mirror of
https://github.com/lwip-tcpip/lwip.git
synced 2024-12-24 15:14:06 +00:00
altcp_tls_mbedtls: Support Server Name Indication
SNI, or Server Name Indication, is an addition to the TLS encryption protocol that enables a client device to specify the domain name it is trying to reach in the first step of the TLS handshake, preventing common name mismatch errors and not reaching to HTTPS server that enforce this condition. Signed-off-by: Javier Tia <javier.tia@linaro.org>
This commit is contained in:
parent
2e7fb9700a
commit
c53c9d0203
@ -106,6 +106,7 @@ struct altcp_tls_config {
|
||||
u8_t pkey_count;
|
||||
u8_t pkey_max;
|
||||
mbedtls_x509_crt *ca;
|
||||
char host[256];
|
||||
#if defined(MBEDTLS_SSL_CACHE_C) && ALTCP_MBEDTLS_USE_SESSION_CACHE
|
||||
/** Inter-connection cache for fast connection startup */
|
||||
struct mbedtls_ssl_cache_context cache;
|
||||
@ -643,6 +644,7 @@ altcp_mbedtls_setup(void *conf, struct altcp_pcb *conn, struct altcp_pcb *inner_
|
||||
/* tell mbedtls about our I/O functions */
|
||||
mbedtls_ssl_set_bio(&state->ssl_context, conn, altcp_mbedtls_bio_send, altcp_mbedtls_bio_recv, NULL);
|
||||
|
||||
mbedtls_ssl_set_hostname(&state->ssl_context, config->host);
|
||||
altcp_mbedtls_setup_callbacks(conn, inner_conn);
|
||||
conn->inner_conn = inner_conn;
|
||||
conn->fns = &altcp_mbedtls_functions;
|
||||
@ -952,7 +954,7 @@ altcp_tls_create_config_server_privkey_cert(const u8_t *privkey, size_t privkey_
|
||||
}
|
||||
|
||||
static struct altcp_tls_config *
|
||||
altcp_tls_create_config_client_common(const u8_t *ca, size_t ca_len, int is_2wayauth)
|
||||
altcp_tls_create_config_client_common(const u8_t *ca, size_t ca_len, int is_2wayauth, char *host)
|
||||
{
|
||||
int ret;
|
||||
struct altcp_tls_config *conf = altcp_tls_create_config(0, (is_2wayauth) ? 1 : 0, (is_2wayauth) ? 1 : 0, ca != NULL);
|
||||
@ -974,13 +976,15 @@ altcp_tls_create_config_client_common(const u8_t *ca, size_t ca_len, int is_2way
|
||||
|
||||
mbedtls_ssl_conf_ca_chain(&conf->conf, conf->ca, NULL);
|
||||
}
|
||||
|
||||
memcpy(conf->host, host, sizeof(conf->host));
|
||||
return conf;
|
||||
}
|
||||
|
||||
struct altcp_tls_config *
|
||||
altcp_tls_create_config_client(const u8_t *ca, size_t ca_len)
|
||||
altcp_tls_create_config_client(const u8_t *ca, size_t ca_len, char *host)
|
||||
{
|
||||
return altcp_tls_create_config_client_common(ca, ca_len, 0);
|
||||
return altcp_tls_create_config_client_common(ca, ca_len, 0, host);
|
||||
}
|
||||
|
||||
struct altcp_tls_config *
|
||||
@ -996,7 +1000,7 @@ altcp_tls_create_config_client_2wayauth(const u8_t *ca, size_t ca_len, const u8_
|
||||
return NULL;
|
||||
}
|
||||
|
||||
conf = altcp_tls_create_config_client_common(ca, ca_len, 1);
|
||||
conf = altcp_tls_create_config_client_common(ca, ca_len, 1, NULL);
|
||||
if (conf == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
@ -92,7 +92,7 @@ struct altcp_tls_config *altcp_tls_create_config_server_privkey_cert(const u8_t
|
||||
/** @ingroup altcp_tls
|
||||
* Create an ALTCP_TLS client configuration handle
|
||||
*/
|
||||
struct altcp_tls_config *altcp_tls_create_config_client(const u8_t *cert, size_t cert_len);
|
||||
struct altcp_tls_config *altcp_tls_create_config_client(const u8_t *cert, size_t cert_len, char *host);
|
||||
|
||||
/** @ingroup altcp_tls
|
||||
* Create an ALTCP_TLS client configuration handle with two-way server/client authentication
|
||||
|
Loading…
Reference in New Issue
Block a user