__owur int ossl_quic_set_default_stream_mode(SSL *s, uint32_t mode);
__owur SSL *ossl_quic_detach_stream(SSL *s);
__owur int ossl_quic_attach_stream(SSL *conn, SSL *stream);
+__owur int ossl_quic_set_incoming_stream_reject_policy(SSL *s, int policy,
+ uint64_t aec);
/*
* Used to override ossl_time_now() for debug purposes. Must be called before
#define SSL_STREAM_FLAG_UNI (1U << 0)
__owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
+#define SSL_INCOMING_STREAM_REJECT_POLICY_AUTO 0
+#define SSL_INCOMING_STREAM_REJECT_POLICY_ACCEPT 1
+#define SSL_INCOMING_STREAM_REJECT_POLICY_REJECT 2
+__owur int SSL_set_incoming_stream_reject_policy(SSL *s, int policy, uint64_t aec);
+
# ifndef OPENSSL_NO_QUIC
__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
size_t buf_len,
qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI;
qc->default_ssl_mode = qc->ssl.ctx->mode;
qc->default_blocking = 1;
+ qc->incoming_stream_reject_policy
+ = SSL_INCOMING_STREAM_REJECT_POLICY_AUTO;
qc->last_error = SSL_ERROR_NONE;
if (!create_channel(qc))
return 1;
}
+/*
+ * SSL_set_incoming_stream_reject_policy
+ * -------------------------------------
+ */
+int ossl_quic_set_incoming_stream_reject_policy(SSL *s, int policy,
+ uint64_t aec)
+{
+ int ret = 1;
+ QCTX ctx;
+
+ if (!expect_quic_conn_only(s, &ctx))
+ return 0;
+
+ quic_lock(ctx.qc);
+
+ switch (policy) {
+ case SSL_INCOMING_STREAM_REJECT_POLICY_AUTO:
+ case SSL_INCOMING_STREAM_REJECT_POLICY_ACCEPT:
+ case SSL_INCOMING_STREAM_REJECT_POLICY_REJECT:
+ ctx.qc->incoming_stream_reject_policy = policy;
+ ctx.qc->incoming_stream_reject_aec = aec;
+ break;
+
+ default:
+ ret = 0;
+ break;
+ }
+
+ quic_unlock(ctx.qc);
+ return ret;
+}
+
/*
* QUIC Front-End I/O API: SSL_CTX Management
* ==========================================
/* SSL_set_mode. This is not used directly but inherited by new XSOs. */
uint32_t default_ssl_mode;
+ /* SSL_set_incoming_stream_reject_policy. */
+ int incoming_stream_reject_policy;
+ uint64_t incoming_stream_reject_aec;
+
/*
* Last 'normal' error during an app-level I/O operation, used by
* SSL_get_error(); used to track data-path errors like SSL_ERROR_WANT_READ
#endif
}
+int SSL_set_incoming_stream_reject_policy(SSL *s, int policy, uint64_t aec)
+{
+#ifndef OPENSSL_NO_QUIC
+ if (!IS_QUIC(s))
+ return 0;
+
+ return ossl_quic_set_incoming_stream_reject_policy(s, policy, aec);
+#else
+ return 0;
+#endif
+}
+
int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk)
{
unsigned char *data = NULL;
SSL_set_default_stream_mode ? 3_2_0 EXIST::FUNCTION:
SSL_detach_stream ? 3_2_0 EXIST::FUNCTION:
SSL_attach_stream ? 3_2_0 EXIST::FUNCTION:
+SSL_set_incoming_stream_reject_policy ? 3_2_0 EXIST::FUNCTION: