mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-25 19:15:41 +01:00
Ability to disable server_name extension (RFC 6066)
This commit is contained in:
parent
d2f068e071
commit
0be444a8b1
@ -31,6 +31,7 @@ Changes
|
|||||||
* Split up the GCM module into a starts/update/finish cycle
|
* Split up the GCM module into a starts/update/finish cycle
|
||||||
* Client and server now filter sent and accepted ciphersuites on minimum
|
* Client and server now filter sent and accepted ciphersuites on minimum
|
||||||
and maximum protocol version
|
and maximum protocol version
|
||||||
|
* Ability to disable server_name extension (RFC 6066)
|
||||||
* Renamed error_strerror() to the less conflicting polarssl_strerror()
|
* Renamed error_strerror() to the less conflicting polarssl_strerror()
|
||||||
(Ability to keep old as well with POLARSSL_ERROR_STRERROR_BC)
|
(Ability to keep old as well with POLARSSL_ERROR_STRERROR_BC)
|
||||||
* SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly
|
* SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly
|
||||||
|
@ -597,6 +597,15 @@
|
|||||||
*/
|
*/
|
||||||
#define POLARSSL_SSL_SESSION_TICKETS
|
#define POLARSSL_SSL_SESSION_TICKETS
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \def POLARSSL_SSL_SERVER_NAME_INDICATION
|
||||||
|
*
|
||||||
|
* Enable support for RFC 6066 server name indication (SNI) in SSL
|
||||||
|
*
|
||||||
|
* Comment this macro to disable support for server name indication in SSL
|
||||||
|
*/
|
||||||
|
#define POLARSSL_SSL_SERVER_NAME_INDICATION
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \def POLARSSL_SSL_TRUNCATED_HMAC
|
* \def POLARSSL_SSL_TRUNCATED_HMAC
|
||||||
*
|
*
|
||||||
|
@ -564,7 +564,6 @@ struct _ssl_context
|
|||||||
int (*f_send)(void *, const unsigned char *, size_t);
|
int (*f_send)(void *, const unsigned char *, size_t);
|
||||||
int (*f_get_cache)(void *, ssl_session *);
|
int (*f_get_cache)(void *, ssl_session *);
|
||||||
int (*f_set_cache)(void *, const ssl_session *);
|
int (*f_set_cache)(void *, const ssl_session *);
|
||||||
int (*f_sni)(void *, ssl_context *, const unsigned char *, size_t);
|
|
||||||
|
|
||||||
void *p_rng; /*!< context for the RNG function */
|
void *p_rng; /*!< context for the RNG function */
|
||||||
void *p_dbg; /*!< context for the debug function */
|
void *p_dbg; /*!< context for the debug function */
|
||||||
@ -572,9 +571,13 @@ struct _ssl_context
|
|||||||
void *p_send; /*!< context for writing operations */
|
void *p_send; /*!< context for writing operations */
|
||||||
void *p_get_cache; /*!< context for cache retrieval */
|
void *p_get_cache; /*!< context for cache retrieval */
|
||||||
void *p_set_cache; /*!< context for cache store */
|
void *p_set_cache; /*!< context for cache store */
|
||||||
void *p_sni; /*!< context for SNI extension */
|
|
||||||
void *p_hw_data; /*!< context for HW acceleration */
|
void *p_hw_data; /*!< context for HW acceleration */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
|
||||||
|
int (*f_sni)(void *, ssl_context *, const unsigned char *, size_t);
|
||||||
|
void *p_sni; /*!< context for SNI extension */
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_X509_PARSE_C)
|
#if defined(POLARSSL_X509_PARSE_C)
|
||||||
int (*f_vrfy)(void *, x509_cert *, int, int *);
|
int (*f_vrfy)(void *, x509_cert *, int, int *);
|
||||||
void *p_vrfy; /*!< context for verification */
|
void *p_vrfy; /*!< context for verification */
|
||||||
@ -689,11 +692,13 @@ struct _ssl_context
|
|||||||
size_t psk_identity_len;
|
size_t psk_identity_len;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
|
||||||
/*
|
/*
|
||||||
* TLS extensions
|
* SNI extension
|
||||||
*/
|
*/
|
||||||
unsigned char *hostname;
|
unsigned char *hostname;
|
||||||
size_t hostname_len;
|
size_t hostname_len;
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Secure renegotiation
|
* Secure renegotiation
|
||||||
@ -1032,6 +1037,7 @@ int ssl_set_dh_param( ssl_context *ssl, const char *dhm_P, const char *dhm_G );
|
|||||||
int ssl_set_dh_param_ctx( ssl_context *ssl, dhm_context *dhm_ctx );
|
int ssl_set_dh_param_ctx( ssl_context *ssl, dhm_context *dhm_ctx );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
|
||||||
/**
|
/**
|
||||||
* \brief Set hostname for ServerName TLS extension
|
* \brief Set hostname for ServerName TLS extension
|
||||||
* (client-side only)
|
* (client-side only)
|
||||||
@ -1067,6 +1073,7 @@ void ssl_set_sni( ssl_context *ssl,
|
|||||||
int (*f_sni)(void *, ssl_context *, const unsigned char *,
|
int (*f_sni)(void *, ssl_context *, const unsigned char *,
|
||||||
size_t),
|
size_t),
|
||||||
void *p_sni );
|
void *p_sni );
|
||||||
|
#endif /* POLARSSL_SSL_SERVER_NAME_INDICATION */
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Set the maximum supported version sent from the client side
|
* \brief Set the maximum supported version sent from the client side
|
||||||
|
@ -51,6 +51,7 @@ typedef UINT32 uint32_t;
|
|||||||
#include <time.h>
|
#include <time.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
|
||||||
static void ssl_write_hostname_ext( ssl_context *ssl,
|
static void ssl_write_hostname_ext( ssl_context *ssl,
|
||||||
unsigned char *buf,
|
unsigned char *buf,
|
||||||
size_t *olen )
|
size_t *olen )
|
||||||
@ -100,6 +101,7 @@ static void ssl_write_hostname_ext( ssl_context *ssl,
|
|||||||
|
|
||||||
*olen = ssl->hostname_len + 9;
|
*olen = ssl->hostname_len + 9;
|
||||||
}
|
}
|
||||||
|
#endif /* POLARSSL_SSL_SERVER_NAME_INDICATION */
|
||||||
|
|
||||||
static void ssl_write_renegotiation_ext( ssl_context *ssl,
|
static void ssl_write_renegotiation_ext( ssl_context *ssl,
|
||||||
unsigned char *buf,
|
unsigned char *buf,
|
||||||
@ -534,8 +536,10 @@ static int ssl_write_client_hello( ssl_context *ssl )
|
|||||||
|
|
||||||
// First write extensions, then the total length
|
// First write extensions, then the total length
|
||||||
//
|
//
|
||||||
|
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
|
||||||
ssl_write_hostname_ext( ssl, p + 2 + ext_len, &olen );
|
ssl_write_hostname_ext( ssl, p + 2 + ext_len, &olen );
|
||||||
ext_len += olen;
|
ext_len += olen;
|
||||||
|
#endif
|
||||||
|
|
||||||
ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, &olen );
|
ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, &olen );
|
||||||
ext_len += olen;
|
ext_len += olen;
|
||||||
|
@ -336,6 +336,7 @@ static int ssl_parse_ticket( ssl_context *ssl,
|
|||||||
}
|
}
|
||||||
#endif /* POLARSSL_SSL_SESSION_TICKETS */
|
#endif /* POLARSSL_SSL_SESSION_TICKETS */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
|
||||||
static int ssl_parse_servername_ext( ssl_context *ssl,
|
static int ssl_parse_servername_ext( ssl_context *ssl,
|
||||||
const unsigned char *buf,
|
const unsigned char *buf,
|
||||||
size_t len )
|
size_t len )
|
||||||
@ -385,6 +386,7 @@ static int ssl_parse_servername_ext( ssl_context *ssl,
|
|||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
#endif /* POLARSSL_SSL_SERVER_NAME_INDICATION */
|
||||||
|
|
||||||
static int ssl_parse_renegotiation_info( ssl_context *ssl,
|
static int ssl_parse_renegotiation_info( ssl_context *ssl,
|
||||||
const unsigned char *buf,
|
const unsigned char *buf,
|
||||||
@ -1157,6 +1159,7 @@ static int ssl_parse_client_hello( ssl_context *ssl )
|
|||||||
}
|
}
|
||||||
switch( ext_id )
|
switch( ext_id )
|
||||||
{
|
{
|
||||||
|
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
|
||||||
case TLS_EXT_SERVERNAME:
|
case TLS_EXT_SERVERNAME:
|
||||||
SSL_DEBUG_MSG( 3, ( "found ServerName extension" ) );
|
SSL_DEBUG_MSG( 3, ( "found ServerName extension" ) );
|
||||||
if( ssl->f_sni == NULL )
|
if( ssl->f_sni == NULL )
|
||||||
@ -1166,6 +1169,7 @@ static int ssl_parse_client_hello( ssl_context *ssl )
|
|||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
break;
|
break;
|
||||||
|
#endif /* POLARSSL_SSL_SERVER_NAME_INDICATION */
|
||||||
|
|
||||||
case TLS_EXT_RENEGOTIATION_INFO:
|
case TLS_EXT_RENEGOTIATION_INFO:
|
||||||
SSL_DEBUG_MSG( 3, ( "found renegotiation extension" ) );
|
SSL_DEBUG_MSG( 3, ( "found renegotiation extension" ) );
|
||||||
|
@ -35,12 +35,12 @@
|
|||||||
|
|
||||||
#if defined(POLARSSL_SSL_TLS_C)
|
#if defined(POLARSSL_SSL_TLS_C)
|
||||||
|
|
||||||
#include "polarssl/aes.h"
|
#include "polarssl/debug.h"
|
||||||
|
#include "polarssl/ssl.h"
|
||||||
|
|
||||||
#include "polarssl/arc4.h"
|
#include "polarssl/arc4.h"
|
||||||
#include "polarssl/camellia.h"
|
#include "polarssl/camellia.h"
|
||||||
#include "polarssl/des.h"
|
#include "polarssl/des.h"
|
||||||
#include "polarssl/debug.h"
|
|
||||||
#include "polarssl/ssl.h"
|
|
||||||
|
|
||||||
#if defined(POLARSSL_GCM_C)
|
#if defined(POLARSSL_GCM_C)
|
||||||
#include "polarssl/gcm.h"
|
#include "polarssl/gcm.h"
|
||||||
@ -3053,8 +3053,10 @@ int ssl_init( ssl_context *ssl )
|
|||||||
memset( ssl-> in_ctr, 0, SSL_BUFFER_LEN );
|
memset( ssl-> in_ctr, 0, SSL_BUFFER_LEN );
|
||||||
memset( ssl->out_ctr, 0, SSL_BUFFER_LEN );
|
memset( ssl->out_ctr, 0, SSL_BUFFER_LEN );
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
|
||||||
ssl->hostname = NULL;
|
ssl->hostname = NULL;
|
||||||
ssl->hostname_len = 0;
|
ssl->hostname_len = 0;
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_SSL_SESSION_TICKETS)
|
#if defined(POLARSSL_SSL_SESSION_TICKETS)
|
||||||
ssl->ticket_lifetime = SSL_DEFAULT_TICKET_LIFETIME;
|
ssl->ticket_lifetime = SSL_DEFAULT_TICKET_LIFETIME;
|
||||||
@ -3356,6 +3358,7 @@ int ssl_set_dh_param_ctx( ssl_context *ssl, dhm_context *dhm_ctx )
|
|||||||
}
|
}
|
||||||
#endif /* POLARSSL_DHM_C */
|
#endif /* POLARSSL_DHM_C */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
|
||||||
int ssl_set_hostname( ssl_context *ssl, const char *hostname )
|
int ssl_set_hostname( ssl_context *ssl, const char *hostname )
|
||||||
{
|
{
|
||||||
if( hostname == NULL )
|
if( hostname == NULL )
|
||||||
@ -3387,6 +3390,7 @@ void ssl_set_sni( ssl_context *ssl,
|
|||||||
ssl->f_sni = f_sni;
|
ssl->f_sni = f_sni;
|
||||||
ssl->p_sni = p_sni;
|
ssl->p_sni = p_sni;
|
||||||
}
|
}
|
||||||
|
#endif /* POLARSSL_SSL_SERVER_NAME_INDICATION */
|
||||||
|
|
||||||
void ssl_set_max_version( ssl_context *ssl, int major, int minor )
|
void ssl_set_max_version( ssl_context *ssl, int major, int minor )
|
||||||
{
|
{
|
||||||
@ -3918,12 +3922,14 @@ void ssl_free( ssl_context *ssl )
|
|||||||
polarssl_free( ssl->ticket_keys );
|
polarssl_free( ssl->ticket_keys );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
|
||||||
if ( ssl->hostname != NULL)
|
if ( ssl->hostname != NULL)
|
||||||
{
|
{
|
||||||
memset( ssl->hostname, 0, ssl->hostname_len );
|
memset( ssl->hostname, 0, ssl->hostname_len );
|
||||||
polarssl_free( ssl->hostname );
|
polarssl_free( ssl->hostname );
|
||||||
ssl->hostname_len = 0;
|
ssl->hostname_len = 0;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
|
#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
|
||||||
if( ssl_hw_record_finish != NULL )
|
if( ssl_hw_record_finish != NULL )
|
||||||
|
@ -719,7 +719,9 @@ int main( int argc, char *argv[] )
|
|||||||
strlen( opt.psk_identity ) );
|
strlen( opt.psk_identity ) );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
|
||||||
ssl_set_hostname( &ssl, opt.server_name );
|
ssl_set_hostname( &ssl, opt.server_name );
|
||||||
|
#endif
|
||||||
|
|
||||||
if( opt.min_version != -1 )
|
if( opt.min_version != -1 )
|
||||||
ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, opt.min_version );
|
ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, opt.min_version );
|
||||||
|
@ -596,7 +596,9 @@ int main( int argc, char *argv[] )
|
|||||||
ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
|
ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
|
||||||
ssl_set_own_cert( &ssl, &clicert, &rsa );
|
ssl_set_own_cert( &ssl, &clicert, &rsa );
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
|
||||||
ssl_set_hostname( &ssl, opt.server_name );
|
ssl_set_hostname( &ssl, opt.server_name );
|
||||||
|
#endif
|
||||||
|
|
||||||
if( opt.mode == MODE_SSL_TLS )
|
if( opt.mode == MODE_SSL_TLS )
|
||||||
{
|
{
|
||||||
|
Loading…
Reference in New Issue
Block a user