xref: /third_party/nghttp2/src/shrpx_tls.cc

183 int servername_callback(SSL *ssl, int *al, void *arg) {
184   auto conn = static_cast<Connection *>(SSL_get_app_data(ssl));
188   auto rawhost = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
237       SSL_get_sigalgs(ssl, 0, nullptr, nullptr, nullptr, nullptr, nullptr);
242     SSL_get_sigalgs(ssl, idx, nullptr, nullptr, &signhash, nullptr, nullptr);
256     SSL_set_SSL_CTX(ssl, ssl_ctx_list[0]);
261   auto num_shared_curves = SSL_get_shared_curve(ssl, -1);
264     auto shared_curve = SSL_get_shared_curve(ssl, i);
296         SSL_set_SSL_CTX(ssl, ssl_ctx);
319         SSL_set_SSL_CTX(ssl, ssl_ctx);
328   SSL_set_SSL_CTX(ssl, ssl_ctx_list[0]);
349 int ocsp_resp_cb(SSL *ssl, void *arg) {
350   auto ssl_ctx = SSL_get_SSL_CTX(ssl);
369   SSL_set_tlsext_status_ocsp_resp(ssl, buf, data->size());
380 int tls_session_client_new_cb(SSL *ssl, SSL_SESSION *session) {
381   auto conn = static_cast<Connection *>(SSL_get_app_data(ssl));
394 int tls_session_new_cb(SSL *ssl, SSL_SESSION *session) {
395   auto conn = static_cast<Connection *>(SSL_get_app_data(ssl));
402   if (SSL_version(ssl) == TLS1_3_VERSION) {
450 SSL_SESSION *tls_session_get_cb(SSL *ssl,
457   auto conn = static_cast<Connection *>(SSL_get_app_data(ssl));
535 int ticket_key_cb(SSL *ssl, unsigned char *key_name, unsigned char *iv,
543   auto conn = static_cast<Connection *>(SSL_get_app_data(ssl));
644   if (SSL_version(ssl) == TLS1_3_VERSION) {
654 void info_callback(const SSL *ssl, int where, int ret) {
657   if (SSL_version(ssl) == TLS1_3_VERSION) {
667     auto conn = static_cast<Connection *>(SSL_get_app_data(ssl));
681 int alpn_select_proto_cb(SSL *ssl, const unsigned char **out,
713 int quic_alpn_select_proto_cb(SSL *ssl, const unsigned char **out,
752 int sct_add_cb(SSL *ssl, unsigned int ext_type, unsigned int context,
757   auto conn = static_cast<Connection *>(SSL_get_app_data(ssl));
772   auto ssl_ctx = SSL_get_SSL_CTX(ssl);
784 void sct_free_cb(SSL *ssl, unsigned int ext_type, unsigned int context,
791 int sct_parse_cb(SSL *ssl, unsigned int ext_type, unsigned int context,
802   auto conn = static_cast<Connection *>(SSL_get_app_data(ssl));
812 int legacy_sct_add_cb(SSL *ssl, unsigned int ext_type,
815   return sct_add_cb(ssl, ext_type, 0, out, outlen, nullptr, 0, al, add_arg);
820 void legacy_sct_free_cb(SSL *ssl, unsigned int ext_type,
822   sct_free_cb(ssl, ext_type, 0, out, add_arg);
827 int legacy_sct_parse_cb(SSL *ssl, unsigned int ext_type,
830   return sct_parse_cb(ssl, ext_type, 0, in, inlen, nullptr, 0, al, parse_arg);
840 unsigned int psk_server_cb(SSL *ssl, const char *identity, unsigned char *psk,
866 unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity_out,
1519 int select_h2_next_proto_cb(SSL *ssl, unsigned char **out,
1532 int select_h1_next_proto_cb(SSL *ssl, unsigned char **out,
1550 int select_next_proto_cb(SSL *ssl, unsigned char **out, unsigned char *outlen,
1553   auto conn = static_cast<Connection *>(SSL_get_app_data(ssl));
1556     return select_h1_next_proto_cb(ssl, out, outlen, in, inlen, arg);
1558     return select_h2_next_proto_cb(ssl, out, outlen, in, inlen, arg);
1683   auto ssl = SSL_new(ssl_ctx);
1684   if (!ssl) {
1690   return ssl;
1716   SSL *ssl = nullptr;
1722     ssl = create_ssl(ssl_ctx);
1723     if (!ssl) {
1729       SSL_set_options(ssl, SSL_OP_NO_TICKET);
1733   return new ClientHandler(worker, fd, ssl, StringRef{host.data()},
1959 int check_cert(SSL *ssl, const Address *addr, const StringRef &host) {
1961   auto cert = SSL_get0_peer_certificate(ssl);
1963   auto cert = SSL_get_peer_certificate(ssl);
1982 int check_cert(SSL *ssl, const DownstreamAddr *addr, const Address *raddr) {
1985   return check_cert(ssl, raddr, hostname);
2396 void setup_downstream_http2_alpn(SSL *ssl) {
2400   SSL_set_alpn_protos(ssl, alpn.data(), alpn.size());
2404 void setup_downstream_http1_alpn(SSL *ssl) {
2407   SSL_set_alpn_protos(ssl, NGHTTP2_H1_1_ALPN.byte(), NGHTTP2_H1_1_ALPN.size());

Indexes created Thu Nov 07 10:32:03 CST 2024