Merge pull request #987 from pennam/sni-fix

pennam · web-flow · commit 11c3c8300e8d · 2024-11-05T11:17:24.000+01:00
Fix and simplify sni setting
diff --git a/libraries/SocketWrapper/src/AClient.cpp b/libraries/SocketWrapper/src/AClient.cpp
@@ -46,11 +46,11 @@ int arduino::AClient::connectSSL(IPAddress ip, uint16_t port) {
   return client->connectSSL(ip, port);
 }
 
-int arduino::AClient::connectSSL(const char *host, uint16_t port, bool disableSNI) {
+int arduino::AClient::connectSSL(const char *host, uint16_t port) {
   if (!client) {
     newMbedClient();
   }
-  return client->connectSSL(host, port, disableSNI);
+  return client->connectSSL(host, port);
 }
 
 void arduino::AClient::stop() {
diff --git a/libraries/SocketWrapper/src/AClient.h b/libraries/SocketWrapper/src/AClient.h
@@ -32,7 +32,7 @@ class AClient : public Client {
   virtual int connect(IPAddress ip, uint16_t port);
   virtual int connect(const char *host, uint16_t port);
   int connectSSL(IPAddress ip, uint16_t port);
-  int connectSSL(const char* host, uint16_t port, bool disableSNI = false);
+  int connectSSL(const char* host, uint16_t port);
   virtual void stop();
 
   virtual explicit operator bool();
diff --git a/libraries/SocketWrapper/src/MbedClient.cpp b/libraries/SocketWrapper/src/MbedClient.cpp
@@ -186,15 +186,7 @@ int arduino::MbedClient::connectSSL(IPAddress ip, uint16_t port) {
   return connectSSL(SocketHelpers::socketAddressFromIpAddress(ip, port));
 }
 
-int arduino::MbedClient::connectSSL(const char *host, uint16_t port, bool disableSNI) {
-  if (!disableSNI) {
-    if (sock == nullptr) {
-      sock = new TLSSocket();
-      _own_socket = true;
-    }
-    static_cast<TLSSocket *>(sock)->set_hostname(host);
-  }
-
+int arduino::MbedClient::connectSSL(const char *host, uint16_t port) {
   SocketAddress socketAddress = SocketAddress();
   socketAddress.set_port(port);
   SocketHelpers::gethostbyname(getNetwork(), host, &socketAddress);
diff --git a/libraries/SocketWrapper/src/MbedClient.h b/libraries/SocketWrapper/src/MbedClient.h
@@ -56,7 +56,7 @@ class MbedClient {
   virtual int connect(const char* host, uint16_t port);
   int connectSSL(SocketAddress socketAddress);
   int connectSSL(IPAddress ip, uint16_t port);
-  int connectSSL(const char* host, uint16_t port, bool disableSNI = false);
+  int connectSSL(const char* host, uint16_t port);
   size_t write(uint8_t);
   size_t write(const uint8_t* buf, size_t size);
   int available();
diff --git a/libraries/SocketWrapper/src/MbedSSLClient.h b/libraries/SocketWrapper/src/MbedSSLClient.h
@@ -41,7 +41,8 @@ class MbedSSLClient : public arduino::MbedClient {
     return connectSSL(ip, port);
   }
   int connect(const char* host, uint16_t port) {
-    return connectSSL(host, port, _disableSNI);
+    _hostname = host;
+    return connectSSL(host, port);
   }
   void disableSNI(bool statusSNI) {
     _disableSNI = statusSNI;
@@ -53,6 +54,7 @@ class MbedSSLClient : public arduino::MbedClient {
 
 protected:
   const char* _ca_cert_custom = NULL;
+  const char* _hostname = NULL;
 
 private:
   int setRootCA() {
@@ -79,6 +81,10 @@ class MbedSSLClient : public arduino::MbedClient {
     }
 #endif
 
+    if(_hostname && !_disableSNI) {
+      ((TLSSocket*)sock)->set_hostname(_hostname);
+    }
+
     if(_ca_cert_custom != NULL) {
       err = ((TLSSocket*)sock)->append_root_ca_cert(_ca_cert_custom);
     }

Original file line number	Diff line number	Diff line change
`@@ -46,11 +46,11 @@ int arduino::AClient::connectSSL(IPAddress ip, uint16_t port) {`
`46`	`46`	`return client->connectSSL(ip, port);`
`47`	`47`	`}`
`48`	`48`
`49`		`-int arduino::AClient::connectSSL(const char *host, uint16_t port, bool disableSNI) {`
	`49`	`+int arduino::AClient::connectSSL(const char *host, uint16_t port) {`
`50`	`50`	`if (!client) {`
`51`	`51`	`newMbedClient();`
`52`	`52`	`}`
`53`		`- return client->connectSSL(host, port, disableSNI);`
	`53`	`+ return client->connectSSL(host, port);`
`54`	`54`	`}`
`55`	`55`
`56`	`56`	`void arduino::AClient::stop() {`
Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,8 @@ class MbedSSLClient : public arduino::MbedClient {`
`41`	`41`	`return connectSSL(ip, port);`
`42`	`42`	`}`
`43`	`43`	`int connect(const char* host, uint16_t port) {`
`44`		`- return connectSSL(host, port, _disableSNI);`
	`44`	`+ _hostname = host;`
	`45`	`+ return connectSSL(host, port);`
`45`	`46`	`}`
`46`	`47`	`void disableSNI(bool statusSNI) {`
`47`	`48`	`_disableSNI = statusSNI;`
`@@ -53,6 +54,7 @@ class MbedSSLClient : public arduino::MbedClient {`
`53`	`54`
`54`	`55`	`protected:`
`55`	`56`	`const char* _ca_cert_custom = NULL;`
	`57`	`+ const char* _hostname = NULL;`
`56`	`58`
`57`	`59`	`private:`
`58`	`60`	`int setRootCA() {`
`@@ -79,6 +81,10 @@ class MbedSSLClient : public arduino::MbedClient {`
`79`	`81`	`}`
`80`	`82`	`#endif`
`81`	`83`
	`84`	`+ if(_hostname && !_disableSNI) {`
	`85`	`+ ((TLSSocket*)sock)->set_hostname(_hostname);`
	`86`	`+ }`
	`87`	`+`
`82`	`88`	`if(_ca_cert_custom != NULL) {`
`83`	`89`	`err = ((TLSSocket*)sock)->append_root_ca_cert(_ca_cert_custom);`
`84`	`90`	`}`