Make function mbedtls_ssl_set_hostname(...) as optional
Now function mbedtls_ssl_set_hostname is compile-time configurable
in config.h with define MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION.
This affects to many x509 API's. See config.h for details.
diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index 39a9f76..b31090f 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@@ -222,12 +222,13 @@
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
goto exit;
}
-
+#if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION)
if( ( ret = mbedtls_ssl_set_hostname( &ssl, SERVER_NAME ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
goto exit;
}
+#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */
#if !defined(MBEDTLS_SSL_CONF_RECV) && \
!defined(MBEDTLS_SSL_CONF_SEND) && \
diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c
index 87c48ff..7d86854 100644
--- a/programs/ssl/mini_client.c
+++ b/programs/ssl/mini_client.c
@@ -250,7 +250,7 @@
goto exit;
}
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION)
if( mbedtls_ssl_set_hostname( &ssl, HOSTNAME ) != 0 )
{
ret = hostname_failed;
diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c
index cf10ba1..c179419 100644
--- a/programs/ssl/query_config.c
+++ b/programs/ssl/query_config.c
@@ -1570,6 +1570,14 @@
}
#endif /* MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID */
+#if defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION)
+ if( strcmp( "MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION );
+ return( 0 );
+ }
+#endif /* MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */
+
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
if( strcmp( "MBEDTLS_X509_RSASSA_PSS_SUPPORT", config ) == 0 )
{
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index 8629980..9922a7e 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -210,11 +210,13 @@
goto exit;
}
+#if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION)
if( ( ret = mbedtls_ssl_set_hostname( &ssl, SERVER_NAME ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
goto exit;
}
+#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */
#if !defined(MBEDTLS_SSL_CONF_RECV) && \
!defined(MBEDTLS_SSL_CONF_SEND) && \
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index a7fd259..2aa4950 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -2053,7 +2053,7 @@
goto exit;
}
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION)
if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 205c93e..24000a2 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -662,11 +662,13 @@
goto exit;
}
+#if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION)
if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
goto exit;
}
+#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */
#if !defined(MBEDTLS_SSL_CONF_RECV) && \
!defined(MBEDTLS_SSL_CONF_SEND) && \
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index 9b40fa7..74efea3 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -363,8 +363,11 @@
{
mbedtls_printf( " . Verifying X.509 certificate..." );
- if( ( ret = mbedtls_x509_crt_verify( &crt, &cacert, &cacrl, NULL, &flags,
- my_verify, NULL ) ) != 0 )
+ if( ( ret = mbedtls_x509_crt_verify( &crt, &cacert, &cacrl,
+#if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION)
+ NULL,
+#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */
+ &flags, my_verify, NULL ) ) != 0 )
{
char vrfy_buf[512];
@@ -453,12 +456,13 @@
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
goto ssl_exit;
}
-
+#if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION)
if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
goto ssl_exit;
}
+#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */
#if !defined(MBEDTLS_SSL_CONF_RECV) && \
!defined(MBEDTLS_SSL_CONF_SEND) && \