mirror/lwip
1
0
Fork 0
mirror of https://github.com/lwip-tcpip/lwip.git synced 2024-11-16 14:11:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

altcp_tls_mbedtls: Support Server Name Indication

Browse Source 
SNI, or Server Name Indication, is an addition to the TLS encryption
protocol that enables a client device to specify the domain name it is
trying to reach in the first step of the TLS handshake, preventing
common name mismatch errors and not reaching to HTTPS server that
enforce this condition.

Signed-off-by: Javier Tia <javier.tia@linaro.org>
This commit is contained in:
Javier Tia 2024-09-19 13:30:35 -06:00
parent 2e7fb9700a
commit c53c9d0203
No known key found for this signature in database
GPG Key ID: B5EEC30BA867771F
2 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/apps/altcp_tls/altcp_tls_mbedtls.c
View File

@ -106,6 +106,7 @@ struct altcp_tls_config {
u8_t pkey_count;
u8_t pkey_max;
mbedtls_x509_crt *ca;
char host[256];
#if defined(MBEDTLS_SSL_CACHE_C) && ALTCP_MBEDTLS_USE_SESSION_CACHE
/** Inter-connection cache for fast connection startup */
struct mbedtls_ssl_cache_context cache;
@ -643,6 +644,7 @@ altcp_mbedtls_setup(void *conf, struct altcp_pcb *conn, struct altcp_pcb *inner_
/* tell mbedtls about our I/O functions */
mbedtls_ssl_set_bio(&state->ssl_context, conn, altcp_mbedtls_bio_send, altcp_mbedtls_bio_recv, NULL);
mbedtls_ssl_set_hostname(&state->ssl_context, config->host);
altcp_mbedtls_setup_callbacks(conn, inner_conn);
conn->inner_conn = inner_conn;
conn->fns = &altcp_mbedtls_functions;
@ -952,7 +954,7 @@ altcp_tls_create_config_server_privkey_cert(const u8_t *privkey, size_t privkey_
}
static struct altcp_tls_config *
altcp_tls_create_config_client_common(const u8_t *ca, size_t ca_len, int is_2wayauth)
altcp_tls_create_config_client_common(const u8_t *ca, size_t ca_len, int is_2wayauth, char *host)
{
int ret;
struct altcp_tls_config *conf = altcp_tls_create_config(0, (is_2wayauth) ? 1 : 0, (is_2wayauth) ? 1 : 0, ca != NULL);
@ -974,13 +976,15 @@ altcp_tls_create_config_client_common(const u8_t *ca, size_t ca_len, int is_2way
mbedtls_ssl_conf_ca_chain(&conf->conf, conf->ca, NULL);
}
memcpy(conf->host, host, sizeof(conf->host));
return conf;
}
struct altcp_tls_config *
altcp_tls_create_config_client(const u8_t *ca, size_t ca_len)
altcp_tls_create_config_client(const u8_t *ca, size_t ca_len, char *host)
{
return altcp_tls_create_config_client_common(ca, ca_len, 0);
return altcp_tls_create_config_client_common(ca, ca_len, 0, host);
}
struct altcp_tls_config *
@ -996,7 +1000,7 @@ altcp_tls_create_config_client_2wayauth(const u8_t *ca, size_t ca_len, const u8_
return NULL;
}
conf = altcp_tls_create_config_client_common(ca, ca_len, 1);
conf = altcp_tls_create_config_client_common(ca, ca_len, 1, NULL);
if (conf == NULL) {
return NULL;
}

2
src/include/lwip/altcp_tls.h
View File

@ -92,7 +92,7 @@ struct altcp_tls_config *altcp_tls_create_config_server_privkey_cert(const u8_t
/** @ingroup altcp_tls
* Create an ALTCP_TLS client configuration handle
*/
struct altcp_tls_config *altcp_tls_create_config_client(const u8_t *cert, size_t cert_len);
struct altcp_tls_config *altcp_tls_create_config_client(const u8_t *cert, size_t cert_len, char *host);
/** @ingroup altcp_tls
* Create an ALTCP_TLS client configuration handle with two-way server/client authentication