Keep track of whether mbedtls_ssl_set_hostname() has been called
No behavior change apart from now emitting a different log message depending
on whether mbedtls_ssl_set_hostname() has been called with NULL or not at all.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 9f91861..2d54172 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -51,6 +51,12 @@
#define MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED
#endif
+/** Flag values for mbedtls_ssl_context::flags. */
+typedef enum {
+ /** Set if mbedtls_ssl_set_hostname() has been called. */
+ MBEDTLS_SSL_CONTEXT_FLAG_HOSTNAME_SET = 1,
+} mbedtls_ssl_context_flags_t;
+
#define MBEDTLS_SSL_INITIAL_HANDSHAKE 0
#define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */
#define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index dd1beb9..998cac2 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2529,12 +2529,7 @@
static int mbedtls_ssl_has_set_hostname_been_called(
const mbedtls_ssl_context *ssl)
{
- /* We can't tell the difference between the case where
- * mbedtls_ssl_set_hostname() has not been called at all, and
- * the case where it was last called with NULL. For the time
- * being, we assume the latter, i.e. we behave as if there had
- * been an implicit call to mbedtls_ssl_set_hostname(ssl, NULL). */
- return ssl->hostname != NULL;
+ return (ssl->flags & MBEDTLS_SSL_CONTEXT_FLAG_HOSTNAME_SET) != 0;
}
#endif
@@ -2580,6 +2575,8 @@
ssl->hostname[hostname_len] = '\0';
}
+ ssl->flags |= MBEDTLS_SSL_CONTEXT_FLAG_HOSTNAME_SET;
+
return 0;
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */