From 685bfd1f9d7618b4076fa83b46424f3cebf5d486 Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Fri, 19 Apr 2024 01:20:08 -0500
Subject: [PATCH] add wolfSSL_get0_peername() and SSL_set_mtu().

---
 src/ssl.c             | 20 ++++++++++++++++++++
 wolfssl/openssl/ssl.h |  6 ++++++
 wolfssl/ssl.h         |  4 ++++
 3 files changed, 30 insertions(+)

diff --git a/src/ssl.c b/src/ssl.c
index 9ba891d62..67af8d9d8 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -10315,6 +10315,26 @@ int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn)
     }
 }
 
+#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
+const char *wolfSSL_get0_peername(WOLFSSL *ssl) {
+    if (ssl == NULL) {
+        ssl->error = BAD_FUNC_ARG;
+        return NULL;
+    }
+
+    if (ssl->buffers.domainName.buffer)
+        return (const char *)ssl->buffers.domainName.buffer;
+    else if (ssl->session && ssl->session->peer)
+        return ssl->session->peer->subjectCN;
+    else if (ssl->peerCert.subjectCN[0])
+        return ssl->peerCert.subjectCN;
+    else {
+        ssl->error = NO_PEER_CERT;
+        return NULL;
+    }
+}
+
+#endif /* SESSION_CERTS && OPENSSL_EXTRA */
 
 /* turn on wolfSSL zlib compression
    returns WOLFSSL_SUCCESS for success, else error (not built in)
diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h
index 0fbf621b7..c75084ec5 100644
--- a/wolfssl/openssl/ssl.h
+++ b/wolfssl/openssl/ssl.h
@@ -1150,6 +1150,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define DTLSv1_handle_timeout               wolfSSL_DTLSv1_handle_timeout
 #define DTLSv1_set_initial_timeout_duration wolfSSL_DTLSv1_set_initial_timeout_duration
 
+#define SSL_set_mtu(ssl, mtu) ((wolfSSL_dtls_set_mtu(ssl, mtu) == 0) ? SSL_SUCCESS : SSL_FAILURE)
+
 /* DTLS SRTP */
 #ifdef WOLFSSL_SRTP
 typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
@@ -1201,6 +1203,10 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 #define sk_SSL_CIPHER_free              wolfSSL_sk_SSL_CIPHER_free
 #define sk_SSL_CIPHER_find              wolfSSL_sk_SSL_CIPHER_find
 
+#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
+#define SSL_get0_peername wolfSSL_get0_peername
+#endif
+
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
     || defined(WOLFSSL_NGINX)
 #include <wolfssl/openssl/pem.h>
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 50d59a7f5..6c3606ff6 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -2871,6 +2871,10 @@ WOLFSSL_API int wolfSSL_CTX_get_ex_new_index(long idx, void* arg,
    date check and signature check */
 WOLFSSL_ABI WOLFSSL_API int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn);
 
+#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
+WOLFSSL_API const char *wolfSSL_get0_peername(WOLFSSL *ssl);
+#endif
+
 /* need to call once to load library (session cache) */
 WOLFSSL_ABI WOLFSSL_API int wolfSSL_Init(void);
 /* call when done to cleanup/free session cache mutex / resources  */