Commit 67738645 authored by Matt Caswell's avatar Matt Caswell
Browse files

Add functions for getting/setting SNI/ALPN info in SSL_SESSION 



Reviewed-by: default avatarBen Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
parent dd5b98c5

doc/man3/SSL_SESSION_get0_hostname.pod

+29 −2
Original line number Diff line number Diff line
@@ -2,13 +2,24 @@ 


=head1 NAME



SSL_SESSION_get0_hostname - retrieve the SNI hostname associated with a session

SSL_SESSION_get0_hostname,

SSL_SESSION_set1_hostname,

SSL_SESSION_get0_alpn_selected,

SSL_SESSION_set1_alpn_selected

- get and set SNI and ALPN data ssociated with a session



=head1 SYNOPSIS



 #include <openssl/ssl.h>



 const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s);

 int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname);



 void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,

                                     const unsigned char **alpn,

                                     size_t *len);

 int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn,

                                    size_t len);



=head1 DESCRIPTION
@@ -18,6 +29,17 @@ client when the session was created, or NULL if no value was sent. 
The value returned is a pointer to memory maintained within B<s> and

should not be free'd.



SSL_SESSION_set1_hostname() sets the SNI value for the hostname to a copy of

the string provided in hostname.



SSL_SESSION_get0_alpn_selected() retrieves the selected ALPN protocol for this

session and its associated length in bytes. The returned value of B<*alpn> is a

pointer to memory maintained within B<s> and should not be free'd.



SSL_SESSION_set1_alpn_selected() sets the ALPN protocol for this session to the

value in B<*alpn> which should be of length B<len> bytes. A copy of this value

is taken.



=head1 SEE ALSO



L<ssl(7)>,
@@ -25,9 +47,14 @@ L<d2i_SSL_SESSION(3)>, 
L<SSL_SESSION_get_time(3)>,

L<SSL_SESSION_free(3)>



=head1 HISTORY



SSL_SESSION_set1_hostname(), SSL_SESSION_get0_alpn_selected() and

SSL_SESSION_set1_alpn_selected() were added in OpenSSL 1.1.1.



=head1 COPYRIGHT



Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.



Licensed under the OpenSSL license (the "License").  You may not use

this file except in compliance with the License.  You can obtain a copy

include/openssl/ssl.h

+7 −0
Original line number Diff line number Diff line
@@ -1535,6 +1535,13 @@ __owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s); 
__owur int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version);



__owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s);

__owur int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname);

void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,

                                    const unsigned char **alpn,

                                    size_t *len);

__owur int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s,

                                          const unsigned char *alpn,

                                          size_t len);

__owur const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s);

__owur int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher);

__owur int SSL_SESSION_has_ticket(const SSL_SESSION *s);

ssl/ssl_sess.c

+39 −0
Original line number Diff line number Diff line
@@ -906,6 +906,18 @@ const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s) 
    return s->ext.hostname;

}



int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname)

{

    OPENSSL_free(s->ext.hostname);

    if (hostname == NULL) {

        s->ext.hostname = NULL;

        return 1;

    }

    s->ext.hostname = OPENSSL_strdup(hostname);



    return s->ext.hostname != NULL;

}



int SSL_SESSION_has_ticket(const SSL_SESSION *s)

{

    return (s->ext.ticklen > 0) ? 1 : 0;
@@ -936,6 +948,33 @@ int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data) 
    return 1;

}



void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,

                                    const unsigned char **alpn,

                                    size_t *len)

{

    *alpn = s->ext.alpn_selected;

    *len = s->ext.alpn_selected_len;

}



int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn,

                                   size_t len)

{

    OPENSSL_free(s->ext.alpn_selected);

    if (alpn == NULL || len == 0) {

        s->ext.alpn_selected = NULL;

        s->ext.alpn_selected_len = 0;

        return 1;

    }

    s->ext.alpn_selected = OPENSSL_memdup(alpn, len);

    if (s->ext.alpn_selected == NULL) {

        s->ext.alpn_selected_len = 0;

        return 0;

    }

    s->ext.alpn_selected_len = len;



    return 1;

}



X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)

{

    return s->peer;

util/libssl.num

+3 −0
Original line number Diff line number Diff line
@@ -466,3 +466,6 @@ SSL_SESSION_dup 466 1_1_1 EXIST::FUNCTION: 
SSL_get_pending_cipher                  467	1_1_1	EXIST::FUNCTION:

SSL_CIPHER_get_protocol_id              468	1_1_1	EXIST::FUNCTION:

SSL_SESSION_set_max_early_data          469	1_1_1	EXIST::FUNCTION:

SSL_SESSION_set1_alpn_selected          470	1_1_1	EXIST::FUNCTION:

SSL_SESSION_set1_hostname               471	1_1_1	EXIST::FUNCTION:

SSL_SESSION_get0_alpn_selected          472	1_1_1	EXIST::FUNCTION: