Loading openssl/src/ssl/mod.rs +12 −0 Original line number Diff line number Diff line Loading @@ -1240,6 +1240,18 @@ impl SslContextBuilder { } } #[deprecated(since = "0.10.10", note = "renamed to `set_psk_client_callback`")] #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] pub fn set_psk_callback<F>(&mut self, callback: F) where F: Fn(&mut SslRef, Option<&[u8]>, &mut [u8], &mut [u8]) -> Result<usize, ErrorStack> + 'static + Sync + Send, { self.set_psk_client_callback(callback) } /// Sets the callback for providing an identity and pre-shared key for a TLS-PSK server. /// /// The callback will be called with the SSL context, an identity provided by the client, Loading openssl/src/ssl/test.rs +35 −0 Original line number Diff line number Diff line Loading @@ -1536,3 +1536,38 @@ fn stateless() { send(client_stream.get_mut(), server_stream.get_mut()); hs(server_stream.handshake()).unwrap(); } #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] #[test] fn psk_ciphers() { const PSK: &[u8] = b"thisisaverysecurekey"; const CLIENT_IDENT: &[u8] = b"thisisaclient"; let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let port = listener.local_addr().unwrap().port(); thread::spawn(move || { let stream = listener.accept().unwrap().0; let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); ctx.set_cipher_list("ECDHE-PSK-CHACHA20-POLY1305").unwrap(); ctx.set_psk_server_callback(move |_, identity, psk| { assert!(identity.unwrap_or(&[]) == CLIENT_IDENT); psk[..PSK.len()].copy_from_slice(&PSK); Ok(PSK.len()) }); let ssl = Ssl::new(&ctx.build()).unwrap(); ssl.accept(stream).unwrap(); }); let stream = TcpStream::connect(("127.0.0.1", port)).unwrap(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); ctx.set_cipher_list("ECDHE-PSK-CHACHA20-POLY1305").unwrap(); ctx.set_psk_client_callback(move |_, _, identity, psk| { identity[..CLIENT_IDENT.len()].copy_from_slice(&CLIENT_IDENT); identity[CLIENT_IDENT.len()] = 0; psk[..PSK.len()].copy_from_slice(&PSK); Ok(PSK.len()) }); let ssl = Ssl::new(&ctx.build()).unwrap(); ssl.connect(stream).unwrap(); } Loading
openssl/src/ssl/mod.rs +12 −0 Original line number Diff line number Diff line Loading @@ -1240,6 +1240,18 @@ impl SslContextBuilder { } } #[deprecated(since = "0.10.10", note = "renamed to `set_psk_client_callback`")] #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] pub fn set_psk_callback<F>(&mut self, callback: F) where F: Fn(&mut SslRef, Option<&[u8]>, &mut [u8], &mut [u8]) -> Result<usize, ErrorStack> + 'static + Sync + Send, { self.set_psk_client_callback(callback) } /// Sets the callback for providing an identity and pre-shared key for a TLS-PSK server. /// /// The callback will be called with the SSL context, an identity provided by the client, Loading
openssl/src/ssl/test.rs +35 −0 Original line number Diff line number Diff line Loading @@ -1536,3 +1536,38 @@ fn stateless() { send(client_stream.get_mut(), server_stream.get_mut()); hs(server_stream.handshake()).unwrap(); } #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] #[test] fn psk_ciphers() { const PSK: &[u8] = b"thisisaverysecurekey"; const CLIENT_IDENT: &[u8] = b"thisisaclient"; let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let port = listener.local_addr().unwrap().port(); thread::spawn(move || { let stream = listener.accept().unwrap().0; let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); ctx.set_cipher_list("ECDHE-PSK-CHACHA20-POLY1305").unwrap(); ctx.set_psk_server_callback(move |_, identity, psk| { assert!(identity.unwrap_or(&[]) == CLIENT_IDENT); psk[..PSK.len()].copy_from_slice(&PSK); Ok(PSK.len()) }); let ssl = Ssl::new(&ctx.build()).unwrap(); ssl.accept(stream).unwrap(); }); let stream = TcpStream::connect(("127.0.0.1", port)).unwrap(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); ctx.set_cipher_list("ECDHE-PSK-CHACHA20-POLY1305").unwrap(); ctx.set_psk_client_callback(move |_, _, identity, psk| { identity[..CLIENT_IDENT.len()].copy_from_slice(&CLIENT_IDENT); identity[CLIENT_IDENT.len()] = 0; psk[..PSK.len()].copy_from_slice(&PSK); Ok(PSK.len()) }); let ssl = Ssl::new(&ctx.build()).unwrap(); ssl.connect(stream).unwrap(); }
