Add bindings to SSL_bytes_to_cipher_list #1921
Conversation
openssl/src/ssl/mod.rs
Outdated
| pub fn client_hello_ciphers_stack(&self) -> Option<(Stack<SslCipher>, Stack<SslCipher>)> { | ||
| unsafe { | ||
| let mut ptr = ptr::null(); | ||
| let len = ffi::SSL_client_hello_get0_ciphers(self.as_ptr(), &mut ptr); |
There was a problem hiding this comment.
I generally prefer to bind to each OpenSSL API as directly as possible, so I think we'd want separate methods for SSL_client_hello_get0_ciphers, SSL_bytes_to_cipher list, and SSL_client_hello_isv2 (though really the answer to that is just false as this point!).
There was a problem hiding this comment.
In that case as SSL_client_hello_get0_ciphers and SSL_client_hello_isv2 both already have bindings, would you accept a new method like the following?
// struct Ssl
#[corresponds(SSL_bytes_to_cipher_list)]
pub fn bytes_to_ciphers_stack(&self, bytes: &[u8], isv2format: bool) -> Option<(Stack<SslCipher>, Stack<SslCipher>)> { // ... }Although I don't know where else this method is useful, it would have the added benefit of being usable outside of the client hello callback.
RoastVeg
force-pushed
the
client_hello_ciphers
branch
from
56d2e32 to
33e0df2
Compare
RoastVeg
changed the title
openssl/src/ssl/mod.rs
Outdated
| &self, | ||
| bytes: &[u8], | ||
| isv2format: bool, | ||
| ) -> Option<(Stack<SslCipher>, Stack<SslCipher>)> { |
There was a problem hiding this comment.
Can we have this return a struct CipherLists { pub suites: Stack<SslCipher>, pub signaling_suites: Stack<SslCipher> } so it's a bit more descriptive?
There was a problem hiding this comment.
Does the function not push errors onto the stack on failure, or should this return a Result<CipherLists, ErrorStack> instead?
RoastVeg
force-pushed
the
client_hello_ciphers
branch
from
33e0df2 to
7e6d518
Compare
I have a use case where I need to change the SSL context on the server side based on the supported cipher suite provided in the client hello callback. Without
SSL_bytes_to_cipher_listsupport in rust-openssl, there really isn't a convenient way to handle the output fromclient_hello_ciphers, as the format is a real mess.