commit 705fcca409777ac730952375106c081654ba8901
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Sep 23 20:04:20 2013 +0200
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue Sep 24 21:25:54 2013 +0200
tree 50d36c97eb955fb9c949d4b5ab7c1d0f07549da1
parent d09453c88c970059a2754d420523f577ab5deda8

Adapt support for SNI to recent changes

library/ssl_srv.c

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index df7709b..e291c53 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -338,6 +338,26 @@
 #endif /* POLARSSL_SSL_SESSION_TICKETS */
 
 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
+/*
+ * Wrapper around f_sni, allowing use of
+ * ssl_set_own_cert() but making it act on ssl->hanshake->key_cert instead.
+ */
+static int ssl_sni_wrapper( ssl_context *ssl,
+                            const unsigned char* name, size_t len )
+{
+    int ret;
+    ssl_key_cert *key_cert_ori = ssl->key_cert;
+
+    ssl->key_cert = NULL;
+    ret = ssl->f_sni( ssl->p_sni, ssl, name, len );
+    ssl->handshake->key_cert = ssl->key_cert;
+    ssl->handshake->free_key_cert = 1;
+
+    ssl->key_cert = key_cert_ori;
+
+    return( ret );
+}
+
 static int ssl_parse_servername_ext( ssl_context *ssl,
                                      const unsigned char *buf,
                                      size_t len )
@@ -365,7 +385,7 @@
 
         if( p[0] == TLS_EXT_SERVERNAME_HOSTNAME )
         {
-            ret = ssl->f_sni( ssl->p_sni, ssl, p + 3, hostname_len );
+            ret = ssl_sni_wrapper( ssl, p + 3, hostname_len );
             if( ret != 0 )
             {
                 ssl_send_alert_message( ssl, SSL_ALERT_LEVEL_FATAL,

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index cafdcf0..a94751b 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4136,6 +4136,27 @@
     memset( transform, 0, sizeof( ssl_transform ) );
 }
 
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+static void ssl_key_cert_free( ssl_key_cert *key_cert )
+{
+    ssl_key_cert *cur = key_cert, *next;
+
+    while( cur != NULL )
+    {
+        next = cur->next;
+
+        if( cur->key_own_alloc )
+        {
+            pk_free( cur->key );
+            polarssl_free( cur->key );
+        }
+        polarssl_free( cur );
+
+        cur = next;
+    }
+}
+#endif /* POLARSSL_X509_CRT_PARSE_C */
+
 void ssl_handshake_free( ssl_handshake_params *handshake )
 {
 #if defined(POLARSSL_DHM_C)
@@ -4149,6 +4170,11 @@
     polarssl_free( handshake->curves );
 #endif
 
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+    if( handshake->free_key_cert != 0 )
+        ssl_key_cert_free( handshake->key_cert );
+#endif
+
     memset( handshake, 0, sizeof( ssl_handshake_params ) );
 }
 
@@ -4242,25 +4268,8 @@
 #endif
 
 #if defined(POLARSSL_X509_CRT_PARSE_C)
-    if( ssl->key_cert != NULL )
-    {
-        ssl_key_cert *cur = ssl->key_cert, *next;
-
-        while( cur != NULL )
-        {
-            next = cur->next;
-
-            if( cur->key_own_alloc )
-            {
-                pk_free( cur->key );
-                polarssl_free( cur->key );
-            }
-            polarssl_free( cur );
-
-            cur = next;
-        }
-    }
-#endif /* POLARSSL_X509_CRT_PARSE_C */
+    ssl_key_cert_free( ssl->key_cert );
+#endif
 
 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
     if( ssl_hw_record_finish != NULL )