Expose API to enable certificate compression. #241
Conversation
|
Hello @inikulin! |
mstyura
force-pushed
the
cert-compression
branch
from
b5ab8cb to
77e68b7
Compare
mstyura
force-pushed
the
cert-compression
branch
from
77e68b7 to
2245501
Compare
| return 0; | ||
| } | ||
| if cursor.position() != uncompressed_len as u64 { | ||
| return 0; |
There was a problem hiding this comment.
This leaks decompressed?
| let success = unsafe { | ||
| self.replace_ex_data(SslContext::cached_ex_index::<C>(), compressor); | ||
|
|
||
| ffi::SSL_CTX_add_cert_compression_alg( |
There was a problem hiding this comment.
The callbacks are per algorithm, but the ex data is per type. If can_compress/can_decompress were set dynamically, it could get the callbacks out of sync with the implementation.
Maybe this function should fail if the ex data for C already exists?
Also SSL_CTX_add_cert_compression_alg will fail if the same algorithm is set more than once, but keeps the previous callbacks still set. In the current implementation that would use old callbacks, but replace the instance of C regardless. It's not strictly speaking unsound since the callbacks are type-specific, but it may be surprising.
As a user of
tokio-boringI'd like to control certificate compression feature using high-level Rust-friendly API instead of directly calling C functions formboring-sys.I'm ready to adjust implementation if necessary to match the style of the rest of the crate.