Add functions for getting/setting SNI/ALPN info in SSL_SESSION

Reviewed-by: N Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)

Add functions for getting/setting SNI/ALPN info in SSL_SESSION
Reviewed-by: N Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
67738645 · Matt Caswell · dd5b98c5 · 67738645 · 67738645 · 67738645
Showing with 78 addition and 2 deletion

doc/man3/SSL_SESSION_get0_hostname.pod doc/man3/SSL_SESSION_get0_hostname.pod +29 -2

include/openssl/ssl.h include/openssl/ssl.h +7 -0

ssl/ssl_sess.c ssl/ssl_sess.c +39 -0

util/libssl.num util/libssl.num +3 -0

未找到文件。
--- a/doc/man3/SSL_SESSION_get0_hostname.pod
+++ b/doc/man3/SSL_SESSION_get0_hostname.pod
@@ -2,13 +2,24 @@

 =head1 NAME

-SSL_SESSION_get0_hostname - retrieve the SNI hostname associated with a session
+SSL_SESSION_get0_hostname,
+SSL_SESSION_set1_hostname,
+SSL_SESSION_get0_alpn_selected,
+SSL_SESSION_set1_alpn_selected
+- get and set SNI and ALPN data ssociated with a session

 =head1 SYNOPSIS

 #include <openssl/ssl.h>

 const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s);
+ int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname);
+
+ void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,
+                                     const unsigned char **alpn,
+                                     size_t *len);
+ int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn,
+                                    size_t len);

 =head1 DESCRIPTION

@@ -18,6 +29,17 @@ client when the session was created, or NULL if no value was sent.
 The value returned is a pointer to memory maintained within B<s> and
 should not be free'd.

+SSL_SESSION_set1_hostname() sets the SNI value for the hostname to a copy of
+the string provided in hostname.
+
+SSL_SESSION_get0_alpn_selected() retrieves the selected ALPN protocol for this
+session and its associated length in bytes. The returned value of B<*alpn> is a
+pointer to memory maintained within B<s> and should not be free'd.
+
+SSL_SESSION_set1_alpn_selected() sets the ALPN protocol for this session to the
+value in B<*alpn> which should be of length B<len> bytes. A copy of this value
+is taken.
+
 =head1 SEE ALSO

 L<ssl(7)>,
@@ -25,9 +47,14 @@ L<d2i_SSL_SESSION(3)>,
 L<SSL_SESSION_get_time(3)>,
 L<SSL_SESSION_free(3)>

+=head1 HISTORY
+
+SSL_SESSION_set1_hostname(), SSL_SESSION_get0_alpn_selected() and
+SSL_SESSION_set1_alpn_selected() were added in OpenSSL 1.1.1.
+
 =head1 COPYRIGHT

-Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1535,6 +1535,13 @@ __owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s);
 __owur int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version);

 __owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s);
+__owur int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname);
+void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,
+                                    const unsigned char **alpn,
+                                    size_t *len);
+__owur int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s,
+                                          const unsigned char *alpn,
+                                          size_t len);
 __owur const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s);
 __owur int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher);
 __owur int SSL_SESSION_has_ticket(const SSL_SESSION *s);

--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -906,6 +906,18 @@ const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s)
    return s->ext.hostname;
 }

+int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname)
+{
+    OPENSSL_free(s->ext.hostname);
+    if (hostname == NULL) {
+        s->ext.hostname = NULL;
+        return 1;
+    }
+    s->ext.hostname = OPENSSL_strdup(hostname);
+
+    return s->ext.hostname != NULL;
+}
+
 int SSL_SESSION_has_ticket(const SSL_SESSION *s)
 {
    return (s->ext.ticklen > 0) ? 1 : 0;
@@ -936,6 +948,33 @@ int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data)
    return 1;
 }

+void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,
+                                    const unsigned char **alpn,
+                                    size_t *len)
+{
+    *alpn = s->ext.alpn_selected;
+    *len = s->ext.alpn_selected_len;
+}
+
+int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn,
+                                   size_t len)
+{
+    OPENSSL_free(s->ext.alpn_selected);
+    if (alpn == NULL || len == 0) {
+        s->ext.alpn_selected = NULL;
+        s->ext.alpn_selected_len = 0;
+        return 1;
+    }
+    s->ext.alpn_selected = OPENSSL_memdup(alpn, len);
+    if (s->ext.alpn_selected == NULL) {
+        s->ext.alpn_selected_len = 0;
+        return 0;
+    }
+    s->ext.alpn_selected_len = len;
+
+    return 1;
+}
+
 X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
 {
    return s->peer;

--- a/util/libssl.num
+++ b/util/libssl.num
@@ -466,3 +466,6 @@ SSL_SESSION_dup                         466	1_1_1	EXIST::FUNCTION:
 SSL_get_pending_cipher                  467	1_1_1	EXIST::FUNCTION:
 SSL_CIPHER_get_protocol_id              468	1_1_1	EXIST::FUNCTION:
 SSL_SESSION_set_max_early_data          469	1_1_1	EXIST::FUNCTION:
+SSL_SESSION_set1_alpn_selected          470	1_1_1	EXIST::FUNCTION:
+SSL_SESSION_set1_hostname               471	1_1_1	EXIST::FUNCTION:
+SSL_SESSION_get0_alpn_selected          472	1_1_1	EXIST::FUNCTION: