commit 5701cdcd029bf64592e8d302e288b2fed2c343a5
author Paul Bakker <p.j.bakker@polarssl.org> Thu Sep 27 21:49:42 2012 +0000
committer Paul Bakker <p.j.bakker@polarssl.org> Thu Sep 27 21:49:42 2012 +0000
tree 03af4bc6772a20877914b86e594d3be6721b7e26
parent f918310193d3042bcf91218e8a8ad15a236c7cad

 - Added ServerName extension parsing (SNI) at server side

include/polarssl/ssl.h

diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 62ffba2..094a120 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -227,6 +227,7 @@
 #define SSL_ALERT_MSG_USER_CANCELED         90  /* 0x5A */
 #define SSL_ALERT_MSG_NO_RENEGOTIATION     100  /* 0x64 */
 #define SSL_ALERT_MSG_UNSUPPORTED_EXT      110  /* 0x6E */
+#define SSL_ALERT_MSG_UNRECOGNIZED_NAME    112  /* 0x70 */
 
 #define SSL_HS_HELLO_REQUEST            0
 #define SSL_HS_CLIENT_HELLO             1
@@ -399,6 +400,7 @@
     int (*f_vrfy)(void *, x509_cert *, int, int);
     int (*f_get_cache)(void *, ssl_session *);
     int (*f_set_cache)(void *, const ssl_session *);
+    int (*f_sni)(void *, ssl_context *, const unsigned char *, size_t);
 
     void *p_rng;                /*!< context for the RNG function     */
     void *p_dbg;                /*!< context for the debug function   */
@@ -407,6 +409,7 @@
     void *p_vrfy;               /*!< context for verification         */
     void *p_get_cache;          /*!< context for cache retrieval      */
     void *p_set_cache;          /*!< context for cache store          */
+    void *p_sni;                /*!< context for SNI extension        */
 
     /*
      * Session layer
@@ -780,7 +783,8 @@
 #endif
 
 /**
- * \brief          Set hostname for ServerName TLS Extension
+ * \brief          Set hostname for ServerName TLS extension
+ *                 (client-side only)
  *                 
  *
  * \param ssl      SSL context
@@ -791,6 +795,30 @@
 int ssl_set_hostname( ssl_context *ssl, const char *hostname );
 
 /**
+ * \brief          Set server side ServerName TLS extension callback
+ *                 (optional, server-side only).
+ *
+ *                 If set, the ServerName callback is called whenever the
+ *                 server receives a ServerName TLS extension from the client
+ *                 during a handshake. The ServerName callback has the
+ *                 following parameters: (void *parameter, ssl_context *ssl,
+ *                 const unsigned char *hostname, size_t len). If a suitable
+ *                 certificate is found, the callback should set the
+ *                 certificate and key to use with ssl_set_own_cert() (and
+ *                 possibly adjust the CA chain as well) and return 0. The
+ *                 callback should return -1 to abort the handshake at this
+ *                 point.
+ *
+ * \param ssl      SSL context
+ * \param f_sni    verification function
+ * \param p_sni    verification parameter
+ */
+void ssl_set_sni( ssl_context *ssl,
+                  int (*f_sni)(void *, ssl_context *, const unsigned char *,
+                               size_t),
+                  void *p_sni );
+
+/**
  * \brief          Set the maximum supported version sent from the client side
  * 
  * \param ssl      SSL context