Implement SSL_get_early_data_status

ctz · ctz · commit 23f185b7975d · 2025-06-12T15:13:39.000+01:00
diff --git a/MATRIX.md b/MATRIX.md
@@ -334,7 +334,7 @@
 | `SSL_get_default_passwd_cb`  |  |  |  |  |
 | `SSL_get_default_passwd_cb_userdata`  |  |  |  |  |
 | `SSL_get_default_timeout`  |  |  |  |  |
-| `SSL_get_early_data_status`  |  |  | :white_check_mark: |  |
+| `SSL_get_early_data_status`  |  |  | :white_check_mark: | :white_check_mark: |
 | `SSL_get_error`  | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
 | `SSL_get_ex_data`  | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
 | `SSL_get_ex_data_X509_STORE_CTX_idx`  |  | :white_check_mark: | :white_check_mark: | :exclamation: [^stub] |
diff --git a/build.rs b/build.rs
@@ -162,6 +162,7 @@ const ENTRYPOINTS: &[&str] = &[
     "SSL_get_client_random",
     "SSL_get_current_cipher",
     "SSL_get_current_compression",
+    "SSL_get_early_data_status",
     "SSL_get_error",
     "SSL_get_ex_data",
     "SSL_get_ex_data_X509_STORE_CTX_idx",
diff --git a/src/entry.rs b/src/entry.rs
@@ -1007,6 +1007,12 @@ entry! {
     }
 }
 
+entry! {
+    pub fn _SSL_get_early_data_status(ssl: *const SSL) -> c_int {
+        try_clone_arc!(ssl).get_mut().get_early_data_status().into()
+    }
+}
+
 entry! {
     pub fn _SSL_set_alpn_protos(
         ssl: *mut SSL,
diff --git a/src/lib.rs b/src/lib.rs
@@ -858,6 +858,27 @@ impl Ssl {
         self.max_early_data = max;
     }
 
+    fn get_early_data_status(&mut self) -> EarlyDataStatus {
+        // XXX: unfortunately `ClientConnection::early_data()` and
+        // `ServerConnection::early_data()` both require a mut self;
+        // which means this getter is mut too.
+        match self.conn_mut() {
+            Some(Connection::Server(server)) => match server.early_data() {
+                Some(_) => EarlyDataStatus::Accepted,
+                None => EarlyDataStatus::NotSent,
+            },
+            Some(Connection::Client(client)) => {
+                let accepted = client.is_early_data_accepted();
+                match (client.early_data(), accepted) {
+                    (_, true) => EarlyDataStatus::Accepted,
+                    (None, false) => EarlyDataStatus::Rejected,
+                    (Some(_), _) => EarlyDataStatus::NotSent,
+                }
+            }
+            None => EarlyDataStatus::NotSent,
+        }
+    }
+
     fn clear_options(&mut self, clear: u64) -> u64 {
         self.raw_options &= !clear;
         self.raw_options
@@ -1722,6 +1743,24 @@ impl EnabledVersions {
     }
 }
 
+#[derive(Debug)]
+enum EarlyDataStatus {
+    NotSent,
+    Rejected,
+    Accepted,
+}
+
+impl From<EarlyDataStatus> for c_int {
+    fn from(e: EarlyDataStatus) -> Self {
+        // refer to OpenSSL SSL_EARLY_DATA_NOT_SENT et al.
+        match e {
+            EarlyDataStatus::NotSent => 0,
+            EarlyDataStatus::Rejected => 1,
+            EarlyDataStatus::Accepted => 2,
+        }
+    }
+}
+
 pub(crate) const SSL_OP_NO_TICKET: u64 = 1 << 14; // See ssl.h
 
 #[cfg(test)]
diff --git a/tests/client.c b/tests/client.c
@@ -101,6 +101,7 @@ int main(int argc, char **argv) {
   printf("SSL_get_min_proto_version 0x%lx\n", SSL_get_min_proto_version(ssl));
   printf("SSL_get_max_proto_version 0x%lx\n", SSL_get_max_proto_version(ssl));
   printf("SSL_renegotiate_pending %d\n", SSL_renegotiate_pending(ssl));
+  printf("SSL_get_early_data_status %d\n", SSL_get_early_data_status(ssl));
   printf("SSL_get_servername: %s (%d)\n",
          SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name),
          SSL_get_servername_type(ssl));

Original file line number	Diff line number	Diff line change
`@@ -1007,6 +1007,12 @@ entry! {`
`1007`	`1007`	`}`
`1008`	`1008`	`}`
`1009`	`1009`
	`1010`	`+entry! {`
	`1011`	`+ pub fn _SSL_get_early_data_status(ssl: *const SSL) -> c_int {`
	`1012`	`+ try_clone_arc!(ssl).get_mut().get_early_data_status().into()`
	`1013`	`+ }`
	`1014`	`+}`
	`1015`	`+`
`1010`	`1016`	`entry! {`
`1011`	`1017`	`pub fn _SSL_set_alpn_protos(`
`1012`	`1018`	`ssl: *mut SSL,`