Skip to content

Commit 2f1d93d

Browse files
committed
Change signature for set_select_certificate_callback
To handle lifetimes better and allow returning a &mut SslRef from the client hello struct passed to the closure from SslContextBuilder::set_select_certificate_callback, we make the ClientHello struct itself own a reference to the FFI client hello struct.
1 parent 1de27de commit 2f1d93d

2 files changed

Lines changed: 14 additions & 10 deletions

File tree

boring/src/ssl/callbacks.rs

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -223,14 +223,13 @@ pub(super) unsafe extern "C" fn raw_select_cert<F>(
223223
client_hello: *const ffi::SSL_CLIENT_HELLO,
224224
) -> ffi::ssl_select_cert_result_t
225225
where
226-
F: Fn(&ClientHello) -> Result<(), SelectCertError> + Sync + Send + 'static,
226+
F: Fn(ClientHello<'_>) -> Result<(), SelectCertError> + Sync + Send + 'static,
227227
{
228228
// SAFETY: boring provides valid inputs.
229-
let client_hello = unsafe { &*(client_hello as *const ClientHello) };
229+
let client_hello = ClientHello(unsafe { &*client_hello });
230230

231-
let callback = client_hello
232-
.ssl()
233-
.ssl_context()
231+
let ssl_context = client_hello.ssl().ssl_context().to_owned();
232+
let callback = ssl_context
234233
.ex_data(SslContext::cached_ex_index::<F>())
235234
.expect("BUG: select cert callback missing");
236235

boring/src/ssl/mod.rs

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1370,6 +1370,7 @@ impl SslContextBuilder {
13701370
);
13711371
}
13721372
}
1373+
13731374
/// Sets a callback that is called before most ClientHello processing and before the decision whether
13741375
/// to resume a session is made. The callback may inspect the ClientHello and configure the
13751376
/// connection.
@@ -1379,7 +1380,7 @@ impl SslContextBuilder {
13791380
/// [`SSL_CTX_set_select_certificate_cb`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_select_certificate_cb.html
13801381
pub fn set_select_certificate_callback<F>(&mut self, callback: F)
13811382
where
1382-
F: Fn(&ClientHello) -> Result<(), SelectCertError> + Sync + Send + 'static,
1383+
F: Fn(ClientHello<'_>) -> Result<(), SelectCertError> + Sync + Send + 'static,
13831384
{
13841385
unsafe {
13851386
self.set_ex_data(SslContext::cached_ex_index::<F>(), callback);
@@ -1954,9 +1955,9 @@ pub struct CipherBits {
19541955
}
19551956

19561957
#[repr(transparent)]
1957-
pub struct ClientHello(ffi::SSL_CLIENT_HELLO);
1958+
pub struct ClientHello<'ssl>(&'ssl ffi::SSL_CLIENT_HELLO);
19581959

1959-
impl ClientHello {
1960+
impl ClientHello<'_> {
19601961
/// Returns the data of a given extension, if present.
19611962
///
19621963
/// This corresponds to [`SSL_early_callback_ctx_extension_get`].
@@ -1967,15 +1968,19 @@ impl ClientHello {
19671968
let mut ptr = ptr::null();
19681969
let mut len = 0;
19691970
let result =
1970-
ffi::SSL_early_callback_ctx_extension_get(&self.0, ext_type.0, &mut ptr, &mut len);
1971+
ffi::SSL_early_callback_ctx_extension_get(self.0, ext_type.0, &mut ptr, &mut len);
19711972
if result == 0 {
19721973
return None;
19731974
}
19741975
Some(slice::from_raw_parts(ptr, len))
19751976
}
19761977
}
19771978

1978-
fn ssl(&self) -> &SslRef {
1979+
pub fn ssl_mut(&mut self) -> &mut SslRef {
1980+
unsafe { SslRef::from_ptr_mut(self.0.ssl) }
1981+
}
1982+
1983+
pub fn ssl(&self) -> &SslRef {
19791984
unsafe { SslRef::from_ptr(self.0.ssl) }
19801985
}
19811986

0 commit comments

Comments
 (0)