From b65f47c5869b2fec4e819e9aa17d81d5d47b5828 Mon Sep 17 00:00:00 2001 From: Kedar Sovani Date: Mon, 2 Oct 2017 14:00:13 +0530 Subject: [PATCH] [openssl] Add support for SNI (sending the hostname) --- components/openssl/include/internal/ssl_methods.h | 3 ++- components/openssl/include/internal/ssl_types.h | 2 ++ components/openssl/include/openssl/ssl.h | 12 ++++++++++++ components/openssl/include/platform/ssl_pm.h | 2 ++ components/openssl/library/ssl_lib.c | 14 ++++++++++++++ components/openssl/library/ssl_methods.c | 2 +- components/openssl/platform/ssl_pm.c | 7 +++++++ 7 files changed, 40 insertions(+), 2 deletions(-) diff --git a/components/openssl/include/internal/ssl_methods.h b/components/openssl/include/internal/ssl_methods.h index cd2f8c0533..17cf9bb697 100644 --- a/components/openssl/include/internal/ssl_methods.h +++ b/components/openssl/include/internal/ssl_methods.h @@ -28,7 +28,7 @@ new, free, \ handshake, shutdown, clear, \ read, send, pending, \ - set_fd, get_fd, \ + set_fd, set_hostname, get_fd, \ set_bufflen, \ get_verify_result, \ get_state) \ @@ -42,6 +42,7 @@ send, \ pending, \ set_fd, \ + set_hostname, \ get_fd, \ set_bufflen, \ get_verify_result, \ diff --git a/components/openssl/include/internal/ssl_types.h b/components/openssl/include/internal/ssl_types.h index 15295243f6..b08c4d0e2a 100644 --- a/components/openssl/include/internal/ssl_types.h +++ b/components/openssl/include/internal/ssl_types.h @@ -259,6 +259,8 @@ struct ssl_method_func_st { void (*ssl_set_fd)(SSL *ssl, int fd, int mode); + void (*ssl_set_hostname)(SSL *ssl, const char *hostname); + int (*ssl_get_fd)(const SSL *ssl, int mode); void (*ssl_set_bufflen)(SSL *ssl, int len); diff --git a/components/openssl/include/openssl/ssl.h b/components/openssl/include/openssl/ssl.h index 39d4bf737c..4af037af6a 100755 --- a/components/openssl/include/openssl/ssl.h +++ b/components/openssl/include/openssl/ssl.h @@ -145,6 +145,18 @@ int SSL_shutdown(SSL *ssl); */ int SSL_set_fd(SSL *ssl, int fd); +/** + * @brief Set the hostname for SNI + * + * @param ssl - the SSL context point + * @param hostname - pointer to the hostname + * + * @return result + * 1 : OK + * 0 : failed + */ +int SSL_set_tlsext_host_name(SSL* ssl, const char *hostname); + /** * @brief These functions load the private key into the SSL_CTX or SSL object * diff --git a/components/openssl/include/platform/ssl_pm.h b/components/openssl/include/platform/ssl_pm.h index cbbe3aa3a2..f028a0cee8 100644 --- a/components/openssl/include/platform/ssl_pm.h +++ b/components/openssl/include/platform/ssl_pm.h @@ -39,6 +39,8 @@ int ssl_pm_pending(const SSL *ssl); void ssl_pm_set_fd(SSL *ssl, int fd, int mode); int ssl_pm_get_fd(const SSL *ssl, int mode); +void ssl_pm_set_hostname(SSL *ssl, const char *hostname); + OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl); void ssl_pm_set_bufflen(SSL *ssl, int len); diff --git a/components/openssl/library/ssl_lib.c b/components/openssl/library/ssl_lib.c index a89eab9739..363cacdf8d 100644 --- a/components/openssl/library/ssl_lib.c +++ b/components/openssl/library/ssl_lib.c @@ -734,6 +734,19 @@ int SSL_set_wfd(SSL *ssl, int fd) return 1; } +/** + * @brief SET TLS Hostname + */ +int SSL_set_tlsext_host_name(SSL* ssl, const char *hostname) +{ + SSL_ASSERT1(ssl); + SSL_ASSERT1(hostname); + + SSL_METHOD_CALL(set_hostname, ssl, hostname); + + return 1; +} + /** * @brief get SSL version */ @@ -1593,3 +1606,4 @@ int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, unsigned ctx->ssl_alpn.alpn_list[i] = NULL; return 0; } + diff --git a/components/openssl/library/ssl_methods.c b/components/openssl/library/ssl_methods.c index 0002360846..5c5f7f9d2a 100644 --- a/components/openssl/library/ssl_methods.c +++ b/components/openssl/library/ssl_methods.c @@ -22,7 +22,7 @@ IMPLEMENT_TLS_METHOD_FUNC(TLS_method_func, ssl_pm_new, ssl_pm_free, ssl_pm_handshake, ssl_pm_shutdown, ssl_pm_clear, ssl_pm_read, ssl_pm_send, ssl_pm_pending, - ssl_pm_set_fd, ssl_pm_get_fd, + ssl_pm_set_fd, ssl_pm_set_hostname, ssl_pm_get_fd, ssl_pm_set_bufflen, ssl_pm_get_verify_result, ssl_pm_get_state); diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c index 3d8849e3a9..4fa78ac868 100755 --- a/components/openssl/platform/ssl_pm.c +++ b/components/openssl/platform/ssl_pm.c @@ -367,6 +367,13 @@ void ssl_pm_set_fd(SSL *ssl, int fd, int mode) ssl_pm->fd.fd = fd; } +void ssl_pm_set_hostname(SSL *ssl, const char *hostname) +{ + struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; + + mbedtls_ssl_set_hostname(&ssl_pm->ssl, hostname); +} + int ssl_pm_get_fd(const SSL *ssl, int mode) { struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;