diff --git a/openssl-sys/Cargo.toml b/openssl-sys/Cargo.toml index 76ac739c..5351fcd9 100644 --- a/openssl-sys/Cargo.toml +++ b/openssl-sys/Cargo.toml @@ -26,7 +26,7 @@ aws-lc-sys = { version = "0.13.0", optional = true, features = ["ssl"] } bindgen = { version = "0.69.0", optional = true, features = ["experimental"] } cc = "1.0.61" openssl-src = { version = "300.1.2", optional = true } -tongsuo-src = { version = "840.2.0", optional = true } +tongsuo-src = { version = "833", optional = true } pkg-config = "0.3.9" vcpkg = "0.2.8" diff --git a/openssl-sys/build/expando.c b/openssl-sys/build/expando.c index 0efc2b69..3d3ee18b 100644 --- a/openssl-sys/build/expando.c +++ b/openssl-sys/build/expando.c @@ -25,6 +25,9 @@ RUST_CONF_OPENSSL_NO_OCSP RUST_OPENSSL_IS_BORINGSSL #endif +#ifdef BABASSL_VERSION_NUMBER +RUST_OPENSSL_IS_TONGSUO +#endif #ifdef TONGSUO_VERSION_NUMBER RUST_OPENSSL_IS_TONGSUO diff --git a/openssl-sys/src/handwritten/ssl.rs b/openssl-sys/src/handwritten/ssl.rs index 9ea6a8fb..cb904d94 100644 --- a/openssl-sys/src/handwritten/ssl.rs +++ b/openssl-sys/src/handwritten/ssl.rs @@ -555,11 +555,15 @@ cfg_if! { pub fn SSL_CTX_use_sign_PrivateKey_file(ctx: *mut SSL_CTX, file: *const c_char, type_: c_int) -> c_int; pub fn SSL_CTX_enable_ntls(ctx: *mut SSL_CTX); pub fn SSL_CTX_disable_ntls(ctx: *mut SSL_CTX); + #[cfg(ossl300)] pub fn SSL_CTX_enable_force_ntls(ctx: *mut SSL_CTX); + #[cfg(ossl300)] pub fn SSL_CTX_disable_force_ntls(ctx: *mut SSL_CTX); pub fn SSL_enable_ntls(s: *mut SSL); pub fn SSL_disable_ntls(s: *mut SSL); + #[cfg(ossl300)] pub fn SSL_enable_force_ntls(s: *mut SSL); + #[cfg(ossl300)] pub fn SSL_disable_force_ntls(s: *mut SSL); pub fn SSL_CTX_enable_sm_tls13_strict(ctx: *mut SSL_CTX); pub fn SSL_CTX_disable_sm_tls13_strict(ctx: *mut SSL_CTX); diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs index e428ae43..de71af10 100644 --- a/openssl/src/ssl/connector.rs +++ b/openssl/src/ssl/connector.rs @@ -317,6 +317,8 @@ impl SslAcceptor { #[cfg(tongsuo)] pub fn tongsuo_tlcp() -> Result { let mut ctx = ctx(SslMethod::ntls_server())?; + ctx.enable_ntls(); + #[cfg(ossl300)] ctx.enable_force_ntls(); // the EC curves should always be SM2 ctx.set_cipher_list( diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index cb514b94..efde51f2 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -852,13 +852,13 @@ impl SslContextBuilder { unsafe { ffi::SSL_CTX_disable_ntls(self.as_ptr()) } } - #[cfg(tongsuo)] + #[cfg(all(tongsuo, ossl300))] #[corresponds(SSL_CTX_enable_force_ntls)] pub fn enable_force_ntls(&mut self) { unsafe { ffi::SSL_CTX_enable_force_ntls(self.as_ptr()) } } - #[cfg(tongsuo)] + #[cfg(all(tongsuo, ossl300))] #[corresponds(SSL_CTX_disable_force_ntls)] pub fn disable_force_ntls(&mut self) { unsafe { ffi::SSL_CTX_disable_force_ntls(self.as_ptr()) } @@ -2853,13 +2853,13 @@ impl SslRef { unsafe { ffi::SSL_disable_ntls(self.as_ptr()) } } - #[cfg(tongsuo)] + #[cfg(all(tongsuo, ossl300))] #[corresponds(SSL_enable_force_ntls)] pub fn enable_force_ntls(&mut self) { unsafe { ffi::SSL_enable_force_ntls(self.as_ptr()) } } - #[cfg(tongsuo)] + #[cfg(all(tongsuo, ossl300))] #[corresponds(SSL_disable_force_ntls)] pub fn disable_force_ntls(&mut self) { unsafe { ffi::SSL_disable_force_ntls(self.as_ptr()) }