From a23b65751df44f0f83e535348e6eb319edd900e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 13 Nov 2017 13:58:14 -0200 Subject: [PATCH] enables wolfSSL_SNI_GetRequest() at client side. --- src/tls.c | 17 +++++++++++++++-- tests/api.c | 2 +- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/src/tls.c b/src/tls.c index e8495bd41..b2db15893 100644 --- a/src/tls.c +++ b/src/tls.c @@ -1562,8 +1562,21 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length, if (!extension || !extension->data) return TLSX_HandleUnsupportedExtension(ssl); - return length ? BUFFER_ERROR /* SNI response MUST be empty. */ - : 0; /* nothing else to do. */ + if (length > 0) + return BUFFER_ERROR; /* SNI response MUST be empty. */ + + /* This call enables wolfSSL_SNI_GetRequest() to be called in the + * client side to fetch the used SNI. It will only work if the SNI + * was set at the SSL object level. Right now we only support one + * name type, WOLFSSL_SNI_HOST_NAME, but in the future, the + * inclusion of other name types will turn this method inacurate, as + * the extension response doesn't contains information of wich name + * was accepted. + */ + TLSX_SNI_SetStatus(ssl->extensions, WOLFSSL_SNI_HOST_NAME, + WOLFSSL_SNI_REAL_MATCH); + + return 0; #endif } diff --git a/tests/api.c b/tests/api.c index ee2528487..b934c1024 100644 --- a/tests/api.c +++ b/tests/api.c @@ -1806,7 +1806,7 @@ static void test_wolfSSL_UseSNI_connection(void) {0, use_SNI_at_ctx, 0, verify_SNI_real_matching}, /* success case at ssl */ - {0, 0, use_SNI_at_ssl, 0}, + {0, 0, use_SNI_at_ssl, verify_SNI_real_matching}, {0, 0, use_SNI_at_ssl, verify_SNI_real_matching}, /* default missmatch behavior */