Re-added the SNI extension.

Add code for better handling of SSL extension types in the CLIENT_HELLO message.
2025-08-12 20:49:16 +03:00 · 2016-09-15 17:59:08 +02:00
parent 144994c4e4
commit fac976c5d5
3 changed files with 43 additions and 5 deletions
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -83,7 +83,6 @@ extern "C" {
 #define NUM_PROTOCOLS               4

 #define MAX_SIG_ALGORITHMS          4
-#define SIG_ALG_EXTENSION           0x0d
 #define SIG_ALG_SHA1                2
 #define SIG_ALG_SHA256              4
 #define SIG_ALG_SHA384              5
@@ -117,6 +116,13 @@ enum
    HS_FINISHED = 20
 };

+/* SSL extension types */
+enum
+{
+    SSL_EXT_SERVER_NAME = 0,
+    SSL_EXT_SIG_ALG = 0x0d,
+};
+
 typedef struct 
 {
    uint8_t cipher;
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -39,8 +39,7 @@

 /* support sha512/384/256/1 RSA */
 static const uint8_t g_sig_alg[] = { 
-                0x00, 0x0e, 
-                0x00, SIG_ALG_EXTENSION, 
+                0x00, SSL_EXT_SIG_ALG,
                0x00, 0x0a, 0x00, 0x08,
                SIG_ALG_SHA512, SIG_ALG_RSA,
                SIG_ALG_SHA384, SIG_ALG_RSA,
@@ -197,7 +196,10 @@ static int send_client_hello(SSL *ssl)
    uint8_t *buf = ssl->bm_data;
    time_t tm = time(NULL);
    uint8_t *tm_ptr = &buf[6]; /* time will go here */
-    int i, offset;
+    int i, offset, ext_offset;
+    uint16_t ext_len; /* extensions total length */
+
+    ext_len = 0;

    buf[0] = HS_CLIENT_HELLO;
    buf[1] = 0;
@@ -244,11 +246,41 @@ static int send_client_hello(SSL *ssl)
    buf[offset++] = 1;              /* no compression */
    buf[offset++] = 0;

+    ext_offset = offset;
+
+    buf[offset++] = 0;              /* total length of extensions */
+    buf[offset++] = 0;
+
    /* send the signature algorithm extension for TLS 1.2+ */
    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2)
    {
        memcpy(&buf[offset], g_sig_alg, sizeof(g_sig_alg));
        offset += sizeof(g_sig_alg);
+        ext_len += sizeof(g_sig_alg);
+    }
+
+    /* send the host name if specified */
+    if (ssl->host_name != NULL) {
+	unsigned int host_len = strlen(ssl->host_name);
+
+	buf[offset++] = 0;
+	buf[offset++] = SSL_EXT_SERVER_NAME;              /* server_name(0) (65535) */
+	buf[offset++] = 0;
+	buf[offset++] = host_len+5;     /* server_name length */
+	buf[offset++] = 0;
+	buf[offset++] = host_len+3;     /* server_list length */
+	buf[offset++] = 0;              /* host_name(0) (255) */
+	buf[offset++] = 0;
+	buf[offset++] = host_len;       /* host_name length */
+	strncpy((char*) &buf[offset], ssl->host_name, host_len);
+	offset += host_len;
+	ext_len += host_len + 9;
+    }
+
+    if(ext_len > 0) {
+    	// update the extensions length value
+    	buf[ext_offset] = (uint8_t) ((ext_len >> 8) & 0xff);
+    	buf[ext_offset + 1] = (uint8_t) (ext_len & 0xff);
    }

    buf[3] = offset - 4;            /* handshake size */
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -206,7 +206,7 @@ do_compression:
        ext_len += buf[offset++];
        PARANOIA_CHECK(pkt_size, offset + ext_len);
        
-        if (ext == SIG_ALG_EXTENSION)
+        if (ext == SSL_EXT_SIG_ALG)
        {
            while (ext_len > 0)
            {