mirror of
https://github.com/esp8266/Arduino.git
synced 2025-06-09 03:41:41 +03:00
Make SNI host name an ssl_client_new argument
ssl_set_hostname was mostly useless, because it allowed setting host name of an existing SSL object. However SNI was sent as part of client_hello, which was done in ssl_client_new. So it wasn't possible to actually set host name before connection would start.
This commit is contained in:
parent
5b4be7d273
commit
fe4518da8d
13
ssl/ssl.h
13
ssl/ssl.h
@ -241,10 +241,11 @@ EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd);
|
|||||||
* can be null if no session resumption is being used or required. This option
|
* can be null if no session resumption is being used or required. This option
|
||||||
* is not used in skeleton mode.
|
* is not used in skeleton mode.
|
||||||
* @param sess_id_size The size of the session id (max 32)
|
* @param sess_id_size The size of the session id (max 32)
|
||||||
|
* @param host_name If non-zero, host name to be sent to server for SNI support
|
||||||
* @return An SSL object reference. Use ssl_handshake_status() to check
|
* @return An SSL object reference. Use ssl_handshake_status() to check
|
||||||
* if a handshake succeeded.
|
* if a handshake succeeded.
|
||||||
*/
|
*/
|
||||||
EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id, uint8_t sess_id_size);
|
EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id, uint8_t sess_id_size, const char* host_name);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Free any used resources on this connection.
|
* @brief Free any used resources on this connection.
|
||||||
@ -352,16 +353,6 @@ EXP_FUNC int STDCALL ssl_handshake_status(const SSL *ssl);
|
|||||||
*/
|
*/
|
||||||
EXP_FUNC int STDCALL ssl_get_config(int offset);
|
EXP_FUNC int STDCALL ssl_get_config(int offset);
|
||||||
|
|
||||||
/**
|
|
||||||
* @brief Sets the hostname to be used for SNI
|
|
||||||
* @see https://en.wikipedia.org/wiki/Server_Name_Indication
|
|
||||||
* @param char* hostname
|
|
||||||
* @return success from the operation
|
|
||||||
* - 1 on success
|
|
||||||
* - 0 on failure
|
|
||||||
*/
|
|
||||||
EXP_FUNC int STDCALL ssl_set_hostname(SSL *ssl, const char* host_name);
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Display why the handshake failed.
|
* @brief Display why the handshake failed.
|
||||||
*
|
*
|
||||||
|
24
ssl/tls1.c
24
ssl/tls1.c
@ -251,6 +251,7 @@ EXP_FUNC void STDCALL ssl_free(SSL *ssl)
|
|||||||
disposable_free(ssl);
|
disposable_free(ssl);
|
||||||
certificate_free(ssl);
|
certificate_free(ssl);
|
||||||
free(ssl->bm_all_data);
|
free(ssl->bm_all_data);
|
||||||
|
free(ssl->host_name);
|
||||||
free(ssl);
|
free(ssl);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1876,29 +1877,6 @@ EXP_FUNC int STDCALL ssl_get_config(int offset)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Sets the SNI hostname
|
|
||||||
*/
|
|
||||||
EXP_FUNC int STDCALL ssl_set_hostname(SSL *ssl, const char* host_name) {
|
|
||||||
if(host_name == NULL || strlen(host_name) == 0 || strlen(host_name) > 255 ) {
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(ssl->host_name != NULL) {
|
|
||||||
free(ssl->host_name);
|
|
||||||
}
|
|
||||||
|
|
||||||
ssl->host_name = (char *)malloc(strlen(host_name)+1);
|
|
||||||
if(ssl->host_name == NULL) {
|
|
||||||
// most probably there was no memory available
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
strcpy(ssl->host_name, host_name);
|
|
||||||
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
#ifdef CONFIG_SSL_CERT_VERIFICATION
|
#ifdef CONFIG_SSL_CERT_VERIFICATION
|
||||||
/**
|
/**
|
||||||
* Authenticate a received certificate.
|
* Authenticate a received certificate.
|
||||||
|
@ -48,7 +48,7 @@ static int send_cert_verify(SSL *ssl);
|
|||||||
* Establish a new SSL connection to an SSL server.
|
* Establish a new SSL connection to an SSL server.
|
||||||
*/
|
*/
|
||||||
EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
|
EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
|
||||||
uint8_t *session_id, uint8_t sess_id_size)
|
uint8_t *session_id, uint8_t sess_id_size, const char* host_name)
|
||||||
{
|
{
|
||||||
SSL *ssl = ssl_new(ssl_ctx, client_fd);
|
SSL *ssl = ssl_new(ssl_ctx, client_fd);
|
||||||
ssl->version = SSL_PROTOCOL_VERSION_MAX; /* try top version first */
|
ssl->version = SSL_PROTOCOL_VERSION_MAX; /* try top version first */
|
||||||
@ -66,6 +66,10 @@ EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
|
|||||||
SET_SSL_FLAG(SSL_SESSION_RESUME); /* just flag for later */
|
SET_SSL_FLAG(SSL_SESSION_RESUME); /* just flag for later */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(host_name != NULL && strlen(host_name) > 0 || strlen(host_name) < 255 ) {
|
||||||
|
ssl->host_name = (char *)strdup(host_name);
|
||||||
|
}
|
||||||
|
|
||||||
SET_SSL_FLAG(SSL_IS_CLIENT);
|
SET_SSL_FLAG(SSL_IS_CLIENT);
|
||||||
do_client_connect(ssl);
|
do_client_connect(ssl);
|
||||||
return ssl;
|
return ssl;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user