Merge pull request #1227 from moisesguimaraes/adds-client-side-get-sni

enables wolfSSL_SNI_GetRequest() at client side.
2017-11-14 13:22:37 -08:00
parent a0931313dd 5da82f43ed
commit 815cbd8f68
4 changed files with 29 additions and 20 deletions
--- a/src/tls.c
+++ b/src/tls.c
@@ -1504,8 +1504,6 @@ static word16 TLSX_SNI_Write(SNI* list, byte* output)
    return offset;
 }

-#ifndef NO_WOLFSSL_SERVER
-
 /** Finds a SNI object in the provided list. */
 static SNI* TLSX_SNI_Find(SNI *list, byte type)
 {
@@ -1517,7 +1515,6 @@ static SNI* TLSX_SNI_Find(SNI *list, byte type)
    return sni;
 }

-
 /** Sets the status of a SNI object. */
 static void TLSX_SNI_SetStatus(TLSX* extensions, byte type, byte status)
 {
@@ -1540,8 +1537,6 @@ byte TLSX_SNI_Status(TLSX* extensions, byte type)
    return 0;
 }

-#endif /* NO_WOLFSSL_SERVER */
-
 /** Parses a buffer of SNI extensions. */
 static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
                                                                 byte isRequest)
@@ -1562,8 +1557,21 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
            if (!extension || !extension->data)
                return TLSX_HandleUnsupportedExtension(ssl);

-            return length ? BUFFER_ERROR /* SNI response MUST be empty. */
-                          : 0;           /* nothing else to do.         */
+            if (length > 0)
+                return BUFFER_ERROR; /* SNI response MUST be empty. */
+
+            /* This call enables wolfSSL_SNI_GetRequest() to be called in the
+             * client side to fetch the used SNI. It will only work if the SNI
+             * was set at the SSL object level. Right now we only support one
+             * name type, WOLFSSL_SNI_HOST_NAME, but in the future, the
+             * inclusion of other name types will turn this method inaccurate,
+             * as the extension response doesn't contains information of which
+             * name was accepted.
+             */
+            TLSX_SNI_SetStatus(ssl->extensions, WOLFSSL_SNI_HOST_NAME,
+                                                        WOLFSSL_SNI_REAL_MATCH);
+
+            return 0;
        #endif
    }

--- a/tests/api.c
+++ b/tests/api.c
@@ -1806,7 +1806,7 @@ static void test_wolfSSL_UseSNI_connection(void)
        {0, use_SNI_at_ctx, 0, verify_SNI_real_matching},

        /* success case at ssl */
-        {0, 0, use_SNI_at_ssl, 0},
+        {0, 0, use_SNI_at_ssl, verify_SNI_real_matching},
        {0, 0, use_SNI_at_ssl, verify_SNI_real_matching},

        /* default missmatch behavior */
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -1896,24 +1896,24 @@ WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length,
 #ifdef HAVE_SNI

 typedef struct SNI {
-    byte                       type;    /* SNI Type          */
-    union { char* host_name; } data;    /* SNI Data          */
-    struct SNI*                next;    /* List Behavior     */
+    byte                       type;    /* SNI Type         */
+    union { char* host_name; } data;    /* SNI Data         */
+    struct SNI*                next;    /* List Behavior    */
+    byte                       status;  /* Matching result  */
 #ifndef NO_WOLFSSL_SERVER
    byte                       options; /* Behavior options */
-    byte                       status;  /* Matching result   */
 #endif
 } SNI;

 WOLFSSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data,
                                                       word16 size, void* heap);
+WOLFSSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type);
+WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type,
+                                                                   void** data);

 #ifndef NO_WOLFSSL_SERVER
 WOLFSSL_LOCAL void   TLSX_SNI_SetOptions(TLSX* extensions, byte type,
                                                                  byte options);
-WOLFSSL_LOCAL byte   TLSX_SNI_Status(TLSX* extensions, byte type);
-WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type,
-                                                                   void** data);
 WOLFSSL_LOCAL int    TLSX_SNI_GetFromBuffer(const byte* buffer, word32 bufferSz,
                                         byte type, byte* sni, word32* inOutSz);
 #endif
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1920,6 +1920,11 @@ WOLFSSL_API void wolfSSL_SNI_SetOptions(WOLFSSL* ssl, unsigned char type,
                                                         unsigned char options);
 WOLFSSL_API void wolfSSL_CTX_SNI_SetOptions(WOLFSSL_CTX* ctx,
                                     unsigned char type, unsigned char options);
+WOLFSSL_API int wolfSSL_SNI_GetFromBuffer(
+                 const unsigned char* clientHello, unsigned int helloSz,
+                 unsigned char type, unsigned char* sni, unsigned int* inOutSz);
+
+#endif /* NO_WOLFSSL_SERVER */

 /* SNI status */
 enum {
@@ -1933,12 +1938,8 @@ WOLFSSL_API unsigned char wolfSSL_SNI_Status(WOLFSSL* ssl, unsigned char type);

 WOLFSSL_API unsigned short wolfSSL_SNI_GetRequest(WOLFSSL *ssl,
                                               unsigned char type, void** data);
-WOLFSSL_API int wolfSSL_SNI_GetFromBuffer(
-                 const unsigned char* clientHello, unsigned int helloSz,
-                 unsigned char type, unsigned char* sni, unsigned int* inOutSz);

-#endif
-#endif
+#endif /* HAVE_SNI */

 /* Application-Layer Protocol Negotiation */
 #ifdef HAVE_ALPN