enables wolfSSL_SNI_GetRequest() at client side.

2017-11-13 13:58:14 -02:00 · 2017-11-13 13:58:14 -02:00 · a23b65751d
parent 3b0d415ad9
commit a23b65751d
2 changed files with 16 additions and 3 deletions
--- a/src/tls.c
+++ b/src/tls.c
@ -1562,8 +1562,21 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
            if (!extension || !extension->data)
                return TLSX_HandleUnsupportedExtension(ssl);

-            return length ? BUFFER_ERROR /* SNI response MUST be empty. */
-                          : 0;           /* nothing else to do.         */
+            if (length > 0)
+                return BUFFER_ERROR; /* SNI response MUST be empty. */
+
+            /* This call enables wolfSSL_SNI_GetRequest() to be called in the
+             * client side to fetch the used SNI. It will only work if the SNI
+             * was set at the SSL object level. Right now we only support one
+             * name type, WOLFSSL_SNI_HOST_NAME, but in the future, the
+             * inclusion of other name types will turn this method inacurate, as
+             * the extension response doesn't contains information of wich name
+             * was accepted.
+             */
+            TLSX_SNI_SetStatus(ssl->extensions, WOLFSSL_SNI_HOST_NAME,
+                                                        WOLFSSL_SNI_REAL_MATCH);
+
+            return 0;
        #endif
    }

--- a/tests/api.c
+++ b/tests/api.c
@ -1806,7 +1806,7 @@ static void test_wolfSSL_UseSNI_connection(void)
        {0, use_SNI_at_ctx, 0, verify_SNI_real_matching},

        /* success case at ssl */
-        {0, 0, use_SNI_at_ssl, 0},
+        {0, 0, use_SNI_at_ssl, verify_SNI_real_matching},
        {0, 0, use_SNI_at_ssl, verify_SNI_real_matching},

        /* default missmatch behavior */