70 lines
2.2 KiB
Diff
70 lines
2.2 KiB
Diff
diff -rU 4 a/ssl/Config.in b/ssl/Config.in
|
|
--- a/ssl/Config.in 2014-10-27 13:30:33.000000000 +0300
|
|
+++ b/ssl/Config.in 2015-06-09 18:32:26.000000000 +0300
|
|
@@ -314,8 +314,15 @@
|
|
|
|
Note: not all the API is implemented, so parts may still break. And
|
|
it's definitely not 100% compatible.
|
|
|
|
+config CONFIG_SSL_SNI
|
|
+ bool "Enable SNI"
|
|
+ default y
|
|
+ help
|
|
+ An extension to the TLS.
|
|
+ See 3.1 Server Name Indication at RFC 3546.
|
|
+
|
|
config CONFIG_PERFORMANCE_TESTING
|
|
bool "Build the bigint performance test tool"
|
|
default n
|
|
depends on CONFIG_SSL_CERT_VERIFICATION
|
|
diff -rU 4 a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
|
|
--- a/ssl/tls1_clnt.c 2014-11-07 03:24:28.000000000 +0300
|
|
+++ b/ssl/tls1_clnt.c 2015-06-09 18:32:26.000000000 +0300
|
|
@@ -218,8 +218,30 @@
|
|
}
|
|
|
|
buf[offset++] = 1; /* no compression */
|
|
buf[offset++] = 0;
|
|
+
|
|
+#ifdef CONFIG_SSL_SNI
|
|
+ if (ssl->host_name != NULL) {
|
|
+ unsigned int host_len = strlen(ssl->host_name);
|
|
+
|
|
+ buf[offset++] = 0;
|
|
+ buf[offset++] = host_len+9; /* extensions length */
|
|
+
|
|
+ buf[offset++] = 0;
|
|
+ buf[offset++] = 0; /* server_name(0) (65535) */
|
|
+ buf[offset++] = 0;
|
|
+ buf[offset++] = host_len+5; /* server_name length */
|
|
+ buf[offset++] = 0;
|
|
+ buf[offset++] = host_len+3; /* server_list length */
|
|
+ buf[offset++] = 0; /* host_name(0) (255) */
|
|
+ buf[offset++] = 0;
|
|
+ buf[offset++] = host_len; /* host_name length */
|
|
+ strncpy((char*) &buf[offset], ssl->host_name, host_len);
|
|
+ offset += host_len;
|
|
+ }
|
|
+#endif
|
|
+
|
|
buf[3] = offset - 4; /* handshake size */
|
|
|
|
return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
|
|
}
|
|
diff -rU 4 a/ssl/tls1.h b/ssl/tls1.h
|
|
--- a/ssl/tls1.h 2015-04-30 08:41:49.000000000 +0300
|
|
+++ b/ssl/tls1.h 2015-06-09 18:32:26.000000000 +0300
|
|
@@ -195,8 +195,12 @@
|
|
uint8_t server_mac[SHA1_SIZE]; /* for HMAC verification */
|
|
uint8_t read_sequence[8]; /* 64 bit sequence number */
|
|
uint8_t write_sequence[8]; /* 64 bit sequence number */
|
|
uint8_t hmac_header[SSL_RECORD_SIZE]; /* rx hmac */
|
|
+
|
|
+#ifdef CONFIG_SSL_SNI
|
|
+ const char* host_name;
|
|
+#endif
|
|
};
|
|
|
|
typedef struct _SSL SSL;
|
|
|