commit 705fcca409777ac730952375106c081654ba8901
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Sep 23 20:04:20 2013 +0200
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue Sep 24 21:25:54 2013 +0200
tree 50d36c97eb955fb9c949d4b5ab7c1d0f07549da1
parent d09453c88c970059a2754d420523f577ab5deda8

Adapt support for SNI to recent changes

library/ssl_srv.c

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index df7709b..e291c53 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -338,6 +338,26 @@
 #endif /* POLARSSL_SSL_SESSION_TICKETS */
 
 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
+/*
+ * Wrapper around f_sni, allowing use of
+ * ssl_set_own_cert() but making it act on ssl->hanshake->key_cert instead.
+ */
+static int ssl_sni_wrapper( ssl_context *ssl,
+                            const unsigned char* name, size_t len )
+{
+    int ret;
+    ssl_key_cert *key_cert_ori = ssl->key_cert;
+
+    ssl->key_cert = NULL;
+    ret = ssl->f_sni( ssl->p_sni, ssl, name, len );
+    ssl->handshake->key_cert = ssl->key_cert;
+    ssl->handshake->free_key_cert = 1;
+
+    ssl->key_cert = key_cert_ori;
+
+    return( ret );
+}
+
 static int ssl_parse_servername_ext( ssl_context *ssl,
                                      const unsigned char *buf,
                                      size_t len )
@@ -365,7 +385,7 @@
 
         if( p[0] == TLS_EXT_SERVERNAME_HOSTNAME )
         {
-            ret = ssl->f_sni( ssl->p_sni, ssl, p + 3, hostname_len );
+            ret = ssl_sni_wrapper( ssl, p + 3, hostname_len );
             if( ret != 0 )
             {
                 ssl_send_alert_message( ssl, SSL_ALERT_LEVEL_FATAL,