Merge pull request #5520 from julek-wolfssl/sni-tls-1.2

SNI can appear in ServerHello for TLS 1.2
2025-07-29 18:27:29 +02:00 · 2022-08-29 09:36:53 -06:00
parent e88bd66501 88deaf9b5c
commit 11c553ea1d
2 changed files with 22 additions and 3 deletions
--- a/src/tls.c
+++ b/src/tls.c
@ -12307,7 +12307,8 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
                else
 #endif
                {
-                    if (msgType != client_hello)
+                    if (msgType != client_hello &&
+                        msgType != server_hello)
                        return EXT_NOT_ALLOWED;
                }
                ret = SNI_PARSE(ssl, input + offset, size, isRequest);
--- a/tests/api.c
+++ b/tests/api.c
@ -7669,11 +7669,28 @@ static int test_wolfSSL_UseSNI_connection(void)
 #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
    callback_functions client_cb;
    callback_functions server_cb;
+    size_t i;

+    struct {
+        method_provider client_meth;
+        method_provider server_meth;
+    } methods[] = {
+#if defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_TLS13)
+        {wolfSSLv23_client_method, wolfSSLv23_server_method},
+#endif
+#ifndef WOLFSSL_NO_TLS12
+        {wolfTLSv1_2_client_method, wolfTLSv1_2_server_method},
+#endif
+#ifdef WOLFSSL_TLS13
+        {wolfTLSv1_3_client_method, wolfTLSv1_3_server_method},
+#endif
+    };
+
+    for (i = 0; i < (sizeof(methods)/sizeof(*methods)); i++) {
    XMEMSET(&client_cb, 0, sizeof(callback_functions));
    XMEMSET(&server_cb, 0, sizeof(callback_functions));
-    client_cb.method = wolfSSLv23_client_method;
-    server_cb.method = wolfSSLv23_server_method;
+    client_cb.method = methods[i].client_meth;
+    server_cb.method = methods[i].server_meth;
    client_cb.devId = testDevId;
    server_cb.devId = testDevId;

@ -7726,6 +7743,7 @@ static int test_wolfSSL_UseSNI_connection(void)
    client_cb.ctx_ready = NULL;                            client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL;
    server_cb.ctx_ready = use_PSEUDO_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL;                 server_cb.on_result = verify_SNI_fake_matching;
    test_wolfSSL_client_server(&client_cb, &server_cb);
+    }
 #endif /* !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */

    return 0;