Expose mbedtls_ssl_get_hostname_pointer() In 2.28, the `hostname` field of `mbedtls_ssl_context` is part of the public API. We've slightly changed its meaning in order to fix a security issue. Document the new function mbedtls_ssl_get_hostname_pointer() which returns what used to be the value of this field. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

commit: 6310e98fa54fffb28b646875938c810cad1790fe [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Thu Feb 20 17:44:48 2025 +0100
committer: Gilles Peskine <Gilles.Peskine@arm.com> Tue Feb 25 18:47:55 2025 +0100
tree: ddd938880d5648c744c11880cfa315d839ded324
parent: 7d193acf01c559a69359fd47f718f723c28d948a [diff] [blame]
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 541fcc8..f89f470 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h

@@ -1449,7 +1449,10 @@
      *  \p hostname argument.
      * - A special value to indicate that mbedtls_ssl_set_hostname()
      *   was called with \p NULL (as opposed to never having been called).
-     *   See `mbedtls_ssl_get_hostname_pointer()` in `ssl_tls.c`.
+     *
+     * If you need to obtain the value passed to
+     * mbedtls_ssl_set_hostname() even if it may have been called with
+     * \p NULL, call mbedtls_ssl_get_hostname_pointer().
      *
      * If this field contains the value \p NULL and the configuration option
      * #MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
commit	6310e98fa54fffb28b646875938c810cad1790fe	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Thu Feb 20 17:44:48 2025 +0100
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Tue Feb 25 18:47:55 2025 +0100
tree	ddd938880d5648c744c11880cfa315d839ded324
parent	7d193acf01c559a69359fd47f718f723c28d948a [diff] [blame]