small fixes, a couple new API fns, and a bunch of stubs #43
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cpu
commented
Sep 27, 2024
ctz
approved these changes
Feb 28, 2025
Member
ctz
left a comment
ctz
left a comment
There was a problem hiding this comment.
Sorry, overlooked this for a long, long time.
cpu
force-pushed
the
cpu-httpd-thinking
branch
from
ca165c7 to
bab2d96
Compare
Member
Author
I completely forgot about it myself 😆 Rebased & resolved the conflict in |
Member
Author
Let's land #48 first and I'll rebase once more and merge this after. |
When the `rustls-libssl` code was moved to the root of the repo I think the `.gitignore` got nuked. This commit restores the content we had before the move.
This repo hasn't been receiving any dependabot PRs despite there being updates available (e.g. Rustls). Spot checking against a config in a repo that is working I _think_ the issue might be YAML whitespace related... Let's try to match to the other repo's config exactly.
We don't need a specific minimum version of the 0.9 release stream.
This commit implements `SSL_alert_type_string()` and `SSL_alert_type_string_long()`. These functions act similarly to the existing `SSL_alert_desc_string()` and `SSL_alert_desc_string_long()` functions except returning a (short or long) string for the alert level (fatal, warning, unknown) instead of the alert description.
This commit adds a very simple implementation of `SSL_set_cipher_list` that only returns success for the string "HIGH:!aNULL:!MD5", and otherwise raises a not supported error. This matches the pre-existing `SSL_CTX_set_cipher_list` that operated similarly for a `SSL_CTX` as this new fn operates for a `SSL`.
Overrides the value that will be returned by `SSL_get_verify_result()`. Is this smart to do? Probably not.
Adds stub implementations for a variety of functions HTTPD's `mod_ssl.so` expects to be able to resolve: SSL_add_file_cert_subjects_to_stack SSL_client_hello_get0_ext, SSL_COMP_get_compression_methods, SSL_CTX_set0_tmp_dh_pkey, SSL_CTX_set_client_cert_cb, SSL_CTX_set_client_hello_cb, SSL_CTX_set_srp_cb_arg SSL_CTX_set_srp_username_callback, SSL_CTX_set_tlsext_ticket_key_evp_cb, SSL_get_ciphers, SSL_get_client_CA_list, SSL_get_finished, SSL_get_peer_finished, SSL_get_shared_ciphers, SSL_get_srp_userinfo, SSL_get_srp_username, SSL_peek, SSL_renegotiate, SSL_SESSION_get_compress_id, SSL_set_session_id_context, SSL_set_srp_server_param, SSL_state_string, SSL_state_string_long, SSL_verify_client_post_handshake,
cpu
force-pushed
the
cpu-httpd-thinking
branch
from
bab2d96 to
54a80a5
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
.gitignorethat was lost in the repo contents shuffling.make formattarget to also format the rust code for one-step convenience.SSL_alert_type_string()andSSL_alert_type_string_long()- these are very boring but serve as companions to the pre-existingSSL_alert_desc_string()andSSL_alert_desc_string_long()fns.SSL_set_cipher_list()by matching the partial impl forSSL_CTX_set_cipher_list().SSL_set_verify_result()to allow overriding the value returned bySSL_get_verify_result().mod_ssl. I've tried to place these in our stub section ofentry.rsbased on guesses on which I think we might actually want to impl one day. Most are things that are a clear no-go (SRP related, low level protocol details, etc)This branch gets me to the point where
httpdstarts up without symbol resolution error but it certainly doesn't work yet. I've avoided updating theMATRIX.mdto list which APIs HTTPD specifically needs because I'm not totally convinced it's a sensible target for this compat layer. The HTTPDmod_sslcode is quite old/crufty and so its interactions with the libssl APIs are much more nuanced and complex than we may wish to support. Mostly I was curious about the level of effort required vs continuing to supportmod_tls& arustls-ffibased solution.