Add MBEDTLS_SSL_SESSION_TICKETS guard to server name check
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
diff --git a/library/ssl_client.c b/library/ssl_client.c
index 48a19c9..baf82a6 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -872,6 +872,7 @@
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
+ defined(MBEDTLS_SSL_SESSION_TICKETS) && \
defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
ssl->handshake->resume )
@@ -885,14 +886,18 @@
if( hostname_mismatch )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "hostname mismatch the session ticket, should not resume " ) );
+ ( "hostname mismatch the session ticket,"
+ " should not resume " ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
}
else
- mbedtls_ssl_session_set_hostname( ssl->session_negotiate,
- ssl->hostname );
+ {
+ return mbedtls_ssl_session_set_hostname( ssl->session_negotiate,
+ ssl->hostname );
+ }
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 &&
+ MBEDTLS_SSL_SESSION_TICKETS &&
MBEDTLS_SSL_SERVER_NAME_INDICATION */
return( 0 );
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index f20897d..6ba9ad5 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -2495,7 +2495,9 @@
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
+ defined(MBEDTLS_SSL_SESSION_TICKETS) && \
defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_session_set_hostname( mbedtls_ssl_session *session,
const char *hostname );
#endif
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 062259b..6563b90 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -298,13 +298,14 @@
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
+ defined(MBEDTLS_SSL_SESSION_TICKETS) && \
defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
defined(MBEDTLS_SSL_CLI_C)
if( src->endpoint == MBEDTLS_SSL_IS_CLIENT )
{
dst->hostname = NULL;
- mbedtls_ssl_session_set_hostname( dst,
- src->hostname );
+ return mbedtls_ssl_session_set_hostname( dst,
+ src->hostname );
}
#endif
@@ -1973,6 +1974,7 @@
{
unsigned char *p = buf;
#if defined(MBEDTLS_SSL_CLI_C) && \
+ defined(MBEDTLS_SSL_SESSION_TICKETS) && \
defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
size_t hostname_len = ( session->hostname == NULL ) ?
0 : strlen( session->hostname );
@@ -1995,7 +1997,8 @@
#if defined(MBEDTLS_SSL_CLI_C)
if( session->endpoint == MBEDTLS_SSL_IS_CLIENT )
{
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \
+ defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
needed += 2 /* hostname_len */
+ hostname_len; /* hostname */
#endif
@@ -2026,7 +2029,9 @@
memcpy( p, session->resumption_key, session->resumption_key_len );
p += session->resumption_key_len;
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && defined(MBEDTLS_SSL_CLI_C)
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
+ defined(MBEDTLS_SSL_SESSION_TICKETS) && \
+ defined(MBEDTLS_SSL_CLI_C)
if( session->endpoint == MBEDTLS_SSL_IS_CLIENT )
{
MBEDTLS_PUT_UINT16_BE( hostname_len, p, 0 );
@@ -2039,7 +2044,9 @@
p += hostname_len;
}
}
-#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION && MBEDTLS_SSL_CLI_C */
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION &&
+ MBEDTLS_SSL_SESSION_TICKETS &&
+ MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C)
if( session->endpoint == MBEDTLS_SSL_IS_SERVER )
@@ -2099,7 +2106,9 @@
memcpy( session->resumption_key, p, session->resumption_key_len );
p += session->resumption_key_len;
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && defined(MBEDTLS_SSL_CLI_C)
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
+ defined(MBEDTLS_SSL_SESSION_TICKETS) && \
+ defined(MBEDTLS_SSL_CLI_C)
if( session->endpoint == MBEDTLS_SSL_IS_CLIENT )
{
size_t hostname_len;
@@ -2120,7 +2129,9 @@
p += hostname_len;
}
}
-#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION && MBEDTLS_SSL_CLI_C */
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION &&
+ MBEDTLS_SSL_SESSION_TICKETS &&
+ MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C)
if( session->endpoint == MBEDTLS_SSL_IS_SERVER )
@@ -8862,6 +8873,7 @@
#endif /* MBEDTLS_SSL_ALPN */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
+ defined(MBEDTLS_SSL_SESSION_TICKETS) && \
defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
int mbedtls_ssl_session_set_hostname( mbedtls_ssl_session *session,
const char *hostname )
@@ -8904,6 +8916,8 @@
return( 0 );
}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SERVER_NAME_INDICATION */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 &&
+ MBEDTLS_SSL_SESSION_TICKETS &&
+ MBEDTLS_SSL_SERVER_NAME_INDICATION */
#endif /* MBEDTLS_SSL_TLS_C */