From fe4518da8de87a751ff74111884c775152287ae5 Mon Sep 17 00:00:00 2001 From: Ivan Grokhotkov Date: Tue, 19 Apr 2016 07:56:22 +0300 Subject: [PATCH] Make SNI host name an ssl_client_new argument ssl_set_hostname was mostly useless, because it allowed setting host name of an existing SSL object. However SNI was sent as part of client_hello, which was done in ssl_client_new. So it wasn't possible to actually set host name before connection would start. --- ssl/ssl.h | 13 ++----------- ssl/tls1.c | 24 +----------------------- ssl/tls1_clnt.c | 6 +++++- 3 files changed, 8 insertions(+), 35 deletions(-) diff --git a/ssl/ssl.h b/ssl/ssl.h index b287d5aa8..9d9a61463 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -241,10 +241,11 @@ EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd); * can be null if no session resumption is being used or required. This option * is not used in skeleton mode. * @param sess_id_size The size of the session id (max 32) + * @param host_name If non-zero, host name to be sent to server for SNI support * @return An SSL object reference. Use ssl_handshake_status() to check * if a handshake succeeded. */ -EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id, uint8_t sess_id_size); +EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id, uint8_t sess_id_size, const char* host_name); /** * @brief Free any used resources on this connection. @@ -352,16 +353,6 @@ EXP_FUNC int STDCALL ssl_handshake_status(const SSL *ssl); */ EXP_FUNC int STDCALL ssl_get_config(int offset); -/** - * @brief Sets the hostname to be used for SNI - * @see https://en.wikipedia.org/wiki/Server_Name_Indication - * @param char* hostname - * @return success from the operation - * - 1 on success - * - 0 on failure - */ -EXP_FUNC int STDCALL ssl_set_hostname(SSL *ssl, const char* host_name); - /** * @brief Display why the handshake failed. * diff --git a/ssl/tls1.c b/ssl/tls1.c index e7b8319d0..e581ae0ea 100644 --- a/ssl/tls1.c +++ b/ssl/tls1.c @@ -251,6 +251,7 @@ EXP_FUNC void STDCALL ssl_free(SSL *ssl) disposable_free(ssl); certificate_free(ssl); free(ssl->bm_all_data); + free(ssl->host_name); free(ssl); } @@ -1876,29 +1877,6 @@ EXP_FUNC int STDCALL ssl_get_config(int offset) } } -/** - * Sets the SNI hostname - */ -EXP_FUNC int STDCALL ssl_set_hostname(SSL *ssl, const char* host_name) { - if(host_name == NULL || strlen(host_name) == 0 || strlen(host_name) > 255 ) { - return 0; - } - - if(ssl->host_name != NULL) { - free(ssl->host_name); - } - - ssl->host_name = (char *)malloc(strlen(host_name)+1); - if(ssl->host_name == NULL) { - // most probably there was no memory available - return 0; - } - - strcpy(ssl->host_name, host_name); - - return 1; -} - #ifdef CONFIG_SSL_CERT_VERIFICATION /** * Authenticate a received certificate. diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c index 2de777f07..c72a2072e 100644 --- a/ssl/tls1_clnt.c +++ b/ssl/tls1_clnt.c @@ -48,7 +48,7 @@ static int send_cert_verify(SSL *ssl); * Establish a new SSL connection to an SSL server. */ EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const - uint8_t *session_id, uint8_t sess_id_size) + uint8_t *session_id, uint8_t sess_id_size, const char* host_name) { SSL *ssl = ssl_new(ssl_ctx, client_fd); ssl->version = SSL_PROTOCOL_VERSION_MAX; /* try top version first */ @@ -66,6 +66,10 @@ EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const SET_SSL_FLAG(SSL_SESSION_RESUME); /* just flag for later */ } + if(host_name != NULL && strlen(host_name) > 0 || strlen(host_name) < 255 ) { + ssl->host_name = (char *)strdup(host_name); + } + SET_SSL_FLAG(SSL_IS_CLIENT); do_client_connect(ssl); return ssl;