SSL_CTX_set_alpn_select_cb and Other OpenSSL API ALPN Functions + Their Callbacks

Osman Zakir osmanzakir90 at hotmail.com
Sun Jul 31 04:13:40 UTC 2022


Anyone good with C/C++ and the ClientHello message who can help me out here?  I wrote the callback to SSL_CTX_set_client_hello_cb like this:
static int set_alpn_cb(SSL* ssl, int alert, void* arg)
{
      constexpr int ext_type{ TLSEXT_TYPE_application_layer_protocol_negotiation };
      int extensions[1]{ ext_type };
      std::size_t extensions_len{ 1u };
      int extensions_present{ SSL_client_hello_get1_extensions_present(ssl,
            reinterpret_cast<int**>(extensions), &extensions_len) };
      const unsigned char** alpn_str;
      std::size_t alpn_str_len{};

      // 1 means success
      if (extensions_present == 1)
      {
            SSL_client_hello_get0_ext(ssl, ext_type, alpn_str, &alpn_str_len);
            std::cout << "alpn_str: " << alpn_str << std::endl;
      }
}

(not sure if I did this right, and also don't know how to actually get the ALPN and choose a protocol with this since the out​ parameter is of type const unsigned char**​ meaning it can't be modified inside the function either, or else I could've expected the ALPN string to be in there after the function returns.)

And I called the SSL_CTX_set_client_hello_cb function like this (inside the function where I'm doing the TLS handshake for the server):
auto* ssl_ctx{ ctx.native_handle() };
SSL* ssl{};
void* arg{};
SSL_CTX_set_client_hello_cb(ssl_ctx, &set_alpn_cb, nullptr);

​And now I have an error saying:
error C2664: 'void SSL_CTX_set_client_hello_cb(SSL_CTX *,SSL_client_hello_cb_fn,void *)': cannot convert argument 2 from 'int (__cdecl *)(SSL *,int,void *)' to 'SSL_client_hello_cb_fn'

Without the &​ in front, I get this error:
 error C2664: 'void SSL_CTX_set_client_hello_cb(SSL_CTX *,SSL_client_hello_cb_fn,void *)': cannot convert argument 2 from 'int (__cdecl *)(SSL *,int,void *)' to 'SSL_client_hello_cb_fn'

Someone please help, if possible.  Thanks.
-------- Original Message --------

*Subject:* Re: SSL_CTX_set_alpn_select_cb and Other OpenSSL API ALPN
Functions + Their Callbacks
*From:* Osman Zakir <osmanzakir90 at hotmail.com>
*To:* "angus at magsys.co.uk" <angus at magsys.co.uk>
*Date:* Sat, 30 Jul 2022 16:51:36 +0000

> Sorry, I can not educate you in how write C programmes.

I'm not asking you to.  I'm only asking if there are good examples of
C/C++ code using the function properly.  And at least answer my
question about the wire-format for HTTP/2, please.

And what does the value of the SSL* pointer have to be?

-------- Original Message --------

*Subject:* Re: SSL_CTX_set_alpn_select_cb and Other OpenSSL API ALPN
Functions + Their Callbacks
*From:* Osman Zakir <osmanzakir90 at hotmail.com>
*To:* "angus at magsys.co.uk" <angus at magsys.co.uk>
*Date:* Sat, 30 Jul 2022 14:41:04 +0000

> There is a detailed OpenSSL manaul page for
>SSL_CTX_set_client_hello_cb.

I took a look at that and have some questions: In the callback function
arguments, would it be okay to pass 0 as the second argument if I have
no error to alert?  What should the third argument be?  The protocol in
wire-format?  And what do pass as the first argument?  The SSL_CTX?

I also don't really get the wire-format itself.  Is HTTP/2 guaranteed
to always be represented by the char array {6, 's', 'p', 'd', 'y', '/',
'1'}_?

> Google brings up lots of examples of it being used.

Having some trouble finding them.

> My own implementation is open source at:

 > https://svn.overbyte.be/svn/ics/trunk/Source/OverbyteIcsWSocket.pas

> but is Delphi/pascal language.

Thanks for that, but I don't really understand Pascal.  I need a good C
or C++ example.

Osman

-------- Original Message --------

*Subject:* Re: SSL_CTX_set_alpn_select_cb and Other OpenSSL API ALPN
Functions + Their Callbacks
*From:* Osman Zakir <osmanzakir90 at hotmail.com>
*To:* "angus at magsys.co.uk" <angus at magsys.co.uk>
*Date:* Sat, 30 Jul 2022 00:50:56 +0000

Thanks for the reply.

So, how do I write the SSL_client_hello_cb_fn callback?  I need some
examples for this and also for parsing whatever I need to parse to get
the TLSEXT_TYPE_server_name and
TLSEXT_TYPE_application_layer_protocol_negotiation that I need.  I'm
sorry about this but I'm completely new to using OpenSSL directly and
also to ALPN.

I'm not a networking person or library author originally, so I also had
to read up on ASIO before I could use Boost.Beast to write my app
server.  Difference is that ASIO and Beast are at least documented well
and the latter even has server and client examples that are their own
self-contained apps that you can just take and work with.

[Sorry for the top-posting, but hotmail isn't letting me fix it for
some reason; it used to before.]
________________________________
From: openssl-users <openssl-users-bounces at openssl.org> on behalf of
Angus Robertson - Magenta Systems Ltd <angus at magsys.co.uk>
Sent: Friday, July 29, 2022 9:22 PM
To: openssl-users at openssl.org <openssl-users at openssl.org>
Subject: Re: SSL_CTX_set_alpn_select_cb and Other OpenSSL API ALPN
Functions + Their Callbacks

> I don't understand how to write the callback functions some of
> the OpenSSL ALPN functions expect, and the manual really isn't
> helping there either, so I'd like some help.

Use SSL_CTX_set_client_hello_cb to set a SSL_client_hello_cb_fn
function, which you can parse to get TLSEXT_TYPE_server_name and
TLSEXT_TYPE_application_layer_protocol_negotiation, and everything else
sent in the Client Hello (if you need it) like SSL versions and ciphers
supported.

Within this callback you can change SSL_CTX depending on SNI and ALPN.


Ignore the SNI and ALPN callbacks.  client_hello_cb was only added in
1.1.1 so is often missing from old examples, FAQs and manuals.

Angus



--
*Included Files:*
am2file:001-HTML_Message.html



--
*Included Files:*
am2file:001-HTML_Message.html



--
*Included Files:*
am2file:001-HTML_Message.html

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20220731/cb4fbeda/attachment-0001.htm>


More information about the openssl-users mailing list