Add support of server name extension to server side
Change-Id: Iccf5017e306ba6ead2e1026a29f397ead084cc4d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 5331865..29a33f4 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -8210,4 +8210,55 @@
}
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+int mbedtls_ssl_parse_servername_ext( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ const unsigned char *end )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ const unsigned char *p = buf;
+ size_t servername_list_size, hostname_len;
+ const unsigned char *servername_end;
+
+ if( ssl->conf->p_sni == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "No SNI callback configured. Skip SNI parsing." ) );
+ return( 0 );
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Parse ServerName extension" ) );
+
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
+ servername_list_size = MBEDTLS_GET_UINT16_BE( p, 0 );
+ p += 2;
+
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, servername_list_size );
+ servername_end = p + servername_list_size;
+ while ( p < servername_end )
+ {
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, servername_end, 3 );
+ hostname_len = MBEDTLS_GET_UINT16_BE( p, 1 );
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, servername_end, hostname_len + 3 );
+
+ if( p[0] == MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME )
+ {
+ ret = ssl->conf->f_sni( ssl->conf->p_sni,
+ ssl, p + 3, hostname_len );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "sni_wrapper", ret );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME );
+ return( MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME );
+ }
+ return( 0 );
+ }
+
+ p += hostname_len + 3;
+ }
+
+ return( 0 );
+}
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+
#endif /* MBEDTLS_SSL_TLS_C */