Access ssl->hostname through abstractions
New abstractions to access ssl->hostname:
mbedtls_ssl_has_set_hostname_been_called() (only implemented approximatively
for now), mbedtls_ssl_get_hostname_pointer(), mbedtls_ssl_free_hostname().
Only access ssl->hostname directly in these functions and in
mbedtls_ssl_set_hostname().
Use these abstractions to access the hostname with the opportunity for
extra checks in mbedtls_ssl_verify_certificate().
No behavior change except for a new log message.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 3a40b4b..fdc1719 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -1214,6 +1214,18 @@
return 4;
}
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+/** Get the host name from the SSL context.
+ *
+ * \param[in] ssl SSL context
+ *
+ * \return The \p hostname pointer from the SSL context.
+ * \c NULL if mbedtls_ssl_set_hostname() has never been called on
+ * \p ssl or if it was last called with \p NULL.
+ */
+const char *mbedtls_ssl_get_hostname_pointer(const mbedtls_ssl_context *ssl);
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+
#if defined(MBEDTLS_SSL_PROTO_DTLS)
void mbedtls_ssl_send_flight_completed(mbedtls_ssl_context *ssl);
void mbedtls_ssl_recv_flight_completed(mbedtls_ssl_context *ssl);