From: Rich Salz Date: Wed, 19 Apr 2017 16:38:27 +0000 (-0400) Subject: Document Next Protocol Negotiation APIs X-Git-Tag: OpenSSL_1_1_1-pre1~1733 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=87b81496fec2f969371b3167dea3b6aaed9f9f9d;p=oweals%2Fopenssl.git Document Next Protocol Negotiation APIs Add callback function prototypes, fix description Reviewed-by: Kurt Roeckx Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/3084) --- diff --git a/doc/man3/SSL_CTX_set_alpn_select_cb.pod b/doc/man3/SSL_CTX_set_alpn_select_cb.pod index 5ad063eb7f..56c86097b6 100644 --- a/doc/man3/SSL_CTX_set_alpn_select_cb.pod +++ b/doc/man3/SSL_CTX_set_alpn_select_cb.pod @@ -3,8 +3,9 @@ =head1 NAME SSL_CTX_set_alpn_protos, SSL_set_alpn_protos, SSL_CTX_set_alpn_select_cb, -SSL_select_next_proto, SSL_get0_alpn_selected - handle application layer -protocol negotiation (ALPN) +SSL_CTX_set_next_proto_select_cb, SSL_CTX_set_next_protos_advertised_cb, +SSL_select_next_proto, SSL_get0_alpn_selected, SSL_get0_next_proto_negotiated +- handle application layer protocol negotiation (ALPN) =head1 SYNOPSIS @@ -21,13 +22,30 @@ protocol negotiation (ALPN) const unsigned char *in, unsigned int inlen, void *arg), void *arg); + void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, + unsigned int *len); + + void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, + int (*cb)(SSL *ssl, + const unsigned char **out, + unsigned int *outlen, + void *arg), + void *arg); + void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, + int (*cb)(SSL *s, + unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg), + void *arg); int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *server, unsigned int server_len, const unsigned char *client, unsigned int client_len) - void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, - unsigned int *len); + void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, + unsigned *len); =head1 DESCRIPTION @@ -59,10 +77,40 @@ B, so it should be copied immediately. If no match is found, the first item in B, B is returned in B, B. This function can also be used in the NPN callback. +SSL_CTX_set_next_proto_select_cb() sets a callback B that is called when a +client needs to select a protocol from the server's provided list, and a +user-defined pointer argument B which will be passed to this callback. +For the callback itself, B +must be set to point to the selected protocol (which may be within B). +The length of the protocol name must be written into B. The +server's advertised protocols are provided in B and B. The +callback can assume that B is syntactically valid. The client must +select a protocol. It is fatal to the connection if this callback returns +a value other than B. The B parameter is the pointer +set via SSL_CTX_set_next_proto_select_cb(). + +SSL_CTX_set_next_protos_advertised_cb() sets a callback B that is called +when a TLS server needs a list of supported protocols for Next Protocol +Negotiation. The returned list must be in protocol-list format, described +below. The list is +returned by setting B to point to it and B to its length. This +memory will not be modified, but the B does keep a +reference to it. The callback should return B if it +wishes to advertise. Otherwise, no such extension will be included in the +ServerHello. + SSL_get0_alpn_selected() returns a pointer to the selected protocol in B with length B. It is not NUL-terminated. B is set to NULL and B is set to 0 if no protocol has been selected. B must not be freed. +SSL_get0_next_proto_negotiated() sets B and B to point to the +client's requested protocol for this connection. If the client did not +request any protocol or NPN is not enabled, then B is set to NULL and +B to 0. Note that +the client can request any protocol it chooses. The value returned from +this function need not be a member of the list of supported protocols +provided by the callback. + =head1 NOTES The protocol-lists must be in wire-format, which is defined as a vector of @@ -125,6 +173,13 @@ this connection. =back +The callback set using SSL_CTX_set_next_proto_select_cb() should return +B if successful. Any other value is fatal to the connection. + +The callback set using SSL_CTX_set_next_protos_advertised_cb() should return +B if it wishes to advertise. Otherwise, no such extension +will be included in the ServerHello. + =head1 SEE ALSO L, L, @@ -132,7 +187,7 @@ L =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy