Add semi-stubbed-out SSL_{CTX_,}set_security_level

This cannot return errors, so just emit diagnostics.

Author: ctz

MATRIX.md

@@ -178,7 +178,7 @@
 | `SSL_CTX_set_record_padding_callback_arg`  |  |  |  |  |
 | `SSL_CTX_set_recv_max_early_data`  |  |  |  |  |
 | `SSL_CTX_set_security_callback`  |  |  |  |  |
-| `SSL_CTX_set_security_level`  |  |  |  |  |
+| `SSL_CTX_set_security_level`  |  |  |  | :white_check_mark: |
 | `SSL_CTX_set_session_id_context`  |  | :white_check_mark: | :white_check_mark: | :white_check_mark: |
 | `SSL_CTX_set_session_ticket_cb`  |  |  |  |  |
 | `SSL_CTX_set_srp_cb_arg` [^deprecatedin_3_0] [^srp] |  |  |  | :exclamation: [^stub] |
@@ -459,7 +459,7 @@
 | `SSL_set_recv_max_early_data`  |  |  |  |  |
 | `SSL_set_rfd` [^sock] |  |  |  |  |
 | `SSL_set_security_callback`  |  |  |  |  |
-| `SSL_set_security_level`  |  |  |  |  |
+| `SSL_set_security_level`  |  |  |  | :white_check_mark: |
 | `SSL_set_session`  | :white_check_mark: | :white_check_mark: | :white_check_mark: | :exclamation: [^stub] |
 | `SSL_set_session_id_context`  |  |  |  | :exclamation: [^stub] |
 | `SSL_set_session_secret_cb`  |  |  |  |  |

build.rs

@@ -132,6 +132,7 @@ const ENTRYPOINTS: &[&str] = &[
     "SSL_CTX_set_num_tickets",
     "SSL_CTX_set_options",
     "SSL_CTX_set_post_handshake_auth",
+    "SSL_CTX_set_security_level",
     "SSL_CTX_set_session_id_context",
     "SSL_CTX_set_srp_cb_arg",
     "SSL_CTX_set_srp_password",
@@ -239,6 +240,7 @@ const ENTRYPOINTS: &[&str] = &[
     "SSL_set_options",
     "SSL_set_post_handshake_auth",
     "SSL_set_quiet_shutdown",
+    "SSL_set_security_level",
     "SSL_set_session",
     "SSL_set_session_id_context",
     "SSL_set_shutdown",

src/entry.rs

@@ -922,6 +922,13 @@ entry! {
 pub type SSL_client_hello_cb_func =
     Option<unsafe extern "C" fn(_ssl: *mut SSL, _al: *mut c_int, _arg: *mut c_void) -> c_int>;
 
+entry! {
+    pub fn _SSL_CTX_set_security_level(ctx: *mut SSL_CTX, level: c_int) {
+        let _null_check = try_clone_arc!(ctx);
+        security_level_diagnostic(level)
+    }
+}
+
 impl Castable for SSL_CTX {
     type Ownership = OwnershipArc;
     type RustType = NotThreadSafe<Self>;
@@ -1136,6 +1143,27 @@ entry! {
     }
 }
 
+entry! {
+    pub fn _SSL_set_security_level(ssl: *mut SSL, level: c_int) {
+        let _null_check = try_clone_arc!(ssl);
+        security_level_diagnostic(level)
+    }
+}
+
+fn security_level_diagnostic(level: c_int) {
+    match level {
+        // this is the rustls default
+        2 => {}
+        // all of these are possible with sufficient CryptoProvider plumbing. the signature verification
+        // facets would be the most complex to arrange.
+        3 => log::warn!("security level for 128-bit security requested but NYI"),
+        4 => log::warn!("security level for 192-bit security requested but NYI"),
+        5 => log::warn!("security level for 256-bit security requested but NYI"),
+        // others (lower, or negative, or huge are not reasonable)
+        _ => log::warn!("security level {level:?} not supported"),
+    }
+}
+
 entry! {
     pub fn _SSL_set_connect_state(ssl: *mut SSL) {
         try_clone_arc!(ssl).get_mut().set_client_mode()