Make SNI host name an ssl_client_new argument

ssl_set_hostname was mostly useless, because it allowed setting host name of an existing SSL object. However SNI was sent as part of client_hello, which was done in ssl_client_new. So it wasn't possible to actually set host name before connection would start.
2025-06-10 14:42:08 +03:00 · 2016-04-19 07:56:22 +03:00
parent 5b4be7d273
commit fe4518da8d
3 changed files with 8 additions and 35 deletions
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@ -241,10 +241,11 @@ EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd);
 * can be null if no session resumption is being used or required. This option
 * is not used in skeleton mode.
 * @param sess_id_size The size of the session id (max 32)
 * @param host_name If non-zero, host name to be sent to server for SNI support
 * @return An SSL object reference. Use ssl_handshake_status() to check 
 * if a handshake succeeded.
 */
-EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id, uint8_t sess_id_size);
+EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id, uint8_t sess_id_size, const char* host_name);
 /**
 * @brief Free any used resources on this connection. 
@ -352,16 +353,6 @@ EXP_FUNC int STDCALL ssl_handshake_status(const SSL *ssl);
 */
 EXP_FUNC int STDCALL ssl_get_config(int offset);
 /**
 * @brief Sets the hostname to be used for SNI
 * @see https://en.wikipedia.org/wiki/Server_Name_Indication
 * @param char* hostname
 * @return success from the operation
 * - 1 on success
 * - 0 on failure
 */
 EXP_FUNC int STDCALL ssl_set_hostname(SSL *ssl, const char* host_name);
 /**
 * @brief Display why the handshake failed.
 *
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@ -251,6 +251,7 @@ EXP_FUNC void STDCALL ssl_free(SSL *ssl)
    disposable_free(ssl);
    certificate_free(ssl);
    free(ssl->bm_all_data);
    free(ssl->host_name);
    free(ssl);
 }
@ -1876,29 +1877,6 @@ EXP_FUNC int STDCALL ssl_get_config(int offset)
    }
 }
 /**
 * Sets the SNI hostname
 */
 EXP_FUNC int STDCALL ssl_set_hostname(SSL *ssl, const char* host_name) {
    if(host_name == NULL || strlen(host_name) == 0 || strlen(host_name) > 255 ) {
        return 0;
    }
    if(ssl->host_name != NULL) {
        free(ssl->host_name);
    }
    ssl->host_name = (char *)malloc(strlen(host_name)+1);
    if(ssl->host_name == NULL) {
        // most probably there was no memory available
        return 0;
    }
    strcpy(ssl->host_name, host_name);
    return 1;
 }
 #ifdef CONFIG_SSL_CERT_VERIFICATION
 /**
 * Authenticate a received certificate.
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@ -48,7 +48,7 @@ static int send_cert_verify(SSL *ssl);
 * Establish a new SSL connection to an SSL server.
 */
 EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
-        uint8_t *session_id, uint8_t sess_id_size)
+        uint8_t *session_id, uint8_t sess_id_size, const char* host_name)
 {
    SSL *ssl = ssl_new(ssl_ctx, client_fd);
    ssl->version = SSL_PROTOCOL_VERSION_MAX; /* try top version first */
@ -66,6 +66,10 @@ EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
        SET_SSL_FLAG(SSL_SESSION_RESUME);   /* just flag for later */
    }
    if(host_name != NULL && strlen(host_name) > 0 || strlen(host_name) < 255 ) {
        ssl->host_name = (char *)strdup(host_name);
    }
    SET_SSL_FLAG(SSL_IS_CLIENT);
    do_client_connect(ssl);
    return ssl;