protocol-quic 0.0.0

data/ext/ngtcp2/examples/tls_client_context_openssl.cc

@@ -0,0 +1,137 @@
+/*
+ * ngtcp2
+ *
+ * Copyright (c) 2020 ngtcp2 contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+#include "tls_client_context_openssl.h"
+
+#include <iostream>
+#include <fstream>
+#include <limits>
+
+#include <ngtcp2/ngtcp2_crypto_openssl.h>
+
+#include <openssl/err.h>
+
+#include "client_base.h"
+#include "template.h"
+
+extern Config config;
+
+TLSClientContext::TLSClientContext() : ssl_ctx_{nullptr} {}
+
+TLSClientContext::~TLSClientContext() {
+  if (ssl_ctx_) {
+    SSL_CTX_free(ssl_ctx_);
+  }
+}
+
+SSL_CTX *TLSClientContext::get_native_handle() const { return ssl_ctx_; }
+
+namespace {
+int new_session_cb(SSL *ssl, SSL_SESSION *session) {
+  if (SSL_SESSION_get_max_early_data(session) !=
+      std::numeric_limits<uint32_t>::max()) {
+    std::cerr << "max_early_data_size is not 0xffffffff" << std::endl;
+  }
+  auto f = BIO_new_file(config.session_file, "w");
+  if (f == nullptr) {
+    std::cerr << "Could not write TLS session in " << config.session_file
+              << std::endl;
+    return 0;
+  }
+
+  if (!PEM_write_bio_SSL_SESSION(f, session)) {
+    std::cerr << "Unable to write TLS session to file" << std::endl;
+  }
+
+  BIO_free(f);
+
+  return 0;
+}
+} // namespace
+
+int TLSClientContext::init(const char *private_key_file,
+                           const char *cert_file) {
+  ssl_ctx_ = SSL_CTX_new(TLS_client_method());
+  if (!ssl_ctx_) {
+    std::cerr << "SSL_CTX_new: " << ERR_error_string(ERR_get_error(), nullptr)
+              << std::endl;
+    return -1;
+  }
+
+  if (ngtcp2_crypto_openssl_configure_client_context(ssl_ctx_) != 0) {
+    std::cerr << "ngtcp2_crypto_openssl_configure_client_context failed"
+              << std::endl;
+    return -1;
+  }
+
+  SSL_CTX_set_default_verify_paths(ssl_ctx_);
+
+  if (SSL_CTX_set_ciphersuites(ssl_ctx_, config.ciphers) != 1) {
+    std::cerr << "SSL_CTX_set_ciphersuites: "
+              << ERR_error_string(ERR_get_error(), nullptr) << std::endl;
+    return -1;
+  }
+
+  if (SSL_CTX_set1_groups_list(ssl_ctx_, config.groups) != 1) {
+    std::cerr << "SSL_CTX_set1_groups_list failed" << std::endl;
+    return -1;
+  }
+
+  if (private_key_file && cert_file) {
+    if (SSL_CTX_use_PrivateKey_file(ssl_ctx_, private_key_file,
+                                    SSL_FILETYPE_PEM) != 1) {
+      std::cerr << "SSL_CTX_use_PrivateKey_file: "
+                << ERR_error_string(ERR_get_error(), nullptr) << std::endl;
+      return -1;
+    }
+
+    if (SSL_CTX_use_certificate_chain_file(ssl_ctx_, cert_file) != 1) {
+      std::cerr << "SSL_CTX_use_certificate_chain_file: "
+                << ERR_error_string(ERR_get_error(), nullptr) << std::endl;
+      return -1;
+    }
+  }
+
+  if (config.session_file) {
+    SSL_CTX_set_session_cache_mode(ssl_ctx_, SSL_SESS_CACHE_CLIENT |
+                                                 SSL_SESS_CACHE_NO_INTERNAL);
+    SSL_CTX_sess_set_new_cb(ssl_ctx_, new_session_cb);
+  }
+
+  return 0;
+}
+
+extern std::ofstream keylog_file;
+
+namespace {
+void keylog_callback(const SSL *ssl, const char *line) {
+  keylog_file.write(line, strlen(line));
+  keylog_file.put('\n');
+  keylog_file.flush();
+}
+} // namespace
+
+void TLSClientContext::enable_keylog() {
+  SSL_CTX_set_keylog_callback(ssl_ctx_, keylog_callback);
+}

data/ext/ngtcp2/examples/tls_client_context_openssl.h

@@ -0,0 +1,49 @@
+/*
+ * ngtcp2
+ *
+ * Copyright (c) 2020 ngtcp2 contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+#ifndef TLS_CLIENT_CONTEXT_OPENSSL_H
+#define TLS_CLIENT_CONTEXT_OPENSSL_H
+
+#ifdef HAVE_CONFIG_H
+#  include <config.h>
+#endif // HAVE_CONFIG_H
+
+#include <openssl/ssl.h>
+
+class TLSClientContext {
+public:
+  TLSClientContext();
+  ~TLSClientContext();
+
+  int init(const char *private_key_file, const char *cert_file);
+
+  SSL_CTX *get_native_handle() const;
+
+  void enable_keylog();
+
+private:
+  SSL_CTX *ssl_ctx_;
+};
+
+#endif // TLS_CLIENT_CONTEXT_OPENSSL_H

data/ext/ngtcp2/examples/tls_client_context_picotls.cc

@@ -0,0 +1,158 @@
+/*
+ * ngtcp2
+ *
+ * Copyright (c) 2022 ngtcp2 contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+#include "tls_client_context_picotls.h"
+
+#include <iostream>
+
+#include <ngtcp2/ngtcp2_crypto_picotls.h>
+
+#include <openssl/bio.h>
+#include <openssl/pem.h>
+
+#include "client_base.h"
+#include "tls_shared_picotls.h"
+#include "template.h"
+
+extern Config config;
+
+namespace {
+int save_ticket_cb(ptls_save_ticket_t *self, ptls_t *ptls, ptls_iovec_t input) {
+  auto f = BIO_new_file(config.session_file, "w");
+  if (f == nullptr) {
+    std::cerr << "Could not write TLS session in " << config.session_file
+              << std::endl;
+    return 0;
+  }
+
+  if (!PEM_write_bio(f, "PICOTLS SESSION PARAMETERS", "", input.base,
+                     input.len)) {
+    std::cerr << "Unable to write TLS session to file" << std::endl;
+  }
+
+  BIO_free(f);
+
+  return 0;
+}
+
+ptls_save_ticket_t save_ticket = {save_ticket_cb};
+} // namespace
+
+namespace {
+ptls_key_exchange_algorithm_t *key_exchanges[] = {
+    &ptls_openssl_x25519,
+    &ptls_openssl_secp256r1,
+    &ptls_openssl_secp384r1,
+    &ptls_openssl_secp521r1,
+    nullptr,
+};
+} // namespace
+
+namespace {
+ptls_cipher_suite_t *cipher_suites[] = {
+    &ptls_openssl_aes128gcmsha256,
+    &ptls_openssl_aes256gcmsha384,
+    &ptls_openssl_chacha20poly1305sha256,
+    nullptr,
+};
+} // namespace
+
+TLSClientContext::TLSClientContext()
+    : ctx_{
+          .random_bytes = ptls_openssl_random_bytes,
+          .get_time = &ptls_get_time,
+          .key_exchanges = key_exchanges,
+          .cipher_suites = cipher_suites,
+          .require_dhe_on_psk = 1,
+      } {}
+
+TLSClientContext::~TLSClientContext() {
+  if (sign_cert_.key) {
+    ptls_openssl_dispose_sign_certificate(&sign_cert_);
+  }
+
+  for (size_t i = 0; i < ctx_.certificates.count; ++i) {
+    free(ctx_.certificates.list[i].base);
+  }
+  free(ctx_.certificates.list);
+}
+
+ptls_context_t *TLSClientContext::get_native_handle() { return &ctx_; }
+
+int TLSClientContext::init(const char *private_key_file,
+                           const char *cert_file) {
+  if (ngtcp2_crypto_picotls_configure_client_context(&ctx_) != 0) {
+    std::cerr << "ngtcp2_crypto_picotls_configure_client_context failed"
+              << std::endl;
+    return -1;
+  }
+
+  if (config.session_file) {
+    ctx_.save_ticket = &save_ticket;
+  }
+
+  if (private_key_file && cert_file) {
+    if (ptls_load_certificates(&ctx_, cert_file) != 0) {
+      std::cerr << "ptls_load_certificates failed" << std::endl;
+      return -1;
+    }
+
+    if (load_private_key(private_key_file) != 0) {
+      return -1;
+    }
+  }
+
+  return 0;
+}
+
+int TLSClientContext::load_private_key(const char *private_key_file) {
+  auto fp = fopen(private_key_file, "rb");
+  if (fp == nullptr) {
+    std::cerr << "Could not open private key file " << private_key_file << ": "
+              << strerror(errno) << std::endl;
+    return -1;
+  }
+
+  auto fp_d = defer(fclose, fp);
+
+  auto pkey = PEM_read_PrivateKey(fp, nullptr, nullptr, nullptr);
+  if (pkey == nullptr) {
+    std::cerr << "Could not read private key file " << private_key_file
+              << std::endl;
+    return -1;
+  }
+
+  auto pkey_d = defer(EVP_PKEY_free, pkey);
+
+  if (ptls_openssl_init_sign_certificate(&sign_cert_, pkey) != 0) {
+    std::cerr << "ptls_openssl_init_sign_certificate failed" << std::endl;
+    return -1;
+  }
+
+  ctx_.sign_certificate = &sign_cert_.super;
+
+  return 0;
+}
+
+void TLSClientContext::enable_keylog() { ctx_.log_event = &log_event; }

data/ext/ngtcp2/examples/tls_client_context_picotls.h

@@ -0,0 +1,53 @@
+/*
+ * ngtcp2
+ *
+ * Copyright (c) 2022 ngtcp2 contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+#ifndef TLS_CLIENT_CONTEXT_PICOTLS_H
+#define TLS_CLIENT_CONTEXT_PICOTLS_H
+
+#ifdef HAVE_CONFIG_H
+#  include <config.h>
+#endif // HAVE_CONFIG_H
+
+#include <picotls.h>
+#include <picotls/openssl.h>
+
+class TLSClientContext {
+public:
+  TLSClientContext();
+  ~TLSClientContext();
+
+  int init(const char *private_key_file, const char *cert_file);
+
+  ptls_context_t *get_native_handle();
+
+  void enable_keylog();
+
+private:
+  int load_private_key(const char *private_key_file);
+
+  ptls_context_t ctx_;
+  ptls_openssl_sign_certificate_t sign_cert_;
+};
+
+#endif // TLS_CLIENT_CONTEXT_PICOTLS_H

data/ext/ngtcp2/examples/tls_client_context_wolfssl.cc

@@ -0,0 +1,177 @@
+/*
+ * ngtcp2
+ *
+ * Copyright (c) 2020 ngtcp2 contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+#include "tls_client_context_wolfssl.h"
+
+#include <iostream>
+#include <fstream>
+#include <limits>
+
+#include <ngtcp2/ngtcp2_crypto_wolfssl.h>
+
+#include <wolfssl/options.h>
+#include <wolfssl/ssl.h>
+
+#include "client_base.h"
+#include "template.h"
+
+extern Config config;
+
+TLSClientContext::TLSClientContext() : ssl_ctx_{nullptr} {}
+
+TLSClientContext::~TLSClientContext() {
+  if (ssl_ctx_) {
+    wolfSSL_CTX_free(ssl_ctx_);
+  }
+}
+
+WOLFSSL_CTX *TLSClientContext::get_native_handle() const { return ssl_ctx_; }
+
+namespace {
+int new_session_cb(WOLFSSL *ssl, WOLFSSL_SESSION *session) {
+  std::cerr << "new_session_cb called" << std::endl;
+#ifdef HAVE_SESSION_TICKET
+  if (wolfSSL_SESSION_get_max_early_data(session) !=
+      std::numeric_limits<uint32_t>::max()) {
+    std::cerr << "max_early_data_size is not 0xffffffff" << std::endl;
+  }
+
+  unsigned char sbuffer[16 * 1024], *data;
+  unsigned int sz;
+  sz = wolfSSL_i2d_SSL_SESSION(session, nullptr);
+  if (sz <= 0) {
+    std::cerr << "Could not export TLS session in " << config.session_file
+              << std::endl;
+    return 0;
+  }
+  if (static_cast<size_t>(sz) > sizeof(sbuffer)) {
+    std::cerr << "Exported TLS session too large" << std::endl;
+    return 0;
+  }
+  data = sbuffer;
+  sz = wolfSSL_i2d_SSL_SESSION(session, &data);
+
+  auto f = wolfSSL_BIO_new_file(config.session_file, "w");
+  if (f == nullptr) {
+    std::cerr << "Could not write TLS session in " << config.session_file
+              << std::endl;
+    return 0;
+  }
+
+  auto f_d = defer(wolfSSL_BIO_free, f);
+
+  if (!wolfSSL_PEM_write_bio(f, "WOLFSSL SESSION PARAMETERS", "", sbuffer,
+                             sz)) {
+    std::cerr << "Unable to write TLS session to file" << std::endl;
+    return 0;
+  }
+  std::cerr << "new_session_cb: wrote " << sz << " of session data"
+            << std::endl;
+#else
+  std::cerr << "TLS session tickets not enabled in wolfSSL " << std::endl;
+#endif
+  return 0;
+}
+} // namespace
+
+int TLSClientContext::init(const char *private_key_file,
+                           const char *cert_file) {
+  ssl_ctx_ = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
+  if (!ssl_ctx_) {
+    std::cerr << "wolfSSL_CTX_new: "
+              << wolfSSL_ERR_error_string(wolfSSL_ERR_get_error(), nullptr)
+              << std::endl;
+    return -1;
+  }
+
+  if (ngtcp2_crypto_wolfssl_configure_client_context(ssl_ctx_) != 0) {
+    std::cerr << "ngtcp2_crypto_wolfssl_configure_client_context failed"
+              << std::endl;
+    return -1;
+  }
+
+  if (wolfSSL_CTX_set_default_verify_paths(ssl_ctx_) ==
+      WOLFSSL_NOT_IMPLEMENTED) {
+    /* hmm, not verifying the server cert for now */
+    wolfSSL_CTX_set_verify(ssl_ctx_, WOLFSSL_VERIFY_NONE, 0);
+  }
+
+  if (wolfSSL_CTX_set_cipher_list(ssl_ctx_, config.ciphers) !=
+      WOLFSSL_SUCCESS) {
+    std::cerr << "wolfSSL_CTX_set_cipher_list: "
+              << wolfSSL_ERR_error_string(wolfSSL_ERR_get_error(), nullptr)
+              << std::endl;
+    return -1;
+  }
+
+  if (wolfSSL_CTX_set1_curves_list(
+          ssl_ctx_, const_cast<char *>(config.groups)) != WOLFSSL_SUCCESS) {
+    std::cerr << "wolfSSL_CTX_set1_curves_list(" << config.groups << ") failed"
+              << std::endl;
+    return -1;
+  }
+
+  if (private_key_file && cert_file) {
+    if (wolfSSL_CTX_use_PrivateKey_file(ssl_ctx_, private_key_file,
+                                        SSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
+      std::cerr << "wolfSSL_CTX_use_PrivateKey_file: "
+                << wolfSSL_ERR_error_string(wolfSSL_ERR_get_error(), nullptr)
+                << std::endl;
+      return -1;
+    }
+
+    if (wolfSSL_CTX_use_certificate_chain_file(ssl_ctx_, cert_file) !=
+        WOLFSSL_SUCCESS) {
+      std::cerr << "wolfSSL_CTX_use_certificate_chain_file: "
+                << wolfSSL_ERR_error_string(wolfSSL_ERR_get_error(), nullptr)
+                << std::endl;
+      return -1;
+    }
+  }
+
+  if (config.session_file) {
+    wolfSSL_CTX_UseSessionTicket(ssl_ctx_);
+    wolfSSL_CTX_sess_set_new_cb(ssl_ctx_, new_session_cb);
+  }
+
+  return 0;
+}
+
+extern std::ofstream keylog_file;
+
+#ifdef HAVE_SECRET_CALLBACK
+namespace {
+void keylog_callback(const WOLFSSL *ssl, const char *line) {
+  keylog_file.write(line, strlen(line));
+  keylog_file.put('\n');
+  keylog_file.flush();
+}
+} // namespace
+#endif
+
+void TLSClientContext::enable_keylog() {
+#ifdef HAVE_SECRET_CALLBACK
+  wolfSSL_CTX_set_keylog_callback(ssl_ctx_, keylog_callback);
+#endif
+}

data/ext/ngtcp2/examples/tls_client_context_wolfssl.h

@@ -0,0 +1,51 @@
+/*
+ * ngtcp2
+ *
+ * Copyright (c) 2020 ngtcp2 contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+#ifndef TLS_CLIENT_CONTEXT_WOLFSSL_H
+#define TLS_CLIENT_CONTEXT_WOLFSSL_H
+
+#ifdef HAVE_CONFIG_H
+#  include <config.h>
+#endif // HAVE_CONFIG_H
+
+#include <wolfssl/options.h>
+#include <wolfssl/ssl.h>
+#include <wolfssl/quic.h>
+
+class TLSClientContext {
+public:
+  TLSClientContext();
+  ~TLSClientContext();
+
+  int init(const char *private_key_file, const char *cert_file);
+
+  WOLFSSL_CTX *get_native_handle() const;
+
+  void enable_keylog();
+
+private:
+  WOLFSSL_CTX *ssl_ctx_;
+};
+
+#endif // TLS_CLIENT_CONTEXT_WOLFSSL_H

data/ext/ngtcp2/examples/tls_client_session.h

@@ -0,0 +1,52 @@
+/*
+ * ngtcp2
+ *
+ * Copyright (c) 2020 ngtcp2 contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+#ifndef TLS_CLIENT_SESSION_H
+#define TLS_CLIENT_SESSION_H
+
+#ifdef HAVE_CONFIG_H
+#  include <config.h>
+#endif // HAVE_CONFIG_H
+
+#if defined(ENABLE_EXAMPLE_OPENSSL) && defined(WITH_EXAMPLE_OPENSSL)
+#  include "tls_client_session_openssl.h"
+#endif // ENABLE_EXAMPLE_OPENSSL && WITH_EXAMPLE_OPENSSL
+
+#if defined(ENABLE_EXAMPLE_GNUTLS) && defined(WITH_EXAMPLE_GNUTLS)
+#  include "tls_client_session_gnutls.h"
+#endif // ENABLE_EXAMPLE_GNUTLS && WITH_EXAMPLE_GNUTLS
+
+#if defined(ENABLE_EXAMPLE_BORINGSSL) && defined(WITH_EXAMPLE_BORINGSSL)
+#  include "tls_client_session_boringssl.h"
+#endif // ENABLE_EXAMPLE_BORINGSSL && WITH_EXAMPLE_BORINGSSL
+
+#if defined(ENABLE_EXAMPLE_PICOTLS) && defined(WITH_EXAMPLE_PICOTLS)
+#  include "tls_client_session_picotls.h"
+#endif // ENABLE_EXAMPLE_PICOTLS && WITH_EXAMPLE_PICOTLS
+
+#if defined(ENABLE_EXAMPLE_WOLFSSL) && defined(WITH_EXAMPLE_WOLFSSL)
+#  include "tls_client_session_wolfssl.h"
+#endif // ENABLE_EXAMPLE_WOLFSSL && WITH_EXAMPLE_WOLFSSL
+
+#endif // TLS_CLIENT_SESSION_H