From a23b65751df44f0f83e535348e6eb319edd900e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 13 Nov 2017 13:58:14 -0200 Subject: [PATCH 1/5] enables wolfSSL_SNI_GetRequest() at client side. --- src/tls.c | 17 +++++++++++++++-- tests/api.c | 2 +- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/src/tls.c b/src/tls.c index e8495bd41..b2db15893 100644 --- a/src/tls.c +++ b/src/tls.c @@ -1562,8 +1562,21 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length, if (!extension || !extension->data) return TLSX_HandleUnsupportedExtension(ssl); - return length ? BUFFER_ERROR /* SNI response MUST be empty. */ - : 0; /* nothing else to do. */ + if (length > 0) + return BUFFER_ERROR; /* SNI response MUST be empty. */ + + /* This call enables wolfSSL_SNI_GetRequest() to be called in the + * client side to fetch the used SNI. It will only work if the SNI + * was set at the SSL object level. Right now we only support one + * name type, WOLFSSL_SNI_HOST_NAME, but in the future, the + * inclusion of other name types will turn this method inacurate, as + * the extension response doesn't contains information of wich name + * was accepted. + */ + TLSX_SNI_SetStatus(ssl->extensions, WOLFSSL_SNI_HOST_NAME, + WOLFSSL_SNI_REAL_MATCH); + + return 0; #endif } diff --git a/tests/api.c b/tests/api.c index ee2528487..b934c1024 100644 --- a/tests/api.c +++ b/tests/api.c @@ -1806,7 +1806,7 @@ static void test_wolfSSL_UseSNI_connection(void) {0, use_SNI_at_ctx, 0, verify_SNI_real_matching}, /* success case at ssl */ - {0, 0, use_SNI_at_ssl, 0}, + {0, 0, use_SNI_at_ssl, verify_SNI_real_matching}, {0, 0, use_SNI_at_ssl, verify_SNI_real_matching}, /* default missmatch behavior */ From f82f03f9825bacc11d2bbdbb76bea344ea76dc69 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 13 Nov 2017 14:53:56 -0200 Subject: [PATCH 2/5] fixes API visibility --- src/tls.c | 5 ----- wolfssl/ssl.h | 11 ++++++----- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/src/tls.c b/src/tls.c index b2db15893..5599b7d8a 100644 --- a/src/tls.c +++ b/src/tls.c @@ -1504,8 +1504,6 @@ static word16 TLSX_SNI_Write(SNI* list, byte* output) return offset; } -#ifndef NO_WOLFSSL_SERVER - /** Finds a SNI object in the provided list. */ static SNI* TLSX_SNI_Find(SNI *list, byte type) { @@ -1517,7 +1515,6 @@ static SNI* TLSX_SNI_Find(SNI *list, byte type) return sni; } - /** Sets the status of a SNI object. */ static void TLSX_SNI_SetStatus(TLSX* extensions, byte type, byte status) { @@ -1540,8 +1537,6 @@ byte TLSX_SNI_Status(TLSX* extensions, byte type) return 0; } -#endif /* NO_WOLFSSL_SERVER */ - /** Parses a buffer of SNI extensions. */ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest) diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 2a275e436..f61cb039e 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1918,6 +1918,11 @@ WOLFSSL_API void wolfSSL_SNI_SetOptions(WOLFSSL* ssl, unsigned char type, unsigned char options); WOLFSSL_API void wolfSSL_CTX_SNI_SetOptions(WOLFSSL_CTX* ctx, unsigned char type, unsigned char options); +WOLFSSL_API int wolfSSL_SNI_GetFromBuffer( + const unsigned char* clientHello, unsigned int helloSz, + unsigned char type, unsigned char* sni, unsigned int* inOutSz); + +#endif /* NO_WOLFSSL_SERVER */ /* SNI status */ enum { @@ -1931,12 +1936,8 @@ WOLFSSL_API unsigned char wolfSSL_SNI_Status(WOLFSSL* ssl, unsigned char type); WOLFSSL_API unsigned short wolfSSL_SNI_GetRequest(WOLFSSL *ssl, unsigned char type, void** data); -WOLFSSL_API int wolfSSL_SNI_GetFromBuffer( - const unsigned char* clientHello, unsigned int helloSz, - unsigned char type, unsigned char* sni, unsigned int* inOutSz); -#endif -#endif +#endif /* HAVE_SNI */ /* Application-Layer Protocol Negotiation */ #ifdef HAVE_ALPN From fe5b512af774cd7b80162f6358b472941c3d542c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 13 Nov 2017 14:59:47 -0200 Subject: [PATCH 3/5] fixes commnet typos --- src/tls.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/tls.c b/src/tls.c index 5599b7d8a..ac3b93ae6 100644 --- a/src/tls.c +++ b/src/tls.c @@ -1564,9 +1564,9 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length, * client side to fetch the used SNI. It will only work if the SNI * was set at the SSL object level. Right now we only support one * name type, WOLFSSL_SNI_HOST_NAME, but in the future, the - * inclusion of other name types will turn this method inacurate, as - * the extension response doesn't contains information of wich name - * was accepted. + * inclusion of other name types will turn this method inaccurate, + * as the extension response doesn't contains information of which + * name was accepted. */ TLSX_SNI_SetStatus(ssl->extensions, WOLFSSL_SNI_HOST_NAME, WOLFSSL_SNI_REAL_MATCH); From 020a004bad98ab1793602e8ecc83fa2f92cae7c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 13 Nov 2017 15:39:24 -0200 Subject: [PATCH 4/5] makes SNI.status available at client side --- wolfssl/internal.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 4dc29fe2c..781282ed9 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1899,8 +1899,8 @@ typedef struct SNI { byte type; /* SNI Type */ union { char* host_name; } data; /* SNI Data */ struct SNI* next; /* List Behavior */ -#ifndef NO_WOLFSSL_SERVER byte options; /* Behavior options */ +#ifndef NO_WOLFSSL_SERVER byte status; /* Matching result */ #endif } SNI; From 5da82f43ed543ef25c1123137951e2868e26af89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 13 Nov 2017 16:10:23 -0200 Subject: [PATCH 5/5] makes SNI.status available at client side --- wolfssl/internal.h | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 781282ed9..878bb74b8 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1896,24 +1896,24 @@ WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, #ifdef HAVE_SNI typedef struct SNI { - byte type; /* SNI Type */ - union { char* host_name; } data; /* SNI Data */ - struct SNI* next; /* List Behavior */ - byte options; /* Behavior options */ + byte type; /* SNI Type */ + union { char* host_name; } data; /* SNI Data */ + struct SNI* next; /* List Behavior */ + byte status; /* Matching result */ #ifndef NO_WOLFSSL_SERVER - byte status; /* Matching result */ + byte options; /* Behavior options */ #endif } SNI; WOLFSSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size, void* heap); +WOLFSSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type); +WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, + void** data); #ifndef NO_WOLFSSL_SERVER WOLFSSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type, byte options); -WOLFSSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type); -WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, - void** data); WOLFSSL_LOCAL int TLSX_SNI_GetFromBuffer(const byte* buffer, word32 bufferSz, byte type, byte* sni, word32* inOutSz); #endif