Add SSLContext constructor to directly wrap an SSL_CTX*

Summary: Provides a way to transition to folly::AsyncSSLSocket for applications that manage their own SSL_CTX Reviewed By: yfeldblum Differential Revision: D18625198 fbshipit-source-id: cae8c531203134bbb27b648f3f92a6794b14ea3c

Add SSLContext constructor to directly wrap an SSL_CTX*
Summary: Provides a way to transition to folly::AsyncSSLSocket for applications that manage their own SSL_CTX Reviewed By: yfeldblum Differential Revision: D18625198 fbshipit-source-id: cae8c531203134bbb27b648f3f92a6794b14ea3c
eaeaa1fa · Alex Chow · Facebook Github Bot · b0ec3021 · eaeaa1fa · eaeaa1fa
Commit eaeaa1fa authored Dec 03, 2019 by Alex Chow Committed by Facebook Github Bot Dec 03, 2019
3 changed files
--- a/folly/io/async/SSLContext.cpp
+++ b/folly/io/async/SSLContext.cpp
@@ -143,6 +143,12 @@ void SSLContext::setServerECCurve(const std::string& curveName) {
 #endif
 }
+SSLContext::SSLContext(SSL_CTX* ctx) : ctx_(ctx) {
+  if (SSL_CTX_up_ref(ctx) == 0) {
+    throw std::runtime_error("Failed to increment SSL_CTX refcount");
+  }
+}
 void SSLContext::setX509VerifyParam(
    const ssl::X509VerifyParam& x509VerifyParam) {
  if (!x509VerifyParam) {

--- a/folly/io/async/SSLContext.h
+++ b/folly/io/async/SSLContext.h
@@ -144,6 +144,11 @@ class SSLContext {
   * @param version The lowest or oldest SSL version to support.
   */
  explicit SSLContext(SSLVersion version = TLSv1);
+  /**
+   * Constructor that helps ease migrations by directly wrapping a provided
+   * SSL_CTX*
+   */
+  explicit SSLContext(SSL_CTX* ctx);
  virtual ~SSLContext();
  /**

--- a/folly/io/async/test/SSLContextInitializationTest.cpp
+++ b/folly/io/async/test/SSLContextInitializationTest.cpp
@@ -98,6 +98,29 @@ TEST(SSLContextInitializationTest, SSLContextLocksSetAfterInitIgnored) {
      ::testing::ExitedWithCode(0),
      "SSLContextLocksSetAfterInitIgnored passed");
 }
+TEST(SSLContextInitializationTest, SSLContext_SSL_CTX_constructor) {
+  folly::ssl::init();
+  SSL_CTX* ctx = SSL_CTX_new(TLS_method());
+  EXPECT_NE(ctx, nullptr) << "SSL_CTX* creation for test failed";
+  {
+    folly::SSLContext sslContext(ctx);
+    SSL_CTX_free(ctx);
+    // Shouldn't be fully freed because SSLContext should've added to the
+    // refcount. up_ref should succed
+    EXPECT_EQ(SSL_CTX_up_ref(ctx), 1)
+        << "Incrementing ctx refcount failed, SSLContext isn't grabbing a ref on creation";
+  }
+  // Last reference, ctx should no longer be valid
+  SSL_CTX_free(ctx);
+  // Should throw because ctx is no longer valid, and the constructor should
+  // fail on incrementing ctx refcount
+  EXPECT_THROW(folly::SSLContext sslContext(ctx), std::runtime_error);
+}
 } // namespace folly
 int main(int argc, char* argv[]) {