From 17e81f2cd1843f01838245eae7b5ed5edf83d6be Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 28 Apr 2024 09:30:55 +0200 Subject: Adding upstream version 0.12.1+dfsg. Signed-off-by: Daniel Baumann --- examples/tls_server_session_boringssl.cc | 84 ++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 examples/tls_server_session_boringssl.cc (limited to 'examples/tls_server_session_boringssl.cc') diff --git a/examples/tls_server_session_boringssl.cc b/examples/tls_server_session_boringssl.cc new file mode 100644 index 0000000..133f4d0 --- /dev/null +++ b/examples/tls_server_session_boringssl.cc @@ -0,0 +1,84 @@ +/* + * ngtcp2 + * + * Copyright (c) 2021 ngtcp2 contributors + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ +#include "tls_server_session_boringssl.h" + +#include +#include + +#include + +#include "tls_server_context_boringssl.h" +#include "server_base.h" + +extern Config config; + +TLSServerSession::TLSServerSession() {} + +TLSServerSession::~TLSServerSession() {} + +int TLSServerSession::init(const TLSServerContext &tls_ctx, + HandlerBase *handler) { + auto ssl_ctx = tls_ctx.get_native_handle(); + + ssl_ = SSL_new(ssl_ctx); + if (!ssl_) { + std::cerr << "SSL_new: " << ERR_error_string(ERR_get_error(), nullptr) + << std::endl; + return -1; + } + + SSL_set_app_data(ssl_, handler->conn_ref()); + SSL_set_accept_state(ssl_); + SSL_set_early_data_enabled(ssl_, 1); + SSL_set_quic_use_legacy_codepoint(ssl_, 0); + + std::array quic_early_data_ctx; + ngtcp2_transport_params params; + memset(¶ms, 0, sizeof(params)); + params.initial_max_streams_bidi = config.max_streams_bidi; + params.initial_max_streams_uni = config.max_streams_uni; + params.initial_max_stream_data_bidi_local = config.max_stream_data_bidi_local; + params.initial_max_stream_data_bidi_remote = + config.max_stream_data_bidi_remote; + params.initial_max_stream_data_uni = config.max_stream_data_uni; + params.initial_max_data = config.max_data; + + auto quic_early_data_ctxlen = ngtcp2_encode_transport_params( + quic_early_data_ctx.data(), quic_early_data_ctx.size(), + NGTCP2_TRANSPORT_PARAMS_TYPE_ENCRYPTED_EXTENSIONS, ¶ms); + if (quic_early_data_ctxlen < 0) { + std::cerr << "ngtcp2_encode_transport_params: " + << ngtcp2_strerror(quic_early_data_ctxlen) << std::endl; + return -1; + } + + if (SSL_set_quic_early_data_context(ssl_, quic_early_data_ctx.data(), + quic_early_data_ctxlen) != 1) { + std::cerr << "SSL_set_quic_early_data_context failed" << std::endl; + return -1; + } + + return 0; +} -- cgit v1.2.3