forked from wolfSSL/wolfssl
Fix for SNI callback
* Fix for SNI callback on server to make sure the SNI data is stored even without setting a hostname. This makes sure the SNI extension is set when there is a registered SNI recv callback. * Fix for Apache HTTPD to include `WOLFSSL_ALWAYS_KEEP_SNI`
This commit is contained in:
David Garske
@@ -4279,6 +4279,7 @@ then
|
|||||||
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3 -DOPENSSL_NO_COMP"
|
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3 -DOPENSSL_NO_COMP"
|
||||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DWOLFSSL_SIGNER_DER_CERT"
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DWOLFSSL_SIGNER_DER_CERT"
|
||||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT -DWOLFSSL_CERT_GEN"
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT -DWOLFSSL_CERT_GEN"
|
||||||
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
|
||||||
|
|
||||||
# Requires OCSP make sure on
|
# Requires OCSP make sure on
|
||||||
if test "x$ENABLED_OCSP" = "xno"
|
if test "x$ENABLED_OCSP" = "xno"
|
||||||
|
|||||||
@@ -2692,7 +2692,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||||||
|
|
||||||
#ifdef HAVE_SNI
|
#ifdef HAVE_SNI
|
||||||
if (sniHostName) {
|
if (sniHostName) {
|
||||||
if (wolfSSL_CTX_UseSNI(ctx, 0, sniHostName,
|
if (wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, sniHostName,
|
||||||
(word16) XSTRLEN(sniHostName)) != WOLFSSL_SUCCESS) {
|
(word16) XSTRLEN(sniHostName)) != WOLFSSL_SUCCESS) {
|
||||||
wolfSSL_CTX_free(ctx); ctx = NULL;
|
wolfSSL_CTX_free(ctx); ctx = NULL;
|
||||||
err_sys("UseSNI failed");
|
err_sys("UseSNI failed");
|
||||||
|
|||||||
24
src/tls.c
24
src/tls.c
@@ -2024,18 +2024,24 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, const byte* input, word16 length,
|
|||||||
|
|
||||||
#ifndef NO_WOLFSSL_SERVER
|
#ifndef NO_WOLFSSL_SERVER
|
||||||
if (!extension || !extension->data) {
|
if (!extension || !extension->data) {
|
||||||
#if defined(WOLFSSL_ALWAYS_KEEP_SNI) && !defined(NO_WOLFSSL_SERVER)
|
/* This will keep SNI even though TLSX_UseSNI has not been called.
|
||||||
/* This will keep SNI even though TLSX_UseSNI has not been called.
|
* Enable it so that the received sni is available to functions
|
||||||
* Enable it so that the received sni is available to functions
|
* that use a custom callback when SNI is received.
|
||||||
* that use a custom callback when SNI is received.
|
*/
|
||||||
*/
|
#ifdef WOLFSSL_ALWAYS_KEEP_SNI
|
||||||
|
cacheOnly = 1;
|
||||||
|
#endif
|
||||||
|
if (ssl->ctx->sniRecvCb) {
|
||||||
cacheOnly = 1;
|
cacheOnly = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (cacheOnly) {
|
||||||
WOLFSSL_MSG("Forcing SSL object to store SNI parameter");
|
WOLFSSL_MSG("Forcing SSL object to store SNI parameter");
|
||||||
#else
|
}
|
||||||
|
else {
|
||||||
/* Skipping, SNI not enabled at server side. */
|
/* Skipping, SNI not enabled at server side. */
|
||||||
return 0;
|
return 0;
|
||||||
#endif
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (OPAQUE16_LEN > length)
|
if (OPAQUE16_LEN > length)
|
||||||
@@ -2096,7 +2102,7 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, const byte* input, word16 length,
|
|||||||
|
|
||||||
TLSX_SNI_SetStatus(ssl->extensions, type, (byte)matchStat);
|
TLSX_SNI_SetStatus(ssl->extensions, type, (byte)matchStat);
|
||||||
|
|
||||||
if(!cacheOnly)
|
if (!cacheOnly)
|
||||||
TLSX_SetResponse(ssl, TLSX_SERVER_NAME);
|
TLSX_SetResponse(ssl, TLSX_SERVER_NAME);
|
||||||
}
|
}
|
||||||
else if (!(sni->options & WOLFSSL_SNI_CONTINUE_ON_MISMATCH)) {
|
else if (!(sni->options & WOLFSSL_SNI_CONTINUE_ON_MISMATCH)) {
|
||||||
|
|||||||
Reference in New Issue
Block a user