1 files changed, 92 insertions, 0 deletions
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index 5431df13..e2a0f156 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -305,6 +305,9 @@ impl SslMethod {
     }
 }
 
+unsafe impl Sync for SslMethod {}
+unsafe impl Send for SslMethod {}
+
 bitflags! {
     /// Options controling the behavior of certificate verification.
     pub struct SslVerifyMode: i32 {
@@ -363,6 +366,36 @@ bitflags! {
     }
 }
 
+#[cfg(all(feature = "v111", ossl111))]
+bitflags! {
+    /// Which messages and under which conditions an extension should be added or expected.
+    pub struct ExtensionContext: c_uint {
+        /// This extension is only allowed in TLS
+        const TLS_ONLY = ffi::SSL_EXT_TLS_ONLY;
+        /// This extension is only allowed in DTLS
+        const DTLS_ONLY = ffi::SSL_EXT_DTLS_ONLY;
+        /// Some extensions may be allowed in DTLS but we don't implement them for it
+        const TLS_IMPLEMENTATION_ONLY = ffi::SSL_EXT_TLS_IMPLEMENTATION_ONLY;
+        /// Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is
+        const SSL3_ALLOWED = ffi::SSL_EXT_SSL3_ALLOWED;
+        /// Extension is only defined for TLS1.2 and below
+        const TLS1_2_AND_BELOW_ONLY = ffi::SSL_EXT_TLS1_2_AND_BELOW_ONLY;
+        /// Extension is only defined for TLS1.3 and above
+        const TLS1_3_ONLY = ffi::SSL_EXT_TLS1_3_ONLY;
+        /// Ignore this extension during parsing if we are resuming
+        const IGNORE_ON_RESUMPTION = ffi::SSL_EXT_IGNORE_ON_RESUMPTION;
+        const CLIENT_HELLO = ffi::SSL_EXT_CLIENT_HELLO;
+        /// Really means TLS1.2 or below
+        const TLS1_2_SERVER_HELLO = ffi::SSL_EXT_TLS1_2_SERVER_HELLO;
+        const TLS1_3_SERVER_HELLO = ffi::SSL_EXT_TLS1_3_SERVER_HELLO;
+        const TLS1_3_ENCRYPTED_EXTENSIONS = ffi::SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS;
+        const TLS1_3_HELLO_RETRY_REQUEST = ffi::SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST;
+        const TLS1_3_CERTIFICATE = ffi::SSL_EXT_TLS1_3_CERTIFICATE;
+        const TLS1_3_NEW_SESSION_TICKET = ffi::SSL_EXT_TLS1_3_NEW_SESSION_TICKET;
+        const TLS1_3_CERTIFICATE_REQUEST = ffi::SSL_EXT_TLS1_3_CERTIFICATE_REQUEST;
+    }
+}
+
 /// An identifier of the format of a certificate or key file.
 #[derive(Copy, Clone)]
 pub struct SslFiletype(c_int);
@@ -501,6 +534,8 @@ pub struct SslAlert(c_int);
 impl SslAlert {
     /// Alert 112 - `unrecognized_name`.
     pub const UNRECOGNIZED_NAME: SslAlert = SslAlert(ffi::SSL_AD_UNRECOGNIZED_NAME);
+    pub const ILLEGAL_PARAMETER: SslAlert = SslAlert(ffi::SSL_AD_ILLEGAL_PARAMETER);
+    pub const DECODE_ERROR: SslAlert = SslAlert(ffi::SSL_AD_DECODE_ERROR);
 }
 
 /// An error returned from an ALPN selection callback.
@@ -1471,6 +1506,63 @@ impl SslContextBuilder {
         }
     }
 
+    /// Adds a custom extension for a TLS/DTLS client or server for all supported protocol versions.
+    ///
+    /// This corresponds to [`SSL_CTX_add_custom_ext`].
+    ///
+    /// [`SSL_CTX_add_custom_ext`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_add_custom_ext.html
+    #[cfg(all(feature = "v111", ossl111))]
+    pub fn add_custom_ext<AddFn, ParseFn, T>(
+        &mut self,
+        ext_type: u16,
+        context: ExtensionContext,
+        add_cb: AddFn,
+        parse_cb: ParseFn,
+    ) -> Result<(), ErrorStack>
+    where
+        AddFn: Fn(&mut SslRef, ExtensionContext, Option<(usize, &X509Ref)>) -> Result<Option<T>, SslAlert>
+            + 'static
+            + Sync
+            + Send,
+        T: AsRef<[u8]> + 'static + Sync + Send,
+        ParseFn: Fn(&mut SslRef, ExtensionContext, &[u8], Option<(usize, &X509Ref)>) -> Result<(), SslAlert>
+            + 'static
+            + Sync
+            + Send,
+    {
+        let ret = unsafe {
+            let add_cb = Box::new(add_cb);
+            ffi::SSL_CTX_set_ex_data(
+                self.as_ptr(),
+                get_callback_idx::<AddFn>(),
+                Box::into_raw(add_cb) as *mut _,
+            );
+
+            let parse_cb = Box::new(parse_cb);
+            ffi::SSL_CTX_set_ex_data(
+                self.as_ptr(),
+                get_callback_idx::<ParseFn>(),
+                Box::into_raw(parse_cb) as *mut _,
+            );
+
+            ffi::SSL_CTX_add_custom_ext(
+                self.as_ptr(),
+                ext_type as c_uint,
+                context.bits(),
+                Some(raw_custom_ext_add::<AddFn, T>),
+                Some(raw_custom_ext_free::<T>),
+                ptr::null_mut(),
+                Some(raw_custom_ext_parse::<ParseFn>),
+                ptr::null_mut(),
+            )
+        };
+        if ret == 1 {
+            Ok(())
+        } else {
+            Err(ErrorStack::get())
+        }
+    }
+
     /// Consumes the builder, returning a new `SslContext`.
     pub fn build(self) -> SslContext {
         self.0