feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #1227 from moisesguimaraes/adds-client-side-get-sni

Browse Source 
enables wolfSSL_SNI_GetRequest() at client side.
This commit is contained in:
dgarske
2017-11-14 13:22:37 -08:00
committed by GitHub
parent a0931313dd 5da82f43ed
commit 815cbd8f68
4 changed files with 29 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/tls.c
View File

@@ -1504,8 +1504,6 @@ static word16 TLSX_SNI_Write(SNI* list, byte* output)
return offset; return offset;
} }
#ifndef NO_WOLFSSL_SERVER
/** Finds a SNI object in the provided list. */ /** Finds a SNI object in the provided list. */
static SNI* TLSX_SNI_Find(SNI *list, byte type) static SNI* TLSX_SNI_Find(SNI *list, byte type)
{ {
@@ -1517,7 +1515,6 @@ static SNI* TLSX_SNI_Find(SNI *list, byte type)
return sni; return sni;
} }
/** Sets the status of a SNI object. */ /** Sets the status of a SNI object. */
static void TLSX_SNI_SetStatus(TLSX* extensions, byte type, byte status) static void TLSX_SNI_SetStatus(TLSX* extensions, byte type, byte status)
{ {
@@ -1540,8 +1537,6 @@ byte TLSX_SNI_Status(TLSX* extensions, byte type)
return 0; return 0;
} }
#endif /* NO_WOLFSSL_SERVER */
/** Parses a buffer of SNI extensions. */ /** Parses a buffer of SNI extensions. */
static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length, static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
byte isRequest) byte isRequest)
@@ -1562,8 +1557,21 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
if (!extension || !extension->data) if (!extension || !extension->data)
return TLSX_HandleUnsupportedExtension(ssl); return TLSX_HandleUnsupportedExtension(ssl);
return length ? BUFFER_ERROR /* SNI response MUST be empty. */ if (length > 0)
: 0; /* nothing else to do. */ return BUFFER_ERROR; /* SNI response MUST be empty. */
/* This call enables wolfSSL_SNI_GetRequest() to be called in the
* client side to fetch the used SNI. It will only work if the SNI
* was set at the SSL object level. Right now we only support one
* name type, WOLFSSL_SNI_HOST_NAME, but in the future, the
* inclusion of other name types will turn this method inaccurate,
* as the extension response doesn't contains information of which
* name was accepted.
*/
TLSX_SNI_SetStatus(ssl->extensions, WOLFSSL_SNI_HOST_NAME,
WOLFSSL_SNI_REAL_MATCH);
return 0;
#endif #endif
} }

2
tests/api.c
View File

@@ -1806,7 +1806,7 @@ static void test_wolfSSL_UseSNI_connection(void)
{0, use_SNI_at_ctx, 0, verify_SNI_real_matching}, {0, use_SNI_at_ctx, 0, verify_SNI_real_matching},
/* success case at ssl */ /* success case at ssl */
{0, 0, use_SNI_at_ssl, 0}, {0, 0, use_SNI_at_ssl, verify_SNI_real_matching},
{0, 0, use_SNI_at_ssl, verify_SNI_real_matching}, {0, 0, use_SNI_at_ssl, verify_SNI_real_matching},
/* default missmatch behavior */ /* default missmatch behavior */

14
wolfssl/internal.h
View File

@@ -1896,24 +1896,24 @@ WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length,
#ifdef HAVE_SNI #ifdef HAVE_SNI
typedef struct SNI { typedef struct SNI {
byte type; /* SNI Type */ byte type; /* SNI Type */
union { char* host_name; } data; /* SNI Data */ union { char* host_name; } data; /* SNI Data */
struct SNI* next; /* List Behavior */ struct SNI* next; /* List Behavior */
byte status; /* Matching result */
#ifndef NO_WOLFSSL_SERVER #ifndef NO_WOLFSSL_SERVER
byte options; /* Behavior options */ byte options; /* Behavior options */
byte status; /* Matching result */
#endif #endif
} SNI; } SNI;
WOLFSSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, WOLFSSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data,
word16 size, void* heap); word16 size, void* heap);
WOLFSSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type);
WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type,
void** data);
#ifndef NO_WOLFSSL_SERVER #ifndef NO_WOLFSSL_SERVER
WOLFSSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type, WOLFSSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type,
byte options); byte options);
WOLFSSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type);
WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type,
void** data);
WOLFSSL_LOCAL int TLSX_SNI_GetFromBuffer(const byte* buffer, word32 bufferSz, WOLFSSL_LOCAL int TLSX_SNI_GetFromBuffer(const byte* buffer, word32 bufferSz,
byte type, byte* sni, word32* inOutSz); byte type, byte* sni, word32* inOutSz);
#endif #endif

11
wolfssl/ssl.h
View File

@@ -1920,6 +1920,11 @@ WOLFSSL_API void wolfSSL_SNI_SetOptions(WOLFSSL* ssl, unsigned char type,
unsigned char options); unsigned char options);
WOLFSSL_API void wolfSSL_CTX_SNI_SetOptions(WOLFSSL_CTX* ctx, WOLFSSL_API void wolfSSL_CTX_SNI_SetOptions(WOLFSSL_CTX* ctx,
unsigned char type, unsigned char options); unsigned char type, unsigned char options);
WOLFSSL_API int wolfSSL_SNI_GetFromBuffer(
const unsigned char* clientHello, unsigned int helloSz,
unsigned char type, unsigned char* sni, unsigned int* inOutSz);
#endif /* NO_WOLFSSL_SERVER */
/* SNI status */ /* SNI status */
enum { enum {
@@ -1933,12 +1938,8 @@ WOLFSSL_API unsigned char wolfSSL_SNI_Status(WOLFSSL* ssl, unsigned char type);
WOLFSSL_API unsigned short wolfSSL_SNI_GetRequest(WOLFSSL *ssl, WOLFSSL_API unsigned short wolfSSL_SNI_GetRequest(WOLFSSL *ssl,
unsigned char type, void** data); unsigned char type, void** data);
WOLFSSL_API int wolfSSL_SNI_GetFromBuffer(
const unsigned char* clientHello, unsigned int helloSz,
unsigned char type, unsigned char* sni, unsigned int* inOutSz);
#endif #endif /* HAVE_SNI */
#endif
/* Application-Layer Protocol Negotiation */ /* Application-Layer Protocol Negotiation */
#ifdef HAVE_ALPN #ifdef HAVE_ALPN