commit 698940726195eb543059a9701afc8cd18f075d50
author Glenn Strauss <gstrauss@gluelogic.com> Mon Jan 24 12:58:00 2022 -0500
committer Glenn Strauss <gstrauss@gluelogic.com> Fri Feb 25 19:55:53 2022 -0500
tree a2227a8e27230eaaee3e7b07ef1b5ca51bd9f61f
parent 36872dbd0bf49de8371206b8de87fb5e917cc71c

Add accessor to retrieve SNI during handshake

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>

library/ssl_misc.h

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 0656439..4ecf915 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -849,6 +849,11 @@
      * The library does not use it internally. */
     void *user_async_ctx;
 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+    const unsigned char *sni_name;      /*!< raw SNI                        */
+    size_t sni_name_len;                /*!< raw SNI len                    */
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
 };
 
 typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer;

library/ssl_srv.c

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index bd0982c..c757ac8 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -118,6 +118,11 @@
 
         if( p[0] == MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME )
         {
+            ssl->handshake->sni_name = p + 3;
+            ssl->handshake->sni_name_len = hostname_len;
+            if( ssl->conf->f_sni == NULL )
+                return( 0 );
+
             ret = ssl->conf->f_sni( ssl->conf->p_sni,
                                     ssl, p + 3, hostname_len );
             if( ret != 0 )
@@ -1643,9 +1648,6 @@
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
             case MBEDTLS_TLS_EXT_SERVERNAME:
                 MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ServerName extension" ) );
-                if( ssl->conf->f_sni == NULL )
-                    break;
-
                 ret = ssl_parse_servername_ext( ssl, ext + 4, ext_size );
                 if( ret != 0 )
                     return( ret );
@@ -1878,6 +1880,10 @@
         MBEDTLS_SSL_DEBUG_RET( 1, "f_cert_cb", ret );
         return( ret );
     }
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+    ssl->handshake->sni_name = NULL;
+    ssl->handshake->sni_name_len = 0;
+#endif
 
     /*
      * Search for a matching ciphersuite

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 089f239..2220721 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1389,6 +1389,13 @@
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+const unsigned char *mbedtls_ssl_get_hs_sni( mbedtls_ssl_context *ssl,
+                                             size_t *name_len )
+{
+    *name_len = ssl->handshake->sni_name_len;
+    return( ssl->handshake->sni_name );
+}
+
 int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl,
                                  mbedtls_x509_crt *own_cert,
                                  mbedtls_pk_context *pk_key )