Add SslContextBuilder::set_tmp_{ec,}dh_callback

    #[cfg(not(ossl101))]

    pub fn SSL_get_privatekey(ssl: *const SSL) -> *mut EVP_PKEY;

    pub fn SSL_load_client_CA_file(file: *const c_char) -> *mut stack_st_X509_NAME;

    pub fn SSL_set_tmp_dh_callback(ctx: *mut SSL,

                                   dh: unsafe extern fn(ssl: *mut SSL,

                                                        is_export: c_int,

                                                        keylength: c_int)

                                                        -> *mut DH);

    #[cfg(not(osslconf = "OPENSSL_NO_COMP"))]

    pub fn SSL_COMP_get_name(comp: *const COMP_METHOD) -> *const c_char;

    pub fn SSL_CTX_check_private_key(ctx: *const SSL_CTX) -> c_int;

    pub fn SSL_CTX_set_client_CA_list(ctx: *mut SSL_CTX, list: *mut stack_st_X509_NAME);

    pub fn SSL_CTX_get_cert_store(ctx: *const SSL_CTX) -> *mut X509_STORE;

    pub fn SSL_CTX_set_tmp_dh_callback(ctx: *mut SSL_CTX,

                                       dh: unsafe extern fn(ssl: *mut SSL,

                                                            is_export: c_int,

                                                            keylength: c_int)

                                                            -> *mut DH);

    #[cfg(not(ossl101))]

    pub fn SSL_CTX_get0_certificate(ctx: *const SSL_CTX) -> *mut X509;

                                dup_func: Option<::CRYPTO_EX_dup>,

                                free_func: Option<::CRYPTO_EX_free>)

                                -> c_int;

    pub fn SSL_set_tmp_ecdh_callback(ssl: *mut ::SSL,

                                     ecdh: unsafe extern fn(ssl: *mut ::SSL,

                                                            is_export: c_int,

                                                            keylength: c_int)

                                                            -> *mut ::EC_KEY);

    pub fn SSL_CIPHER_get_version(cipher: *const ::SSL_CIPHER) -> *mut c_char;

    pub fn SSL_CTX_get_ex_new_index(argl: c_long, argp: *mut c_void,

                                    new_func: Option<::CRYPTO_EX_new>,

                                    dup_func: Option<::CRYPTO_EX_dup>,

                                    free_func: Option<::CRYPTO_EX_free>)

                                    -> c_int;

    pub fn SSL_CTX_set_tmp_ecdh_callback(ctx: *mut ::SSL_CTX,

                                         ecdh: unsafe extern fn(ssl: *mut ::SSL,

                                                                is_export: c_int,

                                                                keylength: c_int)

                                                                -> *mut ::EC_KEY);

    pub fn X509_get_subject_name(x: *mut ::X509) -> *mut ::X509_NAME;

    pub fn X509_set_notAfter(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int;

    pub fn X509_set_notBefore(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int;

        }

    }

    // FIXME should return u32

    pub fn size(&self) -> Option<u32> {

        if self.q().is_some() {

            unsafe { Some(ffi::DSA_size(self.as_ptr()) as u32) }

        }

    }

    // FIXME should return u32

    pub fn size(&self) -> usize {

        unsafe {

            assert!(self.n().is_some());

use std::sync::Mutex;

use {init, cvt, cvt_p};

use dh::DhRef;

use dh::{Dh, DhRef};

use ec_key::EcKeyRef;

#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))]

use ec_key::EcKey;

use x509::{X509StoreContextRef, X509FileType, X509, X509Ref, X509VerifyError, X509Name};

use x509::store::X509StoreBuilderRef;

#[cfg(any(ossl102, ossl110))]

// Creates a static index for user data of type T

// Registers a destructor for the data which will be called

// when context is freed

fn get_verify_data_idx<T: Any + 'static>() -> c_int {

fn get_callback_idx<T: Any + 'static>() -> c_int {

    *INDEXES.lock().unwrap().entry(TypeId::of::<T>()).or_insert_with(|| get_new_idx::<T>())

}

        let idx = ffi::SSL_get_ex_data_X509_STORE_CTX_idx();

        let ssl = ffi::X509_STORE_CTX_get_ex_data(x509_ctx, idx);

        let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl as *const _);

        let verify = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_verify_data_idx::<F>());

        let verify = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::<F>());

        let verify: &F = &*(verify as *mut F);

        let ctx = X509StoreContextRef::from_ptr(x509_ctx);

{

    unsafe {

        let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl);

        let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_verify_data_idx::<F>());

        let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::<F>());

        let callback: &F = &*(callback as *mut F);

        let ssl = SslRef::from_ptr_mut(ssl);

    unsafe { select_proto_using(ssl, out as *mut _, outlen, inbuf, inlen, *ALPN_PROTOS_IDX) }

}

unsafe extern fn raw_tmp_dh<F>(ssl: *mut ffi::SSL,

                               is_export: c_int,

                               keylength: c_int)

                               -> *mut ffi::DH

    where F: Fn(&mut SslRef, bool, u32) -> Result<Dh, ErrorStack> + Any + 'static + Sync + Send

{

    let ctx = ffi::SSL_get_SSL_CTX(ssl);

    let callback = ffi::SSL_CTX_get_ex_data(ctx, get_callback_idx::<F>());

    let callback = &*(callback as *mut F);

    let ssl = SslRef::from_ptr_mut(ssl);

    match callback(ssl, is_export != 0, keylength as u32) {

        Ok(dh) => {

            let ptr = dh.as_ptr();

            mem::forget(dh);

            ptr

        }

        Err(_) => {

            // FIXME reset error stack

            ptr::null_mut()

        }

    }

}

#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))]

unsafe extern fn raw_tmp_ecdh<F>(ssl: *mut ffi::SSL,

                                 is_export: c_int,

                                 keylength: c_int)

                                 -> *mut ffi::EC_KEY

    where F: Fn(&mut SslRef, bool, u32) -> Result<EcKey, ErrorStack> + Any + 'static + Sync + Send

{

    let ctx = ffi::SSL_get_SSL_CTX(ssl);

    let callback = ffi::SSL_CTX_get_ex_data(ctx, get_callback_idx::<F>());

    let callback = &*(callback as *mut F);

    let ssl = SslRef::from_ptr_mut(ssl);

    match callback(ssl, is_export != 0, keylength as u32) {

        Ok(ec_key) => {

            let ptr = ec_key.as_ptr();

            mem::forget(ec_key);

            ptr

        }

        Err(_) => {

            // FIXME reset error stack

            ptr::null_mut()

        }

    }

}

/// The function is given as the callback to `SSL_CTX_set_next_protos_advertised_cb`.

///

/// It causes the parameter `out` to point at a `*const c_uchar` instance that

        unsafe {

            let verify = Box::new(verify);

            ffi::SSL_CTX_set_ex_data(self.as_ptr(),

                                     get_verify_data_idx::<F>(),

                                     get_callback_idx::<F>(),

                                     mem::transmute(verify));

            ffi::SSL_CTX_set_verify(self.as_ptr(), mode.bits as c_int, Some(raw_verify::<F>));

        }

        unsafe {

            let callback = Box::new(callback);

            ffi::SSL_CTX_set_ex_data(self.as_ptr(),

                                     get_verify_data_idx::<F>(),

                                     get_callback_idx::<F>(),

                                     mem::transmute(callback));

            let f: extern "C" fn(_, _, _) -> _ = raw_sni::<F>;

            let f: extern "C" fn() = mem::transmute(f);

        unsafe { cvt(ffi::SSL_CTX_set_tmp_dh(self.as_ptr(), dh.as_ptr()) as c_int).map(|_| ()) }

    }

    pub fn set_tmp_dh_callback<F>(&mut self, callback: F)

        where F: Fn(&mut SslRef, bool, u32) -> Result<Dh, ErrorStack> + Any + 'static + Sync + Send

    {

        unsafe {

            let callback = Box::new(callback);

            ffi::SSL_CTX_set_ex_data(self.as_ptr(),

                                     get_callback_idx::<F>(),

                                     Box::into_raw(callback) as *mut c_void);

            let f: unsafe extern fn (_, _, _) -> _ = raw_tmp_dh::<F>;

            ffi::SSL_CTX_set_tmp_dh_callback(self.as_ptr(), f);

        }

    }

    pub fn set_tmp_ecdh(&mut self, key: &EcKeyRef) -> Result<(), ErrorStack> {

        unsafe { cvt(ffi::SSL_CTX_set_tmp_ecdh(self.as_ptr(), key.as_ptr()) as c_int).map(|_| ()) }

    }

    /// Requires the `v101` feature and OpenSSL 1.0.1, or the `v102` feature and OpenSSL 1.0.2.

    #[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))]

    pub fn set_tmp_ecdh_callback<F>(&mut self, callback: F)

        where F: Fn(&mut SslRef, bool, u32) -> Result<EcKey, ErrorStack> + Any + 'static + Sync + Send

    {

        unsafe {

            let callback = Box::new(callback);

            ffi::SSL_CTX_set_ex_data(self.as_ptr(),

                                     get_callback_idx::<F>(),

                                     Box::into_raw(callback) as *mut c_void);

            let f: unsafe extern fn(_, _, _) -> _ = raw_tmp_ecdh::<F>;

            ffi::SSL_CTX_set_tmp_ecdh_callback(self.as_ptr(), f);

        }

    }

    /// Use the default locations of trusted certificates for verification.

    ///

    /// These locations are read from the `SSL_CERT_FILE` and `SSL_CERT_DIR`