Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds support for custom user PSKs. Example usage (from added test in
ssl.rs
):Then do the same on the server side and you're off to the races!
One tradeoff/simplification I made: In general, the client can provide a "client identity" string to the server which is transmitted in the ClientHello, and the server can choose which PSK it uses based on the client identity. That functionality is not supported by this PR, which only allows specifying a single fixed PSK buffer on both client and server.
To support the general case, the wolfSSL api, like the OpenSSL api, doesn't take a fixed buffer but rather takes a callback function that writes the PSK into a mutable buffer. I created global callback functions, and then use
wolfSSL_{get,set}_psk_callback_ctx
to pass the PSK buffer into the callback. This means we have to own the memory for the PSK buffer since we can only store a pointer to it in theWOLFSSL
object, so I added the PSK buffer as an extra field on the context and session.I'm a C++ dev by trade and this is my first time contributing to a Rust project so I'm happy to take advice!
Resolves #237