espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-07-31 11:17:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'fix/wolfssl_domain_name_check_v4.1' into 'release/v4.1'

Browse Source 
esp_tls_wolfssl : Add domain name check (v4.1)

See merge request espressif/esp-idf!11817
This commit is contained in:
Mahavir Jain
2021-02-05 12:07:11 +08:00
parent b91448aa03 52d9d07422
commit a60e9c136b
1 changed files with 20 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
components/esp-tls/esp_tls_wolfssl.c
View File

@@ -55,6 +55,26 @@ int esp_create_wolfssl_handle(const char *hostname, size_t hostlen, const void *
goto exit; goto exit;
} }
if (!cfg->skip_common_name) {
char *use_host = NULL;
if (cfg->common_name != NULL) {
use_host = strdup(cfg->common_name);
} else {
use_host = strndup(hostname, hostlen);
}
if (use_host == NULL) {
return ESP_ERR_NO_MEM;
}
/* Hostname set here should match CN in server certificate */
if ((ret = (wolfSSL_check_domain_name( (WOLFSSL *)tls->priv_ssl, use_host))) != WOLFSSL_SUCCESS) {
ESP_LOGE(TAG, "wolfSSL_check_domain_name returned -0x%x", -ret);
ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ERR_TYPE_WOLFSSL, -ret);
free(use_host);
return ESP_FAIL;
}
free(use_host);
}
#ifdef HAVE_ALPN #ifdef HAVE_ALPN
if (cfg->alpn_protos) { if (cfg->alpn_protos) {
char **alpn_list = (char **)cfg->alpn_protos; char **alpn_list = (char **)cfg->alpn_protos;
@@ -96,16 +116,6 @@ int esp_create_wolfssl_handle(const char *hostname, size_t hostlen, const void *
goto exit; goto exit;
} }
#ifdef HAVE_SNI
/* Hostname set here should match CN in server certificate */
char *use_host = strndup(hostname, hostlen);
if (!use_host) {
goto exit;
}
wolfSSL_set_tlsext_host_name( (WOLFSSL *)tls->priv_ssl, use_host);
free(use_host);
#endif
wolfSSL_set_fd((WOLFSSL *)tls->priv_ssl, tls->sockfd); wolfSSL_set_fd((WOLFSSL *)tls->priv_ssl, tls->sockfd);
return 0; return 0;
exit: exit: