Group ALPN functions into their own section.

These were already documented, though some of the documentation was
expanded on slightly.

Change-Id: I04c6276a83a64a03ab9cce9b9c94d4dea9ddf638
Reviewed-on: https://boringssl-review.googlesource.com/5896
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2015-09-16 00:10:19 -04:00 committed by Adam Langley
parent 58fcfc18f0
commit 8984f1f6e5
2 changed files with 62 additions and 43 deletions

View File

@ -1550,6 +1550,57 @@ OPENSSL_EXPORT void SSL_set_tmp_dh_callback(SSL *ssl,
int keylength)); int keylength));
/* Application-layer protocol negotation.
*
* The ALPN extension (RFC 7301) allows negotiating different application-layer
* protocols over a single port. This is used, for example, to negotiate
* HTTP/2. */
/* SSL_CTX_set_alpn_protos sets the client ALPN protocol list on |ctx| to
* |protos|. |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
* length-prefixed strings). It returns zero on success and one on failure.
* Configuring this list enables ALPN on a client.
*
* WARNING: this function is dangerous because it breaks the usual return value
* convention. */
OPENSSL_EXPORT int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const uint8_t *protos,
unsigned protos_len);
/* SSL_set_alpn_protos sets the client ALPN protocol list on |ssl| to |protos|.
* |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
* length-prefixed strings). It returns zero on success and one on failure.
* Configuring this list enables ALPN on a client.
*
* WARNING: this function is dangerous because it breaks the usual return value
* convention. */
OPENSSL_EXPORT int SSL_set_alpn_protos(SSL *ssl, const uint8_t *protos,
unsigned protos_len);
/* SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is called
* during ClientHello processing in order to select an ALPN protocol from the
* client's list of offered protocols. Configuring this callback enables ALPN on
* a server.
*
* The callback is passed a wire-format (i.e. a series of non-empty, 8-bit
* length-prefixed strings) ALPN protocol list in |in|. It should set |*out| and
* |*out_len| to the selected protocol and return |SSL_TLSEXT_ERR_OK| on
* success. It does not pass ownership of the buffer. Otherwise, it should
* return |SSL_TLSEXT_ERR_NOACK|. Other |SSL_TLSEXT_ERR_*| values are
* unimplemented and will be treated as |SSL_TLSEXT_ERR_NOACK|. */
OPENSSL_EXPORT void SSL_CTX_set_alpn_select_cb(
SSL_CTX *ctx, int (*cb)(SSL *ssl, const uint8_t **out, uint8_t *out_len,
const uint8_t *in, unsigned in_len, void *arg),
void *arg);
/* SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|.
* On return it sets |*out_data| to point to |*out_len| bytes of protocol name
* (not including the leading length-prefix byte). If the server didn't respond
* with a negotiated protocol then |*out_len| will be zero. */
OPENSSL_EXPORT void SSL_get0_alpn_selected(const SSL *ssl,
const uint8_t **out_data,
unsigned *out_len);
/* DTLS-SRTP. /* DTLS-SRTP.
* *
* See RFC 5764. */ * See RFC 5764. */
@ -1970,31 +2021,6 @@ OPENSSL_EXPORT int SSL_select_next_proto(uint8_t **out, uint8_t *outlen,
#define OPENSSL_NPN_NEGOTIATED 1 #define OPENSSL_NPN_NEGOTIATED 1
#define OPENSSL_NPN_NO_OVERLAP 2 #define OPENSSL_NPN_NO_OVERLAP 2
/* SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|.
* |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
* length-prefixed strings). It returns zero on success and one on failure.
*
* WARNING: this function is dangerous because it breaks the usual return value
* convention. */
OPENSSL_EXPORT int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const uint8_t *protos,
unsigned protos_len);
/* SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|.
* |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
* length-prefixed strings). It returns zero on success and one on failure.
*
* WARNING: this function is dangerous because it breaks the usual return value
* convention. */
OPENSSL_EXPORT int SSL_set_alpn_protos(SSL *ssl, const uint8_t *protos,
unsigned protos_len);
OPENSSL_EXPORT void SSL_CTX_set_alpn_select_cb(
SSL_CTX *ctx, int (*cb)(SSL *ssl, const uint8_t **out, uint8_t *outlen,
const uint8_t *in, unsigned int inlen, void *arg),
void *arg);
OPENSSL_EXPORT void SSL_get0_alpn_selected(const SSL *ssl, const uint8_t **data,
unsigned *len);
/* SSL_set_reject_peer_renegotiations controls whether renegotiation attempts by /* SSL_set_reject_peer_renegotiations controls whether renegotiation attempts by
* the peer are rejected. It may be set at any point in a connection's lifetime * the peer are rejected. It may be set at any point in a connection's lifetime
* to control future renegotiations programmatically. By default, renegotiations * to control future renegotiations programmatically. By default, renegotiations
@ -2937,8 +2963,8 @@ struct ssl_ctx_st {
* in: points to the client's list of supported protocols in * in: points to the client's list of supported protocols in
* wire-format. * wire-format.
* inlen: the length of |in|. */ * inlen: the length of |in|. */
int (*alpn_select_cb)(SSL *s, const uint8_t **out, uint8_t *outlen, int (*alpn_select_cb)(SSL *s, const uint8_t **out, uint8_t *out_len,
const uint8_t *in, unsigned int inlen, void *arg); const uint8_t *in, unsigned in_len, void *arg);
void *alpn_select_cb_arg; void *alpn_select_cb_arg;
/* For a client, this contains the list of supported protocols in wire /* For a client, this contains the list of supported protocols in wire

View File

@ -1845,32 +1845,25 @@ int SSL_set_alpn_protos(SSL *ssl, const uint8_t *protos, unsigned protos_len) {
return 0; return 0;
} }
/* SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is called
* during ClientHello processing in order to select an ALPN protocol from the
* client's list of offered protocols. */
void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
int (*cb)(SSL *ssl, const uint8_t **out, int (*cb)(SSL *ssl, const uint8_t **out,
uint8_t *outlen, const uint8_t *in, uint8_t *out_len, const uint8_t *in,
unsigned int inlen, void *arg), unsigned in_len, void *arg),
void *arg) { void *arg) {
ctx->alpn_select_cb = cb; ctx->alpn_select_cb = cb;
ctx->alpn_select_cb_arg = arg; ctx->alpn_select_cb_arg = arg;
} }
/* SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|. void SSL_get0_alpn_selected(const SSL *ssl, const uint8_t **out_data,
* On return it sets |*data| to point to |*len| bytes of protocol name (not unsigned *out_len) {
* including the leading length-prefix byte). If the server didn't respond with *out_data = NULL;
* a negotiated protocol then |*len| will be zero. */
void SSL_get0_alpn_selected(const SSL *ssl, const uint8_t **data,
unsigned *len) {
*data = NULL;
if (ssl->s3) { if (ssl->s3) {
*data = ssl->s3->alpn_selected; *out_data = ssl->s3->alpn_selected;
} }
if (*data == NULL) { if (*out_data == NULL) {
*len = 0; *out_len = 0;
} else { } else {
*len = ssl->s3->alpn_selected_len; *out_len = ssl->s3->alpn_selected_len;
} }
} }