Add support for SSL_group_to_name and SSL_get_negotiated_group #2201
Conversation
There is a mismatch upstream in OpenSSL between documentation and header file regarding the `const` for the SSL argument. See sfackler#2201 (comment)
Clippy suggests removing superfluous lifetime annotations
romen
force-pushed
the
nt/SSL_get_negotiated_group
branch
from
f92c896
to
0d838a5
Compare
Minor documentation fixes
openssl/src/ssl/mod.rs
Outdated
| /// bitwise OR of TLSEXT_nid_unknown (0x1000000) and the id of the group. | ||
| #[corresponds(SSL_get_negotiated_group)] | ||
| #[cfg(ossl300)] | ||
| pub fn negotiated_group(&self) -> Result<c_int, ErrorStack> { |
There was a problem hiding this comment.
I don't think we shouldn't be exposing this as a raw c_int. Since their doing the weird unknown thing, I think we'd need to make a NegotiatedGroup type that provides a pub fn nid(self) -> Option<Nid> and pub fn unknown_group_id(self) -> Option<i32>.
There was a problem hiding this comment.
I can do this change.
Then again in SSL::group_to_name which calls SSL_group_to_name(), we need the raw unaltered c_int.
Should the NegotiatedGroup type implement From/To trait to convert back to the raw c_int?
Suggestions on how to implement that?
There was a problem hiding this comment.
Yep, these wrapper types have an as_raw method to get the c_int out: https://docs.rs/openssl/latest/openssl/nid/struct.Nid.html#method.as_raw
There was a problem hiding this comment.
I tried addressing this with 893ce6a
This PR adds support for OpenSSL 3.0 functions to retrieve information about the effective group negotiated in the TLS handshake from an
SSL*object.Marked as draft as I need more guidance from maintainers:
cargo testfails withso I must be doing something wrong with the declaration, but I am struggling to see it
in
openssl/src/ssl/mod.rs:3523I currently have an.expect()which is probably undesirable, but I'd like guidance on the proper way to handle that error to be consistent with the rest of the crate.