From de4eb6e913581efa8f9e93740647ecf1ad115a33 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 18 Jun 2024 11:32:32 -0400 Subject: [PATCH] stub set tls ext ticket callbacks The `SSL_CTX_set_tlsext_ticket_key_cb` and `SSL_CTX_set_tlsext_ticket_key_evp_cb` API functions can be used to set up callbacks for managing TLS session tickets. Implementing this properly will be challenging as they take `EVP_CIPHER_CTX` and `EVP_MAC_CTX` arguments and expect the caller to do a lot of the heavy-lifting. For now let's stub it and see how far we can get by just opaquely handling TLS session tickets internal to Rustls w/ our own ticketer. --- rustls-libssl/src/entry.rs | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/rustls-libssl/src/entry.rs b/rustls-libssl/src/entry.rs index ca2ec3a..53733d5 100644 --- a/rustls-libssl/src/entry.rs +++ b/rustls-libssl/src/entry.rs @@ -218,7 +218,9 @@ entry! { C_INT_SUCCESS as c_long } Ok(SslCtrl::GetMaxProtoVersion) => ctx.get().get_max_protocol_version().into(), - Ok(SslCtrl::SetTlsExtHostname) | Ok(SslCtrl::SetTlsExtServerNameCallback) => { + Ok(SslCtrl::SetTlsExtHostname) + | Ok(SslCtrl::SetTlsExtServerNameCallback) + | Ok(SslCtrl::SetTlsExtTicketKeyCallback) => { // not a defined operation in the OpenSSL API 0 } @@ -635,6 +637,10 @@ entry! { ctx.get_mut().set_servername_callback(fp); C_INT_SUCCESS as c_long } + Ok(SslCtrl::SetTlsExtTicketKeyCallback) => { + log::warn!("ignoring tls ext ticket key callback"); + C_INT_SUCCESS as c_long + } _ => 0, } } @@ -855,6 +861,7 @@ entry! { } // not a defined operation in the OpenSSL API Ok(SslCtrl::SetTlsExtServerNameCallback) + | Ok(SslCtrl::SetTlsExtTicketKeyCallback) | Ok(SslCtrl::SetTlsExtServerNameArg) | Ok(SslCtrl::SetSessCacheSize) | Ok(SslCtrl::GetSessCacheSize) @@ -1885,6 +1892,7 @@ num_enum! { SetTlsExtServerNameCallback = 53, SetTlsExtServerNameArg = 54, SetTlsExtHostname = 55, + SetTlsExtTicketKeyCallback = 72, SetChain = 88, SetMinProtoVersion = 123, SetMaxProtoVersion = 124,