Fix lookup errors with SNI callback.

The job of an SNI callback is typically to swap out the context
associated with an SSL depending on the domain the client is trying to
talk to. Typically, only the callbacks associated with the current
context are used, but this is not the case for the SNI callback.

If SNI is run for a second time on a connection (i.e. in a
renegotiation) and the context was replaced with one that didn't itself
register an SNI callback, the old callback would run but wouldn't be
able to find its state in the context's ex data. To work around this, we
pass the pointer to the callback data directly to the callback to make
sure it's always available. It still lives in ex data to handle the
lifetime management.

Closes #979

1 files changed, 4 insertions, 6 deletions

diff --git a/openssl/src/ssl/callbacks.rs b/openssl/src/ssl/callbacks.rs
index f9a5aa09..c9779416 100644
--- a/openssl/src/ssl/callbacks.rs
+++ b/openssl/src/ssl/callbacks.rs
@@ -109,7 +109,8 @@ where
         let ssl = SslRef::from_ptr_mut(ssl);
         let callback_idx = SslContext::cached_ex_index::<F>();
 
-        let callback = ssl.ssl_context()
+        let callback = ssl
+            .ssl_context()
             .ex_data(callback_idx)
             .expect("BUG: psk callback missing") as *const F;
         let identity = if identity != ptr::null() {
@@ -152,16 +153,13 @@ where
     }
 }
 
-pub extern "C" fn raw_sni<F>(ssl: *mut ffi::SSL, al: *mut c_int, _arg: *mut c_void) -> c_int
+pub extern "C" fn raw_sni<F>(ssl: *mut ffi::SSL, al: *mut c_int, arg: *mut c_void) -> c_int
 where
     F: Fn(&mut SslRef, &mut SslAlert) -> Result<(), SniError> + 'static + Sync + Send,
 {
     unsafe {
         let ssl = SslRef::from_ptr_mut(ssl);
-        let callback = ssl
-            .ssl_context()
-            .ex_data(SslContext::cached_ex_index::<F>())
-            .expect("BUG: sni callback missing") as *const F;
+        let callback = arg as *const F;
         let mut alert = SslAlert(*al);
 
         let r = (*callback)(ssl, &mut alert);