* SNI added

* Some non-C sample code updated. git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@271 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
2025-10-16 22:27:59 +03:00 · 2016-12-12 19:27:38 +00:00
parent a68324f17c
commit 425067abe6
18 changed files with 5701 additions and 48 deletions
--- a/ssl/asn1.c
+++ b/ssl/asn1.c
@@ -243,13 +243,16 @@ static int asn1_get_utc_time(const uint8_t *buf, int *offset, time_t *t)
        memset(&tm, 0, sizeof(struct tm));
        tm.tm_year = (buf[t_offset] - '0')*10 + (buf[t_offset+1] - '0');

-        if (tm.tm_year <= 50)    /* 1951-2050 thing */
+        if (tm.tm_year < 50)    /* 1951-2050 thing */
        {
            tm.tm_year += 100;
        }

        tm.tm_mon = (buf[t_offset+2] - '0')*10 + (buf[t_offset+3] - '0') - 1;
        tm.tm_mday = (buf[t_offset+4] - '0')*10 + (buf[t_offset+5] - '0');
+        tm.tm_hour = (buf[t_offset+6] - '0')*10 + (buf[t_offset+7] - '0');
+        tm.tm_min = (buf[t_offset+8] - '0')*10 + (buf[t_offset+9] - '0');
+        tm.tm_sec = (buf[t_offset+10] - '0')*10 + (buf[t_offset+11] - '0');
        *t = mktime(&tm);
        *offset += len;
        ret = X509_OK;
@@ -274,13 +277,14 @@ static int asn1_get_utc_time(const uint8_t *buf, int *offset, time_t *t)
        }
        else
        {
-          tm.tm_year = abs_year - 1900;
-          tm.tm_mon = (buf[t_offset+4] - '0')*10 + (buf[t_offset+5] - '0') - 1;
-          tm.tm_mday = (buf[t_offset+6] - '0')*10 + (buf[t_offset+7] - '0');
-          tm.tm_hour = (buf[t_offset+8] - '0')*10 + (buf[t_offset+9] - '0');
-          tm.tm_min = (buf[t_offset+10] - '0')*10 + (buf[t_offset+11] - '0');
-          tm.tm_sec = (buf[t_offset+12] - '0')*10 + (buf[t_offset+13] - '0');
-          *t = mktime(&tm);
+            tm.tm_year = abs_year - 1900;
+            tm.tm_mon = (buf[t_offset+4] - '0')*10 + 
+                                    (buf[t_offset+5] - '0') - 1;
+            tm.tm_mday = (buf[t_offset+6] - '0')*10 + (buf[t_offset+7] - '0');
+            tm.tm_hour = (buf[t_offset+8] - '0')*10 + (buf[t_offset+9] - '0');
+            tm.tm_min = (buf[t_offset+10] - '0')*10 + (buf[t_offset+11] - '0');
+            tm.tm_sec = (buf[t_offset+12] - '0')*10 + (buf[t_offset+13] - '0');
+            *t = mktime(&tm);
        }

        *offset += len;
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -231,7 +231,7 @@ EXP_FUNC void STDCALL ssl_ctx_free(SSL_CTX *ssl_ctx);
 * @return ssl_ext Pointer to SSL_EXTENSIONS structure
 *
 */
-EXP_FUNC SSL_EXTENSIONS * STDCALL ssl_ext_new();
+EXP_FUNC SSL_EXTENSIONS * STDCALL ssl_ext_new(void);

 /**
 * @brief Set the host name for SNI extension
@@ -281,7 +281,8 @@ EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd);
 * can be null if no session resumption is being used or required. This option
 * is not used in skeleton mode.
 * @param sess_id_size The size of the session id (max 32)
- * @param ssl_ext pointer to a structure with the activated SSL extensions and their values
+ * @param ssl_ext pointer to a structure with the activated SSL extensions 
+ * and their values
 * @return An SSL object reference. Use ssl_handshake_status() to check 
 * if a handshake succeeded.
 */
@@ -373,8 +374,8 @@ EXP_FUNC uint8_t STDCALL ssl_get_session_id_size(const SSL *ssl);
 * @return The cipher id. This will be one of the following:
 * - SSL_AES128_SHA (0x2f)
 * - SSL_AES256_SHA (0x35)
- * - SSL_RC4_128_SHA (0x05)
- * - SSL_RC4_128_MD5 (0x04)
+ * - SSL_AES128_SHA256 (0x3c)
+ * - SSL_AES256_SHA256 (0x3d)
 */
 EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(const SSL *ssl);

--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -1587,7 +1587,7 @@ static int SSL_client_test(
 #endif
    }
    
-    usleep(200000);           /* allow server to start */
+    usleep(500000);           /* allow server to start */

    if (*ssl_ctx == NULL)
    {
@@ -1649,7 +1649,8 @@ static int SSL_client_test(
        goto client_test_exit;
    }

-    ssl = ssl_client_new(*ssl_ctx, client_fd, session_id, sizeof(session_id));
+    ssl = ssl_client_new(*ssl_ctx, client_fd, 
+            session_id, sizeof(session_id), NULL);

    /* check the return status */
    if ((ret = ssl_handshake_status(ssl)))
@@ -1938,7 +1939,7 @@ static void do_basic(void)
                                        "../ssl/test/axTLS.ca_x509.cer", NULL))
        goto error;

-    ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0);
+    ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0, NULL);

    /* check the return status */
    if (ssl_handshake_status(ssl_clnt) < 0)
@@ -2062,7 +2063,7 @@ static void do_unblocked(void)
                                        "../ssl/test/axTLS.ca_x509.cer", NULL))
        goto error;

-    ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0);
+    ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0, NULL);

    while (ssl_handshake_status(ssl_clnt) != SSL_OK)
    {
@@ -2182,7 +2183,7 @@ void do_multi_clnt(multi_t *multi_data)
        goto client_test_exit;

    usleep(200000);
-    ssl = ssl_client_new(multi_data->ssl_clnt_ctx, client_fd, NULL, 0);
+    ssl = ssl_client_new(multi_data->ssl_clnt_ctx, client_fd, NULL, 0, NULL);

    if ((res = ssl_handshake_status(ssl)))
    {
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -158,11 +158,13 @@ EXP_FUNC SSL_EXTENSIONS * STDCALL ssl_ext_new()
 */
 EXP_FUNC void STDCALL ssl_ext_free(SSL_EXTENSIONS *ssl_ext)
 {
-    if(ssl_ext == NULL ) {
+    if (ssl_ext == NULL ) 
+    {
        return;
    }

-    if(ssl_ext->host_name != NULL) {
+    if (ssl_ext->host_name != NULL) 
+    {
        free(ssl_ext->host_name);
    }
    free(ssl_ext);
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -173,9 +173,12 @@ typedef struct
    uint8_t key_block_generated;
 } DISPOSABLE_CTX;

-typedef struct {
+typedef struct 
+{
    char *host_name; /* Needed for the SNI support */
-    uint16_t max_fragment_size; /* Needed for the Max Fragment Size Extension. Allowed values: 2^9, 2^10 .. 2^14 */
+    /* Needed for the Max Fragment Size Extension. 
+       Allowed values: 2^9, 2^10 .. 2^14 */
+    uint16_t max_fragment_size; 
 } SSL_EXTENSIONS;

 struct _SSL
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -195,9 +195,8 @@ static int send_client_hello(SSL *ssl)
    time_t tm = time(NULL);
    uint8_t *tm_ptr = &buf[6]; /* time will go here */
    int i, offset, ext_offset;
-    uint16_t ext_len; /* extensions total length */
+    int ext_len = 0;

-    ext_len = 0;

    buf[0] = HS_CLIENT_HELLO;
    buf[1] = 0;
@@ -257,39 +256,44 @@ static int send_client_hello(SSL *ssl)
        ext_len += sizeof(g_sig_alg);
    }

-    if (ssl->extensions != NULL) {
+    if (ssl->extensions != NULL) 
+    {
        /* send the host name if specified */
-        if (ssl->extensions->host_name != NULL) {
-	    unsigned int host_len = strlen(ssl->extensions->host_name);
-
-	    buf[offset++] = 0;
-	    buf[offset++] = SSL_EXT_SERVER_NAME; /* server_name(0) (65535) */
-	    buf[offset++] = 0;
-	    buf[offset++] = host_len + 5; /* server_name length */
-	    buf[offset++] = 0;
-	    buf[offset++] = host_len + 3; /* server_list length */
-	    buf[offset++] = 0; /* host_name(0) (255) */
-	    buf[offset++] = 0;
-	    buf[offset++] = host_len; /* host_name length */
-	    strncpy((char*) &buf[offset], ssl->extensions->host_name, host_len);
-	    offset += host_len;
-	    ext_len += host_len + 9;
+        if (ssl->extensions->host_name != NULL) 
+        {
+            size_t host_len = strlen(ssl->extensions->host_name);
+            buf[offset++] = 0;
+            buf[offset++] = SSL_EXT_SERVER_NAME; /* server_name(0) (65535) */
+            buf[offset++] = 0;
+            buf[offset++] = host_len + 5; /* server_name length */
+            buf[offset++] = 0;
+            buf[offset++] = host_len + 3; /* server_list length */
+            buf[offset++] = 0; /* host_name(0) (255) */
+            buf[offset++] = 0;
+            buf[offset++] = host_len; /* host_name length */
+            strncpy((char*) &buf[offset], ssl->extensions->host_name, host_len);
+            offset += host_len;
+            ext_len += host_len + 9;
        }

-        if (ssl->extensions->max_fragment_size) {
-	    buf[offset++] = 0;
-	    buf[offset++] = SSL_EXT_MAX_FRAGMENT_SIZE;
+        if (ssl->extensions->max_fragment_size) 
+        {
+            buf[offset++] = 0;
+            buf[offset++] = SSL_EXT_MAX_FRAGMENT_SIZE;

-	    buf[offset++] = 0; // size of data
-	    buf[offset++] = 2;
+            buf[offset++] = 0; // size of data
+            buf[offset++] = 2;

-	    buf[offset++] = (uint8_t)((ssl->extensions->max_fragment_size >> 8) & 0xff);
-	    buf[offset++] = (uint8_t)(ssl->extensions->max_fragment_size & 0xff);
-	    ext_len += 6;
+            buf[offset++] = (uint8_t)
+                ((ssl->extensions->max_fragment_size >> 8) & 0xff);
+            buf[offset++] = (uint8_t)
+                (ssl->extensions->max_fragment_size & 0xff);
+            ext_len += 6;
        }
    }

-    if(ext_len > 0) {
+    if (ext_len > 0) 
+    {
    	// update the extensions length value
    	buf[ext_offset] = (uint8_t) ((ext_len >> 8) & 0xff);
    	buf[ext_offset + 1] = (uint8_t) (ext_len & 0xff);