commit 40a3523eb7735b34c4b4aa79eeeca5e331809c2c
author XiaokangQian <xiaokang.qian@arm.com> Sat May 07 09:02:40 2022 +0000
committer XiaokangQian <xiaokang.qian@arm.com> Mon May 30 08:07:16 2022 +0000
tree cc458c195d61ac8addc0404c61cdfbe9daa07346
parent 1c1d3550ec82cca4f925ba32ea3dfd0751edb64e

Add support of server name extension to server side

Change-Id: Iccf5017e306ba6ead2e1026a29f397ead084cc4d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>

library/ssl_tls13_server.c

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index f3843b1..9d2c8ec 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -580,6 +580,21 @@
 
         switch( extension_type )
         {
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+            case MBEDTLS_TLS_EXT_SERVERNAME:
+                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ServerName extension" ) );
+                ret = mbedtls_ssl_parse_servername_ext( ssl, p,
+                                                        extension_data_end );
+                if( ret != 0 )
+                {
+                    MBEDTLS_SSL_DEBUG_RET(
+                            1, "mbedtls_ssl_parse_servername_ext", ret );
+                    return( ret );
+                }
+                ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SERVERNAME;
+                break;
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+
 #if defined(MBEDTLS_ECDH_C)
             case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS:
                 MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported group extension" ) );
@@ -1337,6 +1352,11 @@
 {
     int authmode;
 
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+    if( ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET )
+        authmode = ssl->handshake->sni_authmode;
+    else
+#endif
     authmode = ssl->conf->authmode;
 
     if( authmode == MBEDTLS_SSL_VERIFY_NONE )