
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
| -rw-r--r-- | doc/man3/SSL_SESSION_get0_hostname.pod | 31 | ||||
| -rw-r--r-- | include/openssl/ssl.h | 7 | ||||
| -rw-r--r-- | ssl/ssl_sess.c | 39 | ||||
| -rw-r--r-- | util/libssl.num | 3 |
4 files changed, 78 insertions, 2 deletions
diff --git a/doc/man3/SSL_SESSION_get0_hostname.pod b/doc/man3/SSL_SESSION_get0_hostname.pod index 4ed7e40..642daaa 100644 --- a/doc/man3/SSL_SESSION_get0_hostname.pod +++ b/doc/man3/SSL_SESSION_get0_hostname.pod @@ -2,13 +2,24 @@ =head1 NAME -SSL_SESSION_get0_hostname - retrieve the SNI hostname associated with a session +SSL_SESSION_get0_hostname, +SSL_SESSION_set1_hostname, +SSL_SESSION_get0_alpn_selected, +SSL_SESSION_set1_alpn_selected +- get and set SNI and ALPN data ssociated with a session =head1 SYNOPSIS #include <openssl/ssl.h> const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s); + int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname); + + void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s, + const unsigned char **alpn, + size_t *len); + int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn, + size_t len); =head1 DESCRIPTION @@ -18,6 +29,17 @@ client when the session was created, or NULL if no value was sent. The value returned is a pointer to memory maintained within B<s> and should not be free'd. +SSL_SESSION_set1_hostname() sets the SNI value for the hostname to a copy of +the string provided in hostname. + +SSL_SESSION_get0_alpn_selected() retrieves the selected ALPN protocol for this +session and its associated length in bytes. The returned value of B<*alpn> is a +pointer to memory maintained within B<s> and should not be free'd. + +SSL_SESSION_set1_alpn_selected() sets the ALPN protocol for this session to the +value in B<*alpn> which should be of length B<len> bytes. A copy of this value +is taken. + =head1 SEE ALSO L<ssl(7)>, @@ -25,9 +47,14 @@ L<d2i_SSL_SESSION(3)>, L<SSL_SESSION_get_time(3)>, L<SSL_SESSION_free(3)> +=head1 HISTORY + +SSL_SESSION_set1_hostname(), SSL_SESSION_get0_alpn_selected() and +SSL_SESSION_set1_alpn_selected() were added in OpenSSL 1.1.1. + =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 077e851..248408f 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1535,6 +1535,13 @@ __owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s); __owur int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version); __owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s); +__owur int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname); +void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s, + const unsigned char **alpn, + size_t *len); +__owur int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, + const unsigned char *alpn, + size_t len); __owur const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s); __owur int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher); __owur int SSL_SESSION_has_ticket(const SSL_SESSION *s); diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 6292d01..1482a3e 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -906,6 +906,18 @@ const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s) return s->ext.hostname; } +int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname) +{ + OPENSSL_free(s->ext.hostname); + if (hostname == NULL) { + s->ext.hostname = NULL; + return 1; + } + s->ext.hostname = OPENSSL_strdup(hostname); + + return s->ext.hostname != NULL; +} + int SSL_SESSION_has_ticket(const SSL_SESSION *s) { return (s->ext.ticklen > 0) ? 1 : 0; @@ -936,6 +948,33 @@ int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data) return 1; } +void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s, + const unsigned char **alpn, + size_t *len) +{ + *alpn = s->ext.alpn_selected; + *len = s->ext.alpn_selected_len; +} + +int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn, + size_t len) +{ + OPENSSL_free(s->ext.alpn_selected); + if (alpn == NULL || len == 0) { + s->ext.alpn_selected = NULL; + s->ext.alpn_selected_len = 0; + return 1; + } + s->ext.alpn_selected = OPENSSL_memdup(alpn, len); + if (s->ext.alpn_selected == NULL) { + s->ext.alpn_selected_len = 0; + return 0; + } + s->ext.alpn_selected_len = len; + + return 1; +} + X509 *SSL_SESSION_get0_peer(SSL_SESSION *s) { return s->peer; diff --git a/util/libssl.num b/util/libssl.num index f3d1baa..14a7023 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -466,3 +466,6 @@ SSL_SESSION_dup 466 1_1_1 EXIST::FUNCTION: SSL_get_pending_cipher 467 1_1_1 EXIST::FUNCTION: SSL_CIPHER_get_protocol_id 468 1_1_1 EXIST::FUNCTION: SSL_SESSION_set_max_early_data 469 1_1_1 EXIST::FUNCTION: +SSL_SESSION_set1_alpn_selected 470 1_1_1 EXIST::FUNCTION: +SSL_SESSION_set1_hostname 471 1_1_1 EXIST::FUNCTION: +SSL_SESSION_get0_alpn_selected 472 1_1_1 EXIST::FUNCTION: |