Make function mbedtls_ssl_set_hostname(...) as optional
Now function mbedtls_ssl_set_hostname is compile-time configurable
in config.h with define MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION.
This affects to many x509 API's. See config.h for details.
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 5ad73d6..71dba36 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -3925,6 +3925,7 @@
-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
+requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION
run_test "SNI: matching cert 1" \
"$P_SRV debug_level=3 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -3936,6 +3937,7 @@
-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
+requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION
run_test "SNI: matching cert 2" \
"$P_SRV debug_level=3 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -3946,6 +3948,7 @@
-c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
-c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
+requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION
run_test "SNI: no matching cert" \
"$P_SRV debug_level=3 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -3971,6 +3974,7 @@
-C "skip write certificate verify" \
-S "skip parse certificate verify"
+requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION
run_test "SNI: client auth override: none -> optional" \
"$P_SRV debug_level=3 auth_mode=none \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -3984,6 +3988,7 @@
-C "skip write certificate verify" \
-S "skip parse certificate verify"
+requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION
run_test "SNI: client auth override: optional -> none" \
"$P_SRV debug_level=3 auth_mode=optional \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -3998,6 +4003,7 @@
-s "skip parse certificate verify"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
+requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION
run_test "SNI: CA no override" \
"$P_SRV debug_level=3 auth_mode=optional \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4017,6 +4023,7 @@
-S "The certificate has been revoked (is on a CRL)"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
+requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION
run_test "SNI: CA override" \
"$P_SRV debug_level=3 auth_mode=optional \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4036,6 +4043,7 @@
-S "The certificate has been revoked (is on a CRL)"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
+requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION
run_test "SNI: CA override with CRL" \
"$P_SRV debug_level=3 auth_mode=optional \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4067,6 +4075,7 @@
-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
+requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION
run_test "SNI: DTLS, matching cert 1" \
"$P_SRV debug_level=3 dtls=1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4078,6 +4087,7 @@
-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
+requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION
run_test "SNI: DTLS, matching cert 2" \
"$P_SRV debug_level=3 dtls=1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4088,6 +4098,7 @@
-c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
-c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
+requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION
run_test "SNI: DTLS, no matching cert" \
"$P_SRV debug_level=3 dtls=1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4113,6 +4124,7 @@
-C "skip write certificate verify" \
-S "skip parse certificate verify"
+requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION
run_test "SNI: DTLS, client auth override: none -> optional" \
"$P_SRV debug_level=3 auth_mode=none dtls=1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4126,6 +4138,7 @@
-C "skip write certificate verify" \
-S "skip parse certificate verify"
+requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION
run_test "SNI: DTLS, client auth override: optional -> none" \
"$P_SRV debug_level=3 auth_mode=optional dtls=1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4140,6 +4153,7 @@
-s "skip parse certificate verify"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
+requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION
run_test "SNI: DTLS, CA no override" \
"$P_SRV debug_level=3 auth_mode=optional dtls=1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4158,6 +4172,7 @@
-s "! The certificate is not correctly signed by the trusted CA" \
-S "The certificate has been revoked (is on a CRL)"
+requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION
run_test "SNI: DTLS, CA override" \
"$P_SRV debug_level=3 auth_mode=optional dtls=1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4177,6 +4192,7 @@
-S "The certificate has been revoked (is on a CRL)"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
+requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION
run_test "SNI: DTLS, CA override with CRL" \
"$P_SRV debug_level=3 auth_mode=optional \
crt_file=data_files/server5.crt key_file=data_files/server5.key dtls=1 \
@@ -6347,6 +6363,7 @@
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
+requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION
run_test "SSL async private: sign, SNI" \
"$P_SRV debug_level=3 \
async_operations=s async_private_delay1=0 async_private_delay2=0 \