From 63da8991c2878f2a7cd526667f9e23adc9dca1c9 Mon Sep 17 00:00:00 2001 From: Slavey Karadzhov Date: Fri, 19 Feb 2016 11:41:45 +0100 Subject: [PATCH] Added SNI ( https://en.wikipedia.org/wiki/Server_Name_Indication ) support. --- ssl/ssl.h | 10 ++++++++++ ssl/tls1.c | 13 +++++++++++++ ssl/tls1.h | 1 + ssl/tls1_clnt.c | 20 ++++++++++++++++++++ 4 files changed, 44 insertions(+) diff --git a/ssl/ssl.h b/ssl/ssl.h index 97e87d495..c39f921f5 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -352,6 +352,16 @@ EXP_FUNC int STDCALL ssl_handshake_status(const SSL *ssl); */ EXP_FUNC int STDCALL ssl_get_config(int offset); +/** + * @brief Sets the hostname to be used for SNI + * @see https://en.wikipedia.org/wiki/Server_Name_Indication + * @param char* hostname + * @return success from the operation + * - 1 on success + * - 0 on failure + */ +EXP_FUNC int STDCALL ssl_set_hostname(const SSL *ssl, const char* host_name); + /** * @brief Display why the handshake failed. * diff --git a/ssl/tls1.c b/ssl/tls1.c index c4a676b10..a1783bf46 100644 --- a/ssl/tls1.c +++ b/ssl/tls1.c @@ -1849,6 +1849,19 @@ EXP_FUNC int STDCALL ssl_get_config(int offset) } } +/** + * Sets the SNI hostname + */ +EXP_FUNC int STDCALL ssl_set_hostname(const SSL *ssl, const char* host_name) { + if(host_name == NULL || strlen(host_name) == 0 || strlen(host_name) > 255 ) { + return 0; + } + + strncpy((char*)&ssl->host_name, host_name, strlen(host_name)); + + return 1; +} + #ifdef CONFIG_SSL_CERT_VERIFICATION /** * Authenticate a received certificate. diff --git a/ssl/tls1.h b/ssl/tls1.h index b7cd7f36e..d5440aa6c 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -198,6 +198,7 @@ struct _SSL uint8_t read_sequence[8]; /* 64 bit sequence number */ uint8_t write_sequence[8]; /* 64 bit sequence number */ uint8_t hmac_header[SSL_RECORD_SIZE]; /* rx hmac */ + const char host_name[255]; /* Needed for the SNI support */ }; typedef struct _SSL SSL; diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c index 5f2598922..5eee5713a 100644 --- a/ssl/tls1_clnt.c +++ b/ssl/tls1_clnt.c @@ -220,6 +220,26 @@ static int send_client_hello(SSL *ssl) buf[offset++] = 1; /* no compression */ buf[offset++] = 0; + + if (ssl->host_name[0] != 0) { + unsigned int host_len = strnlen((char*) ssl->host_name, 255); + + buf[offset++] = 0; + buf[offset++] = host_len+9; /* extensions length */ + + buf[offset++] = 0; + buf[offset++] = 0; /* server_name(0) (65535) */ + buf[offset++] = 0; + buf[offset++] = host_len+5; /* server_name length */ + buf[offset++] = 0; + buf[offset++] = host_len+3; /* server_list length */ + buf[offset++] = 0; /* host_name(0) (255) */ + buf[offset++] = 0; + buf[offset++] = host_len; /* host_name length */ + strncpy((char*) &buf[offset], ssl->host_name, host_len); + offset += host_len; + } + buf[3] = offset - 4; /* handshake size */ return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);