[openssl] Add support for SNI (sending the hostname)

2024-10-05 20:47:46 -04:00 · 2017-10-02 14:00:13 +05:30 · 2017-10-02 14:00:13 +05:30 · b65f47c586
commit b65f47c586
parent 3420baa01b
7 changed files with 40 additions and 2 deletions
--- a/components/openssl/include/internal/ssl_methods.h
+++ b/components/openssl/include/internal/ssl_methods.h
@ -28,7 +28,7 @@
                    new, free, \
                    handshake, shutdown, clear, \
                    read, send, pending, \
-                    set_fd, get_fd, \
+                    set_fd, set_hostname, get_fd,	\
                    set_bufflen, \
                    get_verify_result, \
                    get_state) \
@ -42,6 +42,7 @@
                send, \
                pending, \
                set_fd, \
+		set_hostname, \
                get_fd, \
                set_bufflen, \
                get_verify_result, \
--- a/components/openssl/include/internal/ssl_types.h
+++ b/components/openssl/include/internal/ssl_types.h
@ -259,6 +259,8 @@ struct ssl_method_func_st {

    void (*ssl_set_fd)(SSL *ssl, int fd, int mode);

+    void (*ssl_set_hostname)(SSL *ssl, const char *hostname);
+
    int (*ssl_get_fd)(const SSL *ssl, int mode);

    void (*ssl_set_bufflen)(SSL *ssl, int len);
--- a/components/openssl/include/openssl/ssl.h
+++ b/components/openssl/include/openssl/ssl.h
@ -145,6 +145,18 @@ int SSL_shutdown(SSL *ssl);
 */
 int SSL_set_fd(SSL *ssl, int fd);

+/**
+ * @brief Set the hostname for SNI
+ *
+ * @param ssl - the SSL context point
+ * @param hostname  - pointer to the hostname
+ *
+ * @return result
+ *     1 : OK
+ *     0 : failed
+ */
+int SSL_set_tlsext_host_name(SSL* ssl, const char *hostname);
+
 /**
 * @brief These functions load the private key into the SSL_CTX or SSL object
 *
--- a/components/openssl/include/platform/ssl_pm.h
+++ b/components/openssl/include/platform/ssl_pm.h
@ -39,6 +39,8 @@ int ssl_pm_pending(const SSL *ssl);
 void ssl_pm_set_fd(SSL *ssl, int fd, int mode);
 int ssl_pm_get_fd(const SSL *ssl, int mode);

+void ssl_pm_set_hostname(SSL *ssl, const char *hostname);
+
 OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl);

 void ssl_pm_set_bufflen(SSL *ssl, int len);
--- a/components/openssl/library/ssl_lib.c
+++ b/components/openssl/library/ssl_lib.c
@ -734,6 +734,19 @@ int SSL_set_wfd(SSL *ssl, int fd)
    return 1;
 }

+/**
+ * @brief SET TLS Hostname
+ */
+int SSL_set_tlsext_host_name(SSL* ssl, const char *hostname)
+{
+     SSL_ASSERT1(ssl);
+     SSL_ASSERT1(hostname);
+
+     SSL_METHOD_CALL(set_hostname, ssl, hostname);
+
+     return 1;
+}
+
 /**
 * @brief get SSL version
 */
@ -1593,3 +1606,4 @@ int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, unsigned
     ctx->ssl_alpn.alpn_list[i] = NULL;
     return 0;
 }
+
--- a/components/openssl/library/ssl_methods.c
+++ b/components/openssl/library/ssl_methods.c
@ -22,7 +22,7 @@ IMPLEMENT_TLS_METHOD_FUNC(TLS_method_func,
        ssl_pm_new, ssl_pm_free,
        ssl_pm_handshake, ssl_pm_shutdown, ssl_pm_clear,
        ssl_pm_read, ssl_pm_send, ssl_pm_pending,
-        ssl_pm_set_fd, ssl_pm_get_fd,
+        ssl_pm_set_fd, ssl_pm_set_hostname, ssl_pm_get_fd,
        ssl_pm_set_bufflen,
        ssl_pm_get_verify_result,
        ssl_pm_get_state);
--- a/components/openssl/platform/ssl_pm.c
+++ b/components/openssl/platform/ssl_pm.c
@ -367,6 +367,13 @@ void ssl_pm_set_fd(SSL *ssl, int fd, int mode)
    ssl_pm->fd.fd = fd;
 }

+void ssl_pm_set_hostname(SSL *ssl, const char *hostname)
+{
+    struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
+
+    mbedtls_ssl_set_hostname(&ssl_pm->ssl, hostname);
+}
+
 int ssl_pm_get_fd(const SSL *ssl, int mode)
 {
    struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;