Make SNI host name an ssl_client_new argument

igrr · igrr · commit fe4518da8de8 · 2016-04-19T08:23:15.000+03:00
ssl_set_hostname was mostly useless, because it allowed setting host name of an existing SSL object. However SNI was sent as part of client_hello, which was done in ssl_client_new. So it wasn't possible to actually set host name before connection would start.
diff --git a/ssl/ssl.h b/ssl/ssl.h
@@ -241,10 +241,11 @@ EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd);
  * can be null if no session resumption is being used or required. This option
  * is not used in skeleton mode.
  * @param sess_id_size The size of the session id (max 32)
+ * @param host_name If non-zero, host name to be sent to server for SNI support
  * @return An SSL object reference. Use ssl_handshake_status() to check 
  * if a handshake succeeded.
  */
-EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id, uint8_t sess_id_size);
+EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id, uint8_t sess_id_size, const char* host_name);
 
 /**
  * @brief Free any used resources on this connection. 
@@ -352,16 +353,6 @@ EXP_FUNC int STDCALL ssl_handshake_status(const SSL *ssl);
  */
 EXP_FUNC int STDCALL ssl_get_config(int offset);
 
-/**
- * @brief Sets the hostname to be used for SNI
- * @see https://en.wikipedia.org/wiki/Server_Name_Indication
- * @param char* hostname
- * @return success from the operation
- * - 1 on success
- * - 0 on failure
- */
-EXP_FUNC int STDCALL ssl_set_hostname(SSL *ssl, const char* host_name);
-
 /**
  * @brief Display why the handshake failed.
  *
diff --git a/ssl/tls1.c b/ssl/tls1.c
@@ -251,6 +251,7 @@ EXP_FUNC void STDCALL ssl_free(SSL *ssl)
     disposable_free(ssl);
     certificate_free(ssl);
     free(ssl->bm_all_data);
+    free(ssl->host_name);
     free(ssl);
 }
 
@@ -1876,29 +1877,6 @@ EXP_FUNC int STDCALL ssl_get_config(int offset)
     }
 }
 
-/**
- * Sets the SNI hostname
- */
-EXP_FUNC int STDCALL ssl_set_hostname(SSL *ssl, const char* host_name) {
-    if(host_name == NULL || strlen(host_name) == 0 || strlen(host_name) > 255 ) {
-        return 0;
-    }
-
-    if(ssl->host_name != NULL) {
-        free(ssl->host_name);
-    }
-
-    ssl->host_name = (char *)malloc(strlen(host_name)+1);
-    if(ssl->host_name == NULL) {
-        // most probably there was no memory available
-        return 0;
-    }
-
-    strcpy(ssl->host_name, host_name);
-
-    return 1;
-}
-
 #ifdef CONFIG_SSL_CERT_VERIFICATION
 /**
  * Authenticate a received certificate.
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
@@ -48,7 +48,7 @@ static int send_cert_verify(SSL *ssl);
  * Establish a new SSL connection to an SSL server.
  */
 EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
-        uint8_t *session_id, uint8_t sess_id_size)
+        uint8_t *session_id, uint8_t sess_id_size, const char* host_name)
 {
     SSL *ssl = ssl_new(ssl_ctx, client_fd);
     ssl->version = SSL_PROTOCOL_VERSION_MAX; /* try top version first */
@@ -66,6 +66,10 @@ EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
         SET_SSL_FLAG(SSL_SESSION_RESUME);   /* just flag for later */
     }
 
+    if(host_name != NULL && strlen(host_name) > 0 || strlen(host_name) < 255 ) {
+        ssl->host_name = (char *)strdup(host_name);
+    }
+
     SET_SSL_FLAG(SSL_IS_CLIENT);
     do_client_connect(ssl);
     return ssl;
