Skip to content

Commit

Permalink
Pull request 670: AG-34973 Enable SSL permute extensions
Browse files Browse the repository at this point in the history 
Merge in ADGUARD-CORE-LIBS/dns-libs from feature/permute_extensions to master

Squashed commit of the following:

commit c03844211b764ebc8e9e348e44102dd8d2d05a30
Author: Andrey Yakushin <[email protected]>
Date:   Tue Aug 6 14:08:57 2024 +0400

    Fix var name

commit 65f34dc8f0bf52c0f747033197f1b3d83bdf0104
Author: Andrey Yakushin <[email protected]>
Date:   Tue Aug 6 13:37:43 2024 +0400

    Move enabling extensions permutation to a better place

commit badf0aa67e2aebb016ff65447e5f7c171a1e70d5
Author: Andrey Yakushin <[email protected]>
Date:   Tue Aug 6 13:17:43 2024 +0400

    Update NLC

commit 4abc3169efe8f9438b806701bf3d9c6cd4ee0e05
Author: Andrey Yakushin <[email protected]>
Date:   Tue Aug 6 13:17:23 2024 +0400

    SSL permute extensions
  • Loading branch information
@anyakushin @sfionov
anyakushin authored and sfionov committed Aug 7, 2024
1 parent 1674d9e commit bae4498
Show file tree
Hide file tree
Showing 4 changed files with 8 additions and 1 deletion.
2 changes: 1 addition & 1 deletion conanfile.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ def requirements(self):
self.requires("klib/2021-04-06@adguard_team/native_libs_common", transitive_headers=True)
self.requires("ldns/2021-03-29@adguard_team/native_libs_common", transitive_headers=True)
self.requires("magic_enum/0.9.5", transitive_headers=True)
self.requires("native_libs_common/6.1.8@adguard_team/native_libs_common", transitive_headers=True)
self.requires("native_libs_common/6.1.11@adguard_team/native_libs_common", transitive_headers=True)
self.requires("ngtcp2/1.0.1@adguard_team/native_libs_common", transitive_headers=True)
self.requires("pcre2/10.37@adguard_team/native_libs_common", transitive_headers=True)
self.requires("tldregistry/2022-12-26@adguard_team/native_libs_common", transitive_headers=True)
Expand Down
3 changes: 3 additions & 0 deletions net/tls_codec.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,9 @@ Error<TlsCodec::TlsError> TlsCodec::connect(const std::string &sni, std::vector<
ag::UniquePtr<SSL_CTX, &SSL_CTX_free> ctx{SSL_CTX_new(TLS_client_method())};
SSL_CTX_set_verify(ctx.get(), SSL_VERIFY_PEER, nullptr);
SSL_CTX_set_cert_verify_callback(ctx.get(), ssl_verify_callback, this);
#ifdef OPENSSL_IS_BORINGSSL
SSL_CTX_set_permute_extensions(ctx.get(), true);
#endif // OPENSSL_IS_BORINGSSL
TlsSessionCache::prepare_ssl_ctx(ctx.get());

m_ssl.reset(SSL_new(ctx.get()));
Expand Down
1 change: 1 addition & 0 deletions upstream/upstream_doh.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1140,6 +1140,7 @@ ag::coro::Task<ag::Error<ag::dns::DnsError>> ag::dns::DohUpstream::Http3Connecti
SSL_CTX_set_cert_verify_callback(ssl_ctx.get(), on_certificate_verify, this);
TlsSessionCache::prepare_ssl_ctx(ssl_ctx.get());
#ifdef OPENSSL_IS_BORINGSSL
SSL_CTX_set_permute_extensions(ssl_ctx.get(), true);
if (0 != ngtcp2_crypto_boringssl_configure_client_context(ssl_ctx.get()))
#else
if (0 != ngtcp2_crypto_quictls_configure_client_context(ssl_ctx.get()))
Expand Down
3 changes: 3 additions & 0 deletions upstream/upstream_doq.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -855,6 +855,9 @@ int DoqUpstream::init_ssl_ctx() {
// setup our verifier
SSL_CTX_set_verify(m_ssl_ctx.get(), SSL_VERIFY_PEER, nullptr);
SSL_CTX_set_cert_verify_callback(m_ssl_ctx.get(), DoqUpstream::ssl_verify_callback, nullptr);
#ifdef OPENSSL_IS_BORINGSSL
SSL_CTX_set_permute_extensions(m_ssl_ctx.get(), true);
#endif // OPENSSL_IS_BORINGSSL
TlsSessionCache::prepare_ssl_ctx(m_ssl_ctx.get());
return 0;
}
Expand Down

0 comments on commit bae4498

Please sign in to comment.