Access ssl->hostname through abstractions
New abstractions to access ssl->hostname:
mbedtls_ssl_has_set_hostname_been_called() (only implemented approximatively
for now), mbedtls_ssl_get_hostname_pointer(), mbedtls_ssl_free_hostname().
Only access ssl->hostname directly in these functions and in
mbedtls_ssl_set_hostname().
Use these abstractions to access the hostname with the opportunity for
extra checks in mbedtls_ssl_verify_certificate().
No behavior change except for a new log message.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 4fde783..2854e00 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -83,19 +83,20 @@
size_t *olen)
{
unsigned char *p = buf;
+ const char *hostname = mbedtls_ssl_get_hostname_pointer(ssl);
size_t hostname_len;
*olen = 0;
- if (ssl->hostname == NULL) {
+ if (hostname == NULL) {
return 0;
}
MBEDTLS_SSL_DEBUG_MSG(3,
("client hello, adding server name extension: %s",
- ssl->hostname));
+ hostname));
- hostname_len = strlen(ssl->hostname);
+ hostname_len = strlen(hostname);
MBEDTLS_SSL_CHK_BUF_PTR(p, end, hostname_len + 9);
@@ -139,7 +140,7 @@
MBEDTLS_PUT_UINT16_BE(hostname_len, p, 0);
p += 2;
- memcpy(p, ssl->hostname, hostname_len);
+ memcpy(p, hostname, hostname_len);
*olen = hostname_len + 9;