GENERATE[html/man3/SSL_set_fd.html]=man3/SSL_set_fd.pod
DEPEND[man/man3/SSL_set_fd.3]=man3/SSL_set_fd.pod
GENERATE[man/man3/SSL_set_fd.3]=man3/SSL_set_fd.pod
-DEPEND[html/man3/SSL_set_incoming_stream_reject_policy.html]=man3/SSL_set_incoming_stream_reject_policy.pod
-GENERATE[html/man3/SSL_set_incoming_stream_reject_policy.html]=man3/SSL_set_incoming_stream_reject_policy.pod
-DEPEND[man/man3/SSL_set_incoming_stream_reject_policy.3]=man3/SSL_set_incoming_stream_reject_policy.pod
-GENERATE[man/man3/SSL_set_incoming_stream_reject_policy.3]=man3/SSL_set_incoming_stream_reject_policy.pod
+DEPEND[html/man3/SSL_set_incoming_stream_policy.html]=man3/SSL_set_incoming_stream_policy.pod
+GENERATE[html/man3/SSL_set_incoming_stream_policy.html]=man3/SSL_set_incoming_stream_policy.pod
+DEPEND[man/man3/SSL_set_incoming_stream_policy.3]=man3/SSL_set_incoming_stream_policy.pod
+GENERATE[man/man3/SSL_set_incoming_stream_policy.3]=man3/SSL_set_incoming_stream_policy.pod
DEPEND[html/man3/SSL_set_initial_peer_addr.html]=man3/SSL_set_initial_peer_addr.pod
GENERATE[html/man3/SSL_set_initial_peer_addr.html]=man3/SSL_set_initial_peer_addr.pod
DEPEND[man/man3/SSL_set_initial_peer_addr.3]=man3/SSL_set_initial_peer_addr.pod
html/man3/SSL_set_blocking_mode.html \
html/man3/SSL_set_connect_state.html \
html/man3/SSL_set_fd.html \
-html/man3/SSL_set_incoming_stream_reject_policy.html \
+html/man3/SSL_set_incoming_stream_policy.html \
html/man3/SSL_set_initial_peer_addr.html \
html/man3/SSL_set_retry_verify.html \
html/man3/SSL_set_session.html \
man/man3/SSL_set_blocking_mode.3 \
man/man3/SSL_set_connect_state.3 \
man/man3/SSL_set_fd.3 \
-man/man3/SSL_set_incoming_stream_reject_policy.3 \
+man/man3/SSL_set_incoming_stream_policy.3 \
man/man3/SSL_set_initial_peer_addr.3 \
man/man3/SSL_set_retry_verify.3 \
man/man3/SSL_set_session.3 \
=end comment
Depending on whether default stream functionality is being used, it may be
-necessary to explicitly configure the incoming stream rejection policy before
-streams can be accepted; see L<SSL_set_incoming_stream_reject_policy(3)>.
+necessary to explicitly configure the incoming stream policy before streams can
+be accepted; see L<SSL_set_incoming_stream_policy(3)>.
=begin comment
if the QUIC connection SSL object previously had a default stream which was
detached using SSL_detach_stream().
-L<SSL_set_incoming_stream_reject_policy(3)> interacts significantly with the
-default stream functionality.
+L<SSL_set_incoming_stream_policy(3)> interacts significantly with the default
+stream functionality.
=head1 RETURN VALUES
=head1 SEE ALSO
L<SSL_new_stream(3)>, L<SSL_accept_stream(3)>, L<SSL_free(3)>,
-L<SSL_set_incoming_stream_reject_policy(3)>
+L<SSL_set_incoming_stream_policy(3)>
=head1 HISTORY
=head1 NAME
-SSL_set_incoming_stream_reject_policy, SSL_INCOMING_STREAM_REJECT_POLICY_AUTO,
-SSL_INCOMING_STREAM_REJECT_POLICY_ACCEPT,
-SSL_INCOMING_STREAM_REJECT_POLICY_REJECT - manage the QUIC incoming stream
+SSL_set_incoming_stream_policy, SSL_INCOMING_STREAM_POLICY_AUTO,
+SSL_INCOMING_STREAM_POLICY_ACCEPT,
+SSL_INCOMING_STREAM_POLICY_REJECT - manage the QUIC incoming stream
rejection policy
=head1 SYNOPSIS
#include <openssl/ssl.h>
- #define SSL_INCOMING_STREAM_REJECT_POLICY_AUTO
- #define SSL_INCOMING_STREAM_REJECT_POLICY_ACCEPT
- #define SSL_INCOMING_STREAM_REJECT_POLICY_REJECT
+ #define SSL_INCOMING_STREAM_POLICY_AUTO
+ #define SSL_INCOMING_STREAM_POLICY_ACCEPT
+ #define SSL_INCOMING_STREAM_POLICY_REJECT
- int SSL_set_incoming_stream_reject_policy(SSL *conn, int policy,
+ int SSL_set_incoming_stream_policy(SSL *conn, int policy,
uint64_t app_error_code);
=head1 DESCRIPTION
-SSL_set_incoming_stream_reject_policy() policy changes the incoming stream
+SSL_set_incoming_stream_policy() policy changes the incoming stream
rejection policy for a QUIC connection. Depending on the policy configured,
OpenSSL QUIC may automatically reject incoming streams initiated by the peer.
This is intended to ensure that legacy applications using single-stream
=over 4
-=item SSL_INCOMING_STREAM_REJECT_POLICY_AUTO
+=item SSL_INCOMING_STREAM_POLICY_AUTO
This is the default setting. Incoming streams are accepted according to the
following rules:
=back
-=item SSL_INCOMING_STREAM_REJECT_POLICY_ACCEPT
+=item SSL_INCOMING_STREAM_POLICY_ACCEPT
Always accept incoming streams, allowing them to be dequeued using
L<SSL_accept_stream(3)>.
-=item SSL_INCOMING_STREAM_REJECT_POLICY_REJECT
+=item SSL_INCOMING_STREAM_POLICY_REJECT
Always reject incoming streams.
=head1 HISTORY
-SSL_set_incoming_stream_reject_policy() was added in OpenSSL 3.2.
+SSL_set_incoming_stream_policy() was added in OpenSSL 3.2.
=head1 COPYRIGHT
__owur int ossl_quic_set_default_stream_mode(SSL *s, uint32_t mode);
__owur SSL *ossl_quic_detach_stream(SSL *s);
__owur int ossl_quic_attach_stream(SSL *conn, SSL *stream);
-__owur int ossl_quic_set_incoming_stream_reject_policy(SSL *s, int policy,
- uint64_t aec);
+__owur int ossl_quic_set_incoming_stream_policy(SSL *s, int policy,
+ uint64_t aec);
__owur SSL *ossl_quic_accept_stream(SSL *s, uint64_t flags);
__owur size_t ossl_quic_get_accept_stream_queue_len(SSL *s);
#define SSL_STREAM_FLAG_UNI (1U << 0)
__owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
-#define SSL_INCOMING_STREAM_REJECT_POLICY_AUTO 0
-#define SSL_INCOMING_STREAM_REJECT_POLICY_ACCEPT 1
-#define SSL_INCOMING_STREAM_REJECT_POLICY_REJECT 2
-__owur int SSL_set_incoming_stream_reject_policy(SSL *s, int policy, uint64_t aec);
+#define SSL_INCOMING_STREAM_POLICY_AUTO 0
+#define SSL_INCOMING_STREAM_POLICY_ACCEPT 1
+#define SSL_INCOMING_STREAM_POLICY_REJECT 2
+__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec);
#define SSL_ACCEPT_STREAM_NO_BLOCK (1U << 0)
__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags);
qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI;
qc->default_ssl_mode = qc->ssl.ctx->mode;
qc->default_blocking = 1;
- qc->incoming_stream_reject_policy
- = SSL_INCOMING_STREAM_REJECT_POLICY_AUTO;
+ qc->incoming_stream_policy = SSL_INCOMING_STREAM_POLICY_AUTO;
qc->last_error = SSL_ERROR_NONE;
if (!create_channel(qc))
}
/*
- * SSL_set_incoming_stream_reject_policy
- * -------------------------------------
+ * SSL_set_incoming_stream_policy
+ * ------------------------------
*/
QUIC_NEEDS_LOCK
-static int qc_get_effective_incoming_stream_reject_policy(QUIC_CONNECTION *qc)
+static int qc_get_effective_incoming_stream_policy(QUIC_CONNECTION *qc)
{
- switch (qc->incoming_stream_reject_policy) {
- case SSL_INCOMING_STREAM_REJECT_POLICY_AUTO:
+ switch (qc->incoming_stream_policy) {
+ case SSL_INCOMING_STREAM_POLICY_AUTO:
if ((qc->default_xso == NULL && !qc->default_xso_created)
|| qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
- return SSL_INCOMING_STREAM_REJECT_POLICY_ACCEPT;
+ return SSL_INCOMING_STREAM_POLICY_ACCEPT;
else
- return SSL_INCOMING_STREAM_REJECT_POLICY_REJECT;
+ return SSL_INCOMING_STREAM_POLICY_REJECT;
default:
- return qc->incoming_stream_reject_policy;
+ return qc->incoming_stream_policy;
}
}
QUIC_NEEDS_LOCK
static void qc_update_reject_policy(QUIC_CONNECTION *qc)
{
- int policy = qc_get_effective_incoming_stream_reject_policy(qc);
- int enable_reject = (policy == SSL_INCOMING_STREAM_REJECT_POLICY_REJECT);
+ int policy = qc_get_effective_incoming_stream_policy(qc);
+ int enable_reject = (policy == SSL_INCOMING_STREAM_POLICY_REJECT);
ossl_quic_channel_set_incoming_stream_auto_reject(qc->ch,
enable_reject,
- qc->incoming_stream_reject_aec);
+ qc->incoming_stream_aec);
}
QUIC_TAKES_LOCK
-int ossl_quic_set_incoming_stream_reject_policy(SSL *s, int policy,
- uint64_t aec)
+int ossl_quic_set_incoming_stream_policy(SSL *s, int policy,
+ uint64_t aec)
{
int ret = 1;
QCTX ctx;
quic_lock(ctx.qc);
switch (policy) {
- case SSL_INCOMING_STREAM_REJECT_POLICY_AUTO:
- case SSL_INCOMING_STREAM_REJECT_POLICY_ACCEPT:
- case SSL_INCOMING_STREAM_REJECT_POLICY_REJECT:
- ctx.qc->incoming_stream_reject_policy = policy;
- ctx.qc->incoming_stream_reject_aec = aec;
+ case SSL_INCOMING_STREAM_POLICY_AUTO:
+ case SSL_INCOMING_STREAM_POLICY_ACCEPT:
+ case SSL_INCOMING_STREAM_POLICY_REJECT:
+ ctx.qc->incoming_stream_policy = policy;
+ ctx.qc->incoming_stream_aec = aec;
break;
default:
quic_lock(ctx.qc);
- if (qc_get_effective_incoming_stream_reject_policy(ctx.qc)
- == SSL_INCOMING_STREAM_REJECT_POLICY_REJECT)
+ if (qc_get_effective_incoming_stream_policy(ctx.qc)
+ == SSL_INCOMING_STREAM_POLICY_REJECT)
goto out;
qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
/* SSL_set_mode. This is not used directly but inherited by new XSOs. */
uint32_t default_ssl_mode;
- /* SSL_set_incoming_stream_reject_policy. */
- int incoming_stream_reject_policy;
- uint64_t incoming_stream_reject_aec;
+ /* SSL_set_incoming_stream_policy. */
+ int incoming_stream_policy;
+ uint64_t incoming_stream_aec;
/*
* Last 'normal' error during an app-level I/O operation, used by
#endif
}
-int SSL_set_incoming_stream_reject_policy(SSL *s, int policy, uint64_t aec)
+int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec)
{
#ifndef OPENSSL_NO_QUIC
if (!IS_QUIC(s))
return 0;
- return ossl_quic_set_incoming_stream_reject_policy(s, policy, aec);
+ return ossl_quic_set_incoming_stream_policy(s, policy, aec);
#else
return 0;
#endif
#define OPK_C_ACCEPT_STREAM_NONE 17
#define OPK_C_FREE_STREAM 18
#define OPK_C_SET_DEFAULT_STREAM_MODE 19
-#define OPK_C_SET_INCOMING_STREAM_REJECT_POLICY 20
+#define OPK_C_SET_INCOMING_STREAM_POLICY 20
#define OPK_C_SHUTDOWN 21
#define OPK_C_EXPECT_CONN_CLOSE_INFO 22
#define OPK_S_EXPECT_CONN_CLOSE_INFO 23
{OPK_C_FREE_STREAM, NULL, 0, NULL, #stream_name},
#define OP_C_SET_DEFAULT_STREAM_MODE(mode) \
{OPK_C_SET_DEFAULT_STREAM_MODE, NULL, (mode), NULL, NULL},
-#define OP_C_SET_INCOMING_STREAM_REJECT_POLICY(policy) \
- {OPK_C_SET_INCOMING_STREAM_REJECT_POLICY, NULL, (policy), NULL, NULL},
+#define OP_C_SET_INCOMING_STREAM_POLICY(policy) \
+ {OPK_C_SET_INCOMING_STREAM_POLICY, NULL, (policy), NULL, NULL},
#define OP_C_SHUTDOWN() \
{OPK_C_SHUTDOWN, NULL, 0, NULL, NULL},
#define OP_C_EXPECT_CONN_CLOSE_INFO(ec, app, remote) \
}
break;
- case OPK_C_SET_INCOMING_STREAM_REJECT_POLICY:
+ case OPK_C_SET_INCOMING_STREAM_POLICY:
{
if (!TEST_ptr(c_tgt))
goto out;
- if (!TEST_true(SSL_set_incoming_stream_reject_policy(c_tgt,
- op->arg1, 0)))
+ if (!TEST_true(SSL_set_incoming_stream_policy(c_tgt,
+ op->arg1, 0)))
goto out;
}
break;
static const struct script_op script_2[] = {
OP_C_SET_ALPN ("ossltest")
OP_C_CONNECT_WAIT ()
- OP_C_SET_INCOMING_STREAM_REJECT_POLICY(SSL_INCOMING_STREAM_REJECT_POLICY_ACCEPT)
+ OP_C_SET_INCOMING_STREAM_POLICY(SSL_INCOMING_STREAM_POLICY_ACCEPT)
OP_C_WRITE (DEFAULT, "apple", 5)
OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
OP_S_READ_EXPECT (a, "apple", 5)
OP_C_EXPECT_FIN (f)
OP_C_WRITE_FAIL (f)
- OP_C_SET_INCOMING_STREAM_REJECT_POLICY(SSL_INCOMING_STREAM_REJECT_POLICY_REJECT)
+ OP_C_SET_INCOMING_STREAM_POLICY(SSL_INCOMING_STREAM_POLICY_REJECT)
OP_S_NEW_STREAM_BIDI (g, S_BIDI_ID(2))
OP_S_WRITE (g, "unseen", 6)
OP_S_CONCLUDE (g)
OP_C_ACCEPT_STREAM_NONE ()
- OP_C_SET_INCOMING_STREAM_REJECT_POLICY(SSL_INCOMING_STREAM_REJECT_POLICY_AUTO)
+ OP_C_SET_INCOMING_STREAM_POLICY(SSL_INCOMING_STREAM_POLICY_AUTO)
OP_S_NEW_STREAM_BIDI (h, S_BIDI_ID(3))
OP_S_WRITE (h, "UNSEEN", 6)
OP_S_CONCLUDE (h)
SSL_set_default_stream_mode ? 3_2_0 EXIST::FUNCTION:
SSL_detach_stream ? 3_2_0 EXIST::FUNCTION:
SSL_attach_stream ? 3_2_0 EXIST::FUNCTION:
-SSL_set_incoming_stream_reject_policy ? 3_2_0 EXIST::FUNCTION:
SSL_accept_stream ? 3_2_0 EXIST::FUNCTION:
SSL_get_accept_stream_queue_len ? 3_2_0 EXIST::FUNCTION:
SSL_stream_reset ? 3_2_0 EXIST::FUNCTION:
SSL_get_stream_read_error_code ? 3_2_0 EXIST::FUNCTION:
SSL_get_stream_write_error_code ? 3_2_0 EXIST::FUNCTION:
SSL_get_conn_close_info ? 3_2_0 EXIST::FUNCTION:
+SSL_set_incoming_stream_policy ? 3_2_0 EXIST::FUNCTION:
SSL_DEFAULT_STREAM_MODE_AUTO_BIDI define
SSL_DEFAULT_STREAM_MODE_AUTO_UNI define
SSL_DEFAULT_STREAM_MODE_NONE define
-SSL_INCOMING_STREAM_REJECT_POLICY_ACCEPT define
-SSL_INCOMING_STREAM_REJECT_POLICY_AUTO define
-SSL_INCOMING_STREAM_REJECT_POLICY_REJECT define
+SSL_INCOMING_STREAM_POLICY_ACCEPT define
+SSL_INCOMING_STREAM_POLICY_AUTO define
+SSL_INCOMING_STREAM_POLICY_REJECT define
TLS_DEFAULT_CIPHERSUITES define deprecated 3.0.0
X509_CRL_http_nbio define deprecated 3.0.0
X509_http_nbio define deprecated 3.0.0
projects / openssl.git / commitdiff