add SslContext::set_status_type

G3-OSS · Jan 18, 2024 · ab23803 · ab23803
1 parent d25f106
commit ab23803
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 0 deletions.
diff --git a/openssl-sys/src/ssl.rs b/openssl-sys/src/ssl.rs
@@ -380,6 +380,7 @@ pub const SSL_CTRL_GET_EXTMS_SUPPORT: c_int = 122;
 pub const SSL_CTRL_SET_MIN_PROTO_VERSION: c_int = 123;
 #[cfg(any(ossl110, libressl261))]
 pub const SSL_CTRL_SET_MAX_PROTO_VERSION: c_int = 124;
+pub const SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE: cint = 127;
 #[cfg(any(ossl110g, libressl270))]
 pub const SSL_CTRL_GET_MIN_PROTO_VERSION: c_int = 130;
 #[cfg(any(ossl110g, libressl270))]

diff --git a/openssl-sys/src/tls1.rs b/openssl-sys/src/tls1.rs
@@ -38,6 +38,15 @@ pub unsafe fn SSL_set_tlsext_status_type(s: *mut SSL, type_: c_int) -> c_long {
     )
 }
 
+pub unsafe fn SSL_get_tlsext_status_type(s: *mut SSL) -> c_long {
+    SSL_ctrl(
+        s,
+        SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,
+        0,
+        ptr::null_mut(),
+    )
+}
+
 pub unsafe fn SSL_get_tlsext_status_ocsp_resp(ssl: *mut SSL, resp: *mut *mut c_uchar) -> c_long {
     SSL_ctrl(
         ssl,
@@ -96,3 +105,22 @@ pub unsafe fn SSL_CTX_set_tlsext_status_cb(
 pub unsafe fn SSL_CTX_set_tlsext_status_arg(ctx: *mut SSL_CTX, arg: *mut c_void) -> c_long {
     SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG, 0, arg)
 }
+
+pub unsafe fn SSL_CTX_set_tlsext_status_type(ctx: *mut SSL_CTX, type_: c_int) -> c_long {
+    SSL_CTX_ctrl(
+        ctx,
+        SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,
+        type_ as c_long,
+        ptr::null_mut(),
+    )
+}
+
+pub unsafe fn SSL_CTX_get_tlsext_status_type(ctx: *mut SSL_CTX) -> c_long {
+    SSL_CTX_ctrl(
+        ctx,
+        SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,
+        0,
+        ptr::null_mut(),
+    )
+}
+
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
@@ -1525,6 +1525,14 @@ impl SslContextBuilder {
         unsafe { X509VerifyParamRef::from_ptr_mut(ffi::SSL_CTX_get0_param(self.as_ptr())) }
     }
 
+    /// Sets the status response a client wishes the server to reply with.
+    #[corresponds(SSL_CTX_set_tlsext_status_type)]
+    pub fn set_status_type(&mut self, type_: StatusType) -> Result<(), ErrorStack> {
+        unsafe {
+            cvt(ffi::SSL_CTX_set_tlsext_status_type(self.as_ptr(), type_.as_raw()) as c_int).map(|_| ())
+        }
+    }
+
     /// Sets the callback dealing with OCSP stapling.
     ///
     /// On the client side, this callback is responsible for validating the OCSP status response