Add the ability for tserver to use a pre-existing SSL_CTX

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21591)

diff --git a/include/internal/quic_tserver.h b/include/internal/quic_tserver.h
index cd87a9298e12338504f607d34ef93e4fbe910a11..1edb890a9473bbbb04b84539a73bb1a9e11de97d 100644 (file)
--- a/include/internal/quic_tserver.h
+++ b/include/internal/quic_tserver.h
@@ -37,6 +37,7 @@ typedef struct quic_tserver_st QUIC_TSERVER;
 typedef struct quic_tserver_args_st {
     OSSL_LIB_CTX *libctx;
     const char *propq;
+    SSL_CTX *ctx;
     BIO *net_rbio, *net_wbio;
     OSSL_TIME (*now_cb)(void *arg);
     void *now_cb_arg;
@@ -132,6 +133,8 @@ int ossl_quic_tserver_stream_new(QUIC_TSERVER *srv,
 
 BIO *ossl_quic_tserver_get0_rbio(QUIC_TSERVER *srv);
 
+SSL_CTX *ossl_quic_tserver_get0_ssl_ctx(QUIC_TSERVER *srv);
+
 /*
  * Returns 1 if the peer has sent a STOP_SENDING frame for a stream.
  * app_error_code is written if this returns 1.

diff --git a/ssl/quic/quic_tserver.c b/ssl/quic/quic_tserver.c
index e92a5d3353d020abada51e3d76aa79c21202a4e4..233b71657ec110363b54fc99f45533fbf5b3d60e 100644 (file)
--- a/ssl/quic/quic_tserver.c
+++ b/ssl/quic/quic_tserver.c
@@ -86,7 +86,11 @@ QUIC_TSERVER *ossl_quic_tserver_new(const QUIC_TSERVER_ARGS *args,
         goto err;
 #endif
 
-    srv->ctx = SSL_CTX_new_ex(srv->args.libctx, srv->args.propq, TLS_method());
+    if (args->ctx != NULL)
+        srv->ctx = args->ctx;
+    else
+        srv->ctx = SSL_CTX_new_ex(srv->args.libctx, srv->args.propq,
+                                  TLS_method());
     if (srv->ctx == NULL)
         goto err;
 
@@ -121,6 +125,9 @@ QUIC_TSERVER *ossl_quic_tserver_new(const QUIC_TSERVER_ARGS *args,
 
 err:
     if (srv != NULL) {
+        if (args->ctx == NULL)
+            SSL_CTX_free(srv->ctx);
+        SSL_free(srv->tls);
         ossl_quic_channel_free(srv->ch);
 #if defined(OPENSSL_THREADS)
         ossl_crypto_mutex_free(&srv->mutex);
@@ -389,6 +396,11 @@ BIO *ossl_quic_tserver_get0_rbio(QUIC_TSERVER *srv)
     return srv->args.net_rbio;
 }
 
+SSL_CTX *ossl_quic_tserver_get0_ssl_ctx(QUIC_TSERVER *srv)
+{
+    return srv->ctx;
+}
+
 int ossl_quic_tserver_stream_has_peer_stop_sending(QUIC_TSERVER *srv,
                                                    uint64_t stream_id,
                                                    uint64_t *app_error_code)

diff --git a/test/helpers/quictestlib.c b/test/helpers/quictestlib.c
index d20afb45859bf38104e0cda2dcd31afdbfe66702..98785e3306928e8a8ca232455bca5d265178b023 100644 (file)
--- a/test/helpers/quictestlib.c
+++ b/test/helpers/quictestlib.c
@@ -166,6 +166,7 @@ int qtest_create_quic_objects(OSSL_LIB_CTX *libctx, SSL_CTX *clientctx,
     tserver_args.net_rbio = sbio;
     tserver_args.net_wbio = fisbio;
     tserver_args.alpn = NULL;
+    tserver_args.ctx = NULL;
     if ((flags & QTEST_FLAG_FAKE_TIME) != 0) {
         fake_now = ossl_time_zero();
         tserver_args.now_cb = fake_now_cb;

diff --git a/test/quic_multistream_test.c b/test/quic_multistream_test.c
index 566c545086dffff93a9f4352e02dddd4a1458232..3d7d39f7525a6ad514f856ba6f42e6cd0c824a68 100644 (file)
--- a/test/quic_multistream_test.c
+++ b/test/quic_multistream_test.c
@@ -557,6 +557,7 @@ static int helper_init(struct helper *h, int free_order, int need_injector)
     s_args.alpn         = NULL;
     s_args.now_cb       = get_time;
     s_args.now_cb_arg   = h;
+    s_args.ctx          = NULL;
 
     if (!TEST_ptr(h->s = ossl_quic_tserver_new(&s_args, certfile, keyfile)))
         goto err;

diff --git a/test/quic_tserver_test.c b/test/quic_tserver_test.c
index 74b73a919036394aa7eae720e6f0ad117ae5e0c0..452d523d0ee2876ee04496828dfa0d25dca8e25f 100644 (file)
--- a/test/quic_tserver_test.c
+++ b/test/quic_tserver_test.c
@@ -120,6 +120,7 @@ static int do_test(int use_thread_assist, int use_fake_time, int use_inject)
     tserver_args.net_rbio = s_net_bio;
     tserver_args.net_wbio = s_net_bio;
     tserver_args.alpn = NULL;
+    tserver_args.ctx = NULL;
     if (use_fake_time)
         tserver_args.now_cb = fake_now;
 

diff --git a/util/quicserver.c b/util/quicserver.c
index d23d4f41665f513507def28e5fd929a42b2d94ca..59238020507edd91acf27e6dd27e3527f20478bd 100644 (file)
--- a/util/quicserver.c
+++ b/util/quicserver.c
@@ -187,6 +187,7 @@ int main(int argc, char *argv[])
     tserver_args.net_wbio = bio;
     tserver_args.alpn = alpn;
     tserver_args.alpnlen = sizeof(alpn);
+    tserver_args.ctx = NULL;
 
     qtserv = ossl_quic_tserver_new(&tserver_args, certfile, keyfile);
     if (qtserv == NULL) {