Properly handle Option<i32> in SslRef::set_curves

cloudflare · Aug 4, 2024 · 4c57a00 · 4c57a00
1 parent cfc8f2d
commit 4c57a00
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 6 deletions.
diff --git a/boring/src/ssl/mod.rs b/boring/src/ssl/mod.rs
@@ -1970,16 +1970,13 @@ impl SslContextBuilder {
     // when the flags are used, the preferences are set just before connecting or accepting.
     #[cfg(not(feature = "kx-safe-default"))]
     pub fn set_curves(&mut self, curves: &[SslCurve]) -> Result<(), ErrorStack> {
-        let mut nid_curves = Vec::with_capacity(curves.len());
-        for curve in curves {
-            nid_curves.push(curve.nid())
-        }
+        let curves: Vec<i32> = curves.iter().filter_map(|curve| curve.nid()).collect();
 
         unsafe {
             cvt_0i(ffi::SSL_CTX_set1_curves(
                 self.as_ptr(),
-                nid_curves.as_ptr() as *const _,
-                nid_curves.len(),
+                curves.as_ptr() as *const _,
+                curves.len(),
             ))
             .map(|_| ())
         }

diff --git a/boring/src/ssl/test/mod.rs b/boring/src/ssl/test/mod.rs
@@ -945,6 +945,19 @@ fn get_curve_name() {
     assert_eq!(SslCurve::X25519.name(), Some("X25519"));
 }
 
+#[cfg(not(feature = "kx-safe-default"))]
+#[test]
+fn set_curves() {
+    let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
+    ctx.set_curves(&[
+        SslCurve::SECP224R1,
+        SslCurve::SECP256R1,
+        SslCurve::SECP384R1,
+        SslCurve::X25519,
+    ])
+    .expect("Failed to set curves");
+}
+
 #[test]
 fn test_get_ciphers() {
     let ctx_builder = SslContext::builder(SslMethod::tls()).unwrap();