public/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

rename new_pending_ssl to new_pending_conn

Browse source 
Make it clear its only announcing connections, not streams

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
This commit is contained in:
Neil Horman 2025-01-10 12:20:40 -05:00
parent 1abc48fae8
commit 7502df20bc
9 changed files with 71 additions and 68 deletions
Download patch file Download diff file Expand all files Collapse all files

12
doc/build.info
View file

@ -2383,10 +2383,10 @@ DEPEND[html/man3/SSL_CTX_set_msg_callback.html]=man3/SSL_CTX_set_msg_callback.po
GENERATE[html/man3/SSL_CTX_set_msg_callback.html]=man3/SSL_CTX_set_msg_callback.pod
DEPEND[man/man3/SSL_CTX_set_msg_callback.3]=man3/SSL_CTX_set_msg_callback.pod
GENERATE[man/man3/SSL_CTX_set_msg_callback.3]=man3/SSL_CTX_set_msg_callback.pod
DEPEND[html/man3/SSL_CTX_set_new_pending_ssl_cb.html]=man3/SSL_CTX_set_new_pending_ssl_cb.pod
GENERATE[html/man3/SSL_CTX_set_new_pending_ssl_cb.html]=man3/SSL_CTX_set_new_pending_ssl_cb.pod
DEPEND[man/man3/SSL_CTX_set_new_pending_ssl_cb.3]=man3/SSL_CTX_set_new_pending_ssl_cb.pod
GENERATE[man/man3/SSL_CTX_set_new_pending_ssl_cb.3]=man3/SSL_CTX_set_new_pending_ssl_cb.pod
DEPEND[html/man3/SSL_CTX_set_new_pending_conn_cb.html]=man3/SSL_CTX_set_new_pending_conn_cb.pod
GENERATE[html/man3/SSL_CTX_set_new_pending_conn_cb.html]=man3/SSL_CTX_set_new_pending_conn_cb.pod
DEPEND[man/man3/SSL_CTX_set_new_pending_conn_cb.3]=man3/SSL_CTX_set_new_pending_conn_cb.pod
GENERATE[man/man3/SSL_CTX_set_new_pending_conn_cb.3]=man3/SSL_CTX_set_new_pending_conn_cb.pod
DEPEND[html/man3/SSL_CTX_set_num_tickets.html]=man3/SSL_CTX_set_num_tickets.pod
GENERATE[html/man3/SSL_CTX_set_num_tickets.html]=man3/SSL_CTX_set_num_tickets.pod
DEPEND[man/man3/SSL_CTX_set_num_tickets.3]=man3/SSL_CTX_set_num_tickets.pod
@ -3641,7 +3641,7 @@ html/man3/SSL_CTX_set_max_cert_list.html \
html/man3/SSL_CTX_set_min_proto_version.html \
html/man3/SSL_CTX_set_mode.html \
html/man3/SSL_CTX_set_msg_callback.html \
html/man3/SSL_CTX_set_new_pending_ssl_cb.html \
html/man3/SSL_CTX_set_new_pending_conn_cb.html \
html/man3/SSL_CTX_set_num_tickets.html \
html/man3/SSL_CTX_set_options.html \
html/man3/SSL_CTX_set_psk_client_callback.html \
@ -4313,7 +4313,7 @@ man/man3/SSL_CTX_set_max_cert_list.3 \
man/man3/SSL_CTX_set_min_proto_version.3 \
man/man3/SSL_CTX_set_mode.3 \
man/man3/SSL_CTX_set_msg_callback.3 \
man/man3/SSL_CTX_set_new_pending_ssl_cb.3 \
man/man3/SSL_CTX_set_new_pending_conn_cb.3 \
man/man3/SSL_CTX_set_num_tickets.3 \
man/man3/SSL_CTX_set_options.3 \
man/man3/SSL_CTX_set_psk_client_callback.3 \

50
doc/man3/SSL_CTX_set_new_pending_conn_cb.pod Normal file
View file

@ -0,0 +1,50 @@
=pod
=head1 NAME
SSL_CTX_set_new_pending_conn_cb, SSL_set_new_pending_conn_cb_fn - callback function to report creation of QUIC connection SSL objects
=head1 SYNOPSIS
typedef int (*SSL_set_new_pending_conn_cb_fn)(SSL_CTX *c, SSL *new_ssl,
void *arg);
void SSL_CTX_set_new_pending_conn_cb(SSL_CTX *c,
SSL_set_new_pending_conn_cb_fn *f,
void *arg);
=head1 DESCRIPTION
SSL_CTX_set_new_pending_conn_cb() sets the new_pending_conn callback function and
associated application data argument I<arg>. When using the QUIC transport, TLS
handshake processing may occur independently from the thread which accepts the
connection that the handshake is establishing. As such, B<SSL> objects
representing the connection may be allocated and initialized prior to a call to
SSL_accept_connection(). This registered callback may be used to decorate the
preallocated B<SSL> object or create other associations with its parent
B<SSL> prior to a call to SSL_accept_connection().
=head1 RETURN VALUES
SSL_CTX_set_new_pending_conn_cb() returns no value.
SSL_set_new_pending_conn_cb_fn() returns an integer value. A return value of
0 indicates that the QUIC stack must discard this newly created B<SSL> object,
implying that the associated new connection will not be available for handling
on a subsequent call to SSL_accept_connection(). A nonzero return
value is treated as success, allowing the new connection to be enqueued to the
accept queue.
=head1 HISTORY
SSL_CTX_set_new_pending_conn_cb() was added in OpenSSL 3.5
=head1 COPYRIGHT
Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

48
doc/man3/SSL_CTX_set_new_pending_ssl_cb.pod
View file

@ -1,48 +0,0 @@
=pod
=head1 NAME
SSL_CTX_set_new_pending_ssl_cb - callback function to report creation of QUIC connection SSL objects
=head1 SYNOPSIS
typedef int (*SSL_set_new_pending_ssl_cb_fn)(SSL_CTX *c, SSL *new_ssl,
void *arg);
void SSL_CTX_set_new_pending_ssl_cb(SSL_CTX *c,
SSL_set_new_pending_ssl_cb_fn *f,
void *arg);
=head1 DESCRIPTION
SSL_CTX_set_new_pending_ssl_cb() sets the new_pending_ssl callback function and
associated application data argument I<arg>. When using the QUIC transport, TLS
handshake processing may occur independently from the thread which accepts the
connection that the handshake is establishing. As such, B<SSL> objects
representing the connection may be allocated and initialized prior to a call to
SSL_accept_connection().
=head1 RETURN VALUES
SSL_CTX_set_new_pending_ssl_cb() returns no value.
SSL_set_new_pending_ssl_cb_fn() must return an integer value. A return value of
0 indicates that the QUIC stack should discard this newly created B<SSL> object,
implying that the associated new connection will not be available for handling
on a subsequent call to SSL_accept_connection(). Any other non-zero return
value is treated as success, allowing the new connection to be enqueued to the
accept queue.
=head1 HISTORY
SSL_CTX_set_new_pending_ssl_cb() was added in OpenSSL 3.5.0
=head1 COPYRIGHT
Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

6
include/openssl/ssl.h.in
View file

@ -1907,10 +1907,10 @@ OSSL_DEPRECATEDIN_3_0 __owur char *SSL_get_srp_userinfo(SSL *s);
typedef int (*SSL_client_hello_cb_fn) (SSL *s, int *al, void *arg);
void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb,
void *arg);
typedef int (*SSL_new_pending_ssl_cb_fn) (SSL_CTX *ctx, SSL *new_ssl,
typedef int (*SSL_new_pending_conn_cb_fn) (SSL_CTX *ctx, SSL *new_ssl,
void *arg);
void SSL_CTX_set_new_pending_ssl_cb(SSL_CTX *c, SSL_new_pending_ssl_cb_fn cb,
void *arg);
void SSL_CTX_set_new_pending_conn_cb(SSL_CTX *c, SSL_new_pending_conn_cb_fn cb,
void *arg);
int SSL_client_hello_isv2(SSL *s);
unsigned int SSL_client_hello_get0_legacy_version(SSL *s);

8
ssl/quic/quic_port.c
View file

@ -472,12 +472,12 @@ static SSL *port_new_handshake_layer(QUIC_PORT *port, QUIC_CHANNEL *ch)
if (qc != NULL)
qc->tls = tls;
if (ql != NULL && ql->obj.ssl.ctx->new_pending_ssl_cb != NULL)
if (!ql->obj.ssl.ctx->new_pending_ssl_cb(ql->obj.ssl.ctx, user_ssl,
ql->obj.ssl.ctx->new_pending_ssl_arg)) {
if (ql != NULL && ql->obj.ssl.ctx->new_pending_conn_cb != NULL)
if (!ql->obj.ssl.ctx->new_pending_conn_cb(ql->obj.ssl.ctx, user_ssl,
ql->obj.ssl.ctx->new_pending_conn_arg)) {
SSL_free(tls);
return NULL;
}
}
/* Override the user_ssl of the inner connection. */
tls_conn->s3.flags |= TLS1_FLAGS_QUIC;

8
ssl/ssl_lib.c
View file

@ -6685,11 +6685,11 @@ void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb,
c->client_hello_cb_arg = arg;
}
void SSL_CTX_set_new_pending_ssl_cb(SSL_CTX *c, SSL_new_pending_ssl_cb_fn cb,
void *arg)
void SSL_CTX_set_new_pending_conn_cb(SSL_CTX *c, SSL_new_pending_conn_cb_fn cb,
void *arg)
{
c->new_pending_ssl_cb = cb;
c->new_pending_ssl_arg = arg;
c->new_pending_conn_cb = cb;
c->new_pending_conn_arg = arg;
}
int SSL_client_hello_isv2(SSL *s)

4
ssl/ssl_local.h
View file

@ -990,8 +990,8 @@ struct ssl_ctx_st {
void *client_hello_cb_arg;
/* Callback to announce new pending ssl objects in the accept queue */
SSL_new_pending_ssl_cb_fn new_pending_ssl_cb;
void *new_pending_ssl_arg;
SSL_new_pending_conn_cb_fn new_pending_conn_cb;
void *new_pending_conn_arg;
/* TLS extensions. */
struct {

2
test/radix/quic_ops.c
View file

@ -204,7 +204,7 @@ DEF_FUNC(hf_new_ssl)
goto err;
} else if (is_server) {
SSL_CTX_set_new_pending_ssl_cb(ctx, new_pending_cb, NULL);
SSL_CTX_set_new_pending_conn_cb(ctx, new_pending_cb, NULL);
SSL_CTX_set_client_hello_cb(ctx, client_hello_cb, NULL);
check_pending_match = 1;
if (!TEST_ptr(ssl = SSL_new_listener(ctx, 0)))

1
util/other.syms
View file

@ -118,6 +118,7 @@ SSL_psk_client_cb_func datatype
SSL_psk_find_session_cb_func datatype
SSL_psk_server_cb_func datatype
SSL_psk_use_session_cb_func datatype
SSL_set_new_pending_conn_cb_fn datatype
SSL_verify_cb datatype
UI datatype
UI_METHOD datatype