yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2026-04-04 14:08:39 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #6299 from xkqian/tls13_add_servername_check

Browse source 
Add server name check when proposing pre-share key
This commit is contained in:
Ronald Cron 2022-10-13 16:00:59 +02:00 committed by GitHub
commit 49e4184812
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 217 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

15
programs/ssl/ssl_client2.c
View file

@ -405,6 +405,7 @@ int main( void )
" exchanges=%%d default: 1\n" \
" reconnect=%%d number of reconnections using session resumption\n" \
" default: 0 (disabled)\n" \
" reco_server_name=%%s default: localhost\n" \
" reco_delay=%%d default: 0 seconds\n" \
" reco_mode=%%d 0: copy session, 1: serialize session\n" \
" default: 1\n" \
@ -498,6 +499,7 @@ struct options
int recsplit; /* enable record splitting? */
int dhmlen; /* minimum DHM params len in bits */
int reconnect; /* attempt to resume session */
const char *reco_server_name; /* hostname of the server (re-connect) */
int reco_delay; /* delay in seconds before resuming session */
int reco_mode; /* how to keep the session around */
int reconnect_hard; /* unexpectedly reconnect from the same port */
@ -923,6 +925,7 @@ int main( int argc, char *argv[] )
opt.recsplit = DFL_RECSPLIT;
opt.dhmlen = DFL_DHMLEN;
opt.reconnect = DFL_RECONNECT;
opt.reco_server_name = DFL_SERVER_NAME;
opt.reco_delay = DFL_RECO_DELAY;
opt.reco_mode = DFL_RECO_MODE;
opt.reconnect_hard = DFL_RECONNECT_HARD;
@ -1119,6 +1122,8 @@ int main( int argc, char *argv[] )
if( opt.reconnect < 0 || opt.reconnect > 2 )
goto usage;
}
else if( strcmp( p, "rec_server_name" ) == 0 )
opt.reco_server_name = q;
else if( strcmp( p, "reco_delay" ) == 0 )
{
opt.reco_delay = atoi( q );
@ -3113,6 +3118,16 @@ reconnect:
goto exit;
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
if( ( ret = mbedtls_ssl_set_hostname( &ssl,
opt.reco_server_name ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
ret );
goto exit;
}
#endif
if( ( ret = mbedtls_net_connect( &server_fd,
opt.server_addr, opt.server_port,
opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?