From 3316cfc7a7e73c8a63ba8647ca5e433601576366 Mon Sep 17 00:00:00 2001
From: Yury Yarashevich <yura.yaroshevich@gmail.com>
Date: Tue, 9 Jul 2024 23:53:27 +0200
Subject: [PATCH] Expose set_permute_extensions

---
 boring/src/ssl/mod.rs | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/boring/src/ssl/mod.rs b/boring/src/ssl/mod.rs
index 55e45ba9..b626205d 100644
--- a/boring/src/ssl/mod.rs
+++ b/boring/src/ssl/mod.rs
@@ -1846,6 +1846,20 @@ impl SslContextBuilder {
         unsafe { ffi::SSL_CTX_set_grease_enabled(self.as_ptr(), enabled as _) }
     }
 
+    /// Configures whether ClientHello extensions should be permuted.
+    ///
+    /// This corresponds to [`SSL_CTX_set_permute_extensions`].
+    ///
+    /// [`SSL_CTX_set_permute_extensions`]: https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#SSL_CTX_set_permute_extensions
+    ///
+    /// Note: This is gated to non-fips because the fips feature builds with a separate
+    /// version of BoringSSL which doesn't yet include these APIs.
+    /// Once the submoduled fips commit is upgraded, these gates can be removed.
+    #[cfg(not(feature = "fips"))]
+    pub fn set_permute_extensions(&mut self, enabled: bool) {
+        unsafe { ffi::SSL_CTX_set_permute_extensions(self.as_ptr(), enabled as _) }
+    }
+
     /// Sets the context's supported signature verification algorithms.
     ///
     /// This corresponds to [`SSL_CTX_set_verify_algorithm_prefs`]
@@ -2944,6 +2958,20 @@ impl SslRef {
         unsafe { cvt(ffi::SSL_set_tmp_ecdh(self.as_ptr(), key.as_ptr()) as c_int).map(|_| ()) }
     }
 
+    /// Configures whether ClientHello extensions should be permuted.
+    ///
+    /// This corresponds to [`SSL_set_permute_extensions`].
+    ///
+    /// [`SSL_set_permute_extensions`]: https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#SSL_set_permute_extensions
+    ///
+    /// Note: This is gated to non-fips because the fips feature builds with a separate
+    /// version of BoringSSL which doesn't yet include these APIs.
+    /// Once the submoduled fips commit is upgraded, these gates can be removed.
+    #[cfg(not(feature = "fips"))]
+    pub fn set_permute_extensions(&mut self, enabled: bool) {
+        unsafe { ffi::SSL_set_permute_extensions(self.as_ptr(), enabled as _) }
+    }
+
     /// Like [`SslContextBuilder::set_alpn_protos`].
     ///
     /// This corresponds to [`SSL_set_alpn_protos`].