feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

changed CYASSL_SNI_ABORT_ON_MISMATCH to CYASSL_SNI_CONTINUE_ON_MISMATCH

Browse Source
This commit is contained in:
Moisés Guimarães
2013-06-03 10:04:49 -03:00
parent 4ad91673ca
commit cb2082edee
3 changed files with 13 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cyassl/ssl.h
View File

@@ -944,7 +944,7 @@ CYASSL_API int CyaSSL_CTX_UseSNI(CYASSL_CTX* ctx, unsigned char type,
#ifndef NO_CYASSL_SERVER #ifndef NO_CYASSL_SERVER
/* SNI options */ /* SNI options */
enum { enum {
CYASSL_SNI_ABORT_ON_MISMATCH = 0x01 CYASSL_SNI_CONTINUE_ON_MISMATCH = 0x01
}; };
CYASSL_API void CyaSSL_SNI_SetOptions(CYASSL* ssl, unsigned char type, CYASSL_API void CyaSSL_SNI_SetOptions(CYASSL* ssl, unsigned char type,

6
examples/server/server.c
View File

@@ -408,14 +408,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#endif #endif
#ifdef HAVE_SNI #ifdef HAVE_SNI
if (sniHostName) { if (sniHostName)
if (CyaSSL_CTX_UseSNI(ctx, CYASSL_SNI_HOST_NAME, sniHostName, if (CyaSSL_CTX_UseSNI(ctx, CYASSL_SNI_HOST_NAME, sniHostName,
XSTRLEN(sniHostName))) XSTRLEN(sniHostName)))
err_sys("UseSNI failed"); err_sys("UseSNI failed");
else
CyaSSL_CTX_SNI_SetOptions(ctx, CYASSL_SNI_HOST_NAME,
CYASSL_SNI_ABORT_ON_MISMATCH);
}
#endif #endif
ssl = SSL_new(ctx); ssl = SSL_new(ctx);

15
src/tls.c
View File

@@ -708,10 +708,17 @@ static int TLSX_SNI_Parse(CYASSL* ssl, byte* input, word16 length,
switch(type) { switch(type) {
case CYASSL_SNI_HOST_NAME: case CYASSL_SNI_HOST_NAME:
if ((sni->options & CYASSL_SNI_ABORT_ON_MISMATCH) if (XSTRLEN(sni->data.host_name) != size
&& ((XSTRLEN(sni->data.host_name) != size) || XSTRNCMP(sni->data.host_name,
|| XSTRNCMP(sni->data.host_name, (const char *) input + offset, size)) {
(const char *) input + offset, size))) { if (sni->options & CYASSL_SNI_CONTINUE_ON_MISMATCH)
break;
/**
* Better client thinks the server is not using SNI,
* instead of thinking that the host_name matched.
* No empty SNI response in this case.
*/
SendAlert(ssl, alert_fatal, unrecognized_name); SendAlert(ssl, alert_fatal, unrecognized_name);
return UNKNOWN_SNI_HOST_NAME_E; return UNKNOWN_SNI_HOST_NAME_E;