1
0
mirror of https://github.com/esp8266/Arduino.git synced 2025-06-09 03:41:41 +03:00

Make SNI host name an ssl_client_new argument

ssl_set_hostname was mostly useless, because it allowed setting host name of an existing SSL object. However SNI was sent as part of client_hello, which was done in ssl_client_new. So it wasn't possible to actually set host name before connection would start.
This commit is contained in:
Ivan Grokhotkov 2016-04-19 07:56:22 +03:00
parent 5b4be7d273
commit fe4518da8d
3 changed files with 8 additions and 35 deletions

View File

@ -241,10 +241,11 @@ EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd);
* can be null if no session resumption is being used or required. This option * can be null if no session resumption is being used or required. This option
* is not used in skeleton mode. * is not used in skeleton mode.
* @param sess_id_size The size of the session id (max 32) * @param sess_id_size The size of the session id (max 32)
* @param host_name If non-zero, host name to be sent to server for SNI support
* @return An SSL object reference. Use ssl_handshake_status() to check * @return An SSL object reference. Use ssl_handshake_status() to check
* if a handshake succeeded. * if a handshake succeeded.
*/ */
EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id, uint8_t sess_id_size); EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id, uint8_t sess_id_size, const char* host_name);
/** /**
* @brief Free any used resources on this connection. * @brief Free any used resources on this connection.
@ -352,16 +353,6 @@ EXP_FUNC int STDCALL ssl_handshake_status(const SSL *ssl);
*/ */
EXP_FUNC int STDCALL ssl_get_config(int offset); EXP_FUNC int STDCALL ssl_get_config(int offset);
/**
* @brief Sets the hostname to be used for SNI
* @see https://en.wikipedia.org/wiki/Server_Name_Indication
* @param char* hostname
* @return success from the operation
* - 1 on success
* - 0 on failure
*/
EXP_FUNC int STDCALL ssl_set_hostname(SSL *ssl, const char* host_name);
/** /**
* @brief Display why the handshake failed. * @brief Display why the handshake failed.
* *

View File

@ -251,6 +251,7 @@ EXP_FUNC void STDCALL ssl_free(SSL *ssl)
disposable_free(ssl); disposable_free(ssl);
certificate_free(ssl); certificate_free(ssl);
free(ssl->bm_all_data); free(ssl->bm_all_data);
free(ssl->host_name);
free(ssl); free(ssl);
} }
@ -1876,29 +1877,6 @@ EXP_FUNC int STDCALL ssl_get_config(int offset)
} }
} }
/**
* Sets the SNI hostname
*/
EXP_FUNC int STDCALL ssl_set_hostname(SSL *ssl, const char* host_name) {
if(host_name == NULL || strlen(host_name) == 0 || strlen(host_name) > 255 ) {
return 0;
}
if(ssl->host_name != NULL) {
free(ssl->host_name);
}
ssl->host_name = (char *)malloc(strlen(host_name)+1);
if(ssl->host_name == NULL) {
// most probably there was no memory available
return 0;
}
strcpy(ssl->host_name, host_name);
return 1;
}
#ifdef CONFIG_SSL_CERT_VERIFICATION #ifdef CONFIG_SSL_CERT_VERIFICATION
/** /**
* Authenticate a received certificate. * Authenticate a received certificate.

View File

@ -48,7 +48,7 @@ static int send_cert_verify(SSL *ssl);
* Establish a new SSL connection to an SSL server. * Establish a new SSL connection to an SSL server.
*/ */
EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
uint8_t *session_id, uint8_t sess_id_size) uint8_t *session_id, uint8_t sess_id_size, const char* host_name)
{ {
SSL *ssl = ssl_new(ssl_ctx, client_fd); SSL *ssl = ssl_new(ssl_ctx, client_fd);
ssl->version = SSL_PROTOCOL_VERSION_MAX; /* try top version first */ ssl->version = SSL_PROTOCOL_VERSION_MAX; /* try top version first */
@ -66,6 +66,10 @@ EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
SET_SSL_FLAG(SSL_SESSION_RESUME); /* just flag for later */ SET_SSL_FLAG(SSL_SESSION_RESUME); /* just flag for later */
} }
if(host_name != NULL && strlen(host_name) > 0 || strlen(host_name) < 255 ) {
ssl->host_name = (char *)strdup(host_name);
}
SET_SSL_FLAG(SSL_IS_CLIENT); SET_SSL_FLAG(SSL_IS_CLIENT);
do_client_connect(ssl); do_client_connect(ssl);
return ssl; return ssl;