Expose mbedtls_ssl_get_hostname_pointer()

In 2.28, the `hostname` field of `mbedtls_ssl_context` is part of the public
API. We've slightly changed its meaning in order to fix a security issue.
Document the new function mbedtls_ssl_get_hostname_pointer() which
returns what used to be the value of this field.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/ChangeLog.d/mbedtls_ssl_set_hostname.txt b/ChangeLog.d/mbedtls_ssl_set_hostname.txt
index cb61ed1..bd15d3a 100644
--- a/ChangeLog.d/mbedtls_ssl_set_hostname.txt
+++ b/ChangeLog.d/mbedtls_ssl_set_hostname.txt
@@ -8,6 +8,9 @@
      call mbedtls_ssl_set_hostname() with NULL as the hostname, or
      enable the new compile-time option
      MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME.
+     The content of ssl->hostname after mbedtls_ssl_set_hostname(ssl, NULL)
+     has changed, see the documentation of the hostname field in the
+     mbedtls_ssl_context struct type for details.
 
 Security
    * Note that TLS clients should generally call mbedtls_ssl_set_hostname()
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 541fcc8..f89f470 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1449,7 +1449,10 @@
      *  \p hostname argument.
      * - A special value to indicate that mbedtls_ssl_set_hostname()
      *   was called with \p NULL (as opposed to never having been called).
-     *   See `mbedtls_ssl_get_hostname_pointer()` in `ssl_tls.c`.
+     *
+     * If you need to obtain the value passed to
+     * mbedtls_ssl_set_hostname() even if it may have been called with
+     * \p NULL, call mbedtls_ssl_get_hostname_pointer().
      *
      * If this field contains the value \p NULL and the configuration option
      * #MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index fdc1719..e387369 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -1214,7 +1214,6 @@
     return 4;
 }
 
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
 /** Get the host name from the SSL context.
  *
  * \param[in]   ssl     SSL context
@@ -1224,7 +1223,6 @@
  *         \p ssl or if it was last called with \p NULL.
  */
 const char *mbedtls_ssl_get_hostname_pointer(const mbedtls_ssl_context *ssl);
-#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
 void mbedtls_ssl_send_flight_completed(mbedtls_ssl_context *ssl);
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 91b4ae9..65d5b96 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -62,11 +62,6 @@
 }
 #endif
 
-/* Micro-optimization: don't export this function if it isn't needed outside
- * of this source file. */
-#if !defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-static
-#endif
 const char *mbedtls_ssl_get_hostname_pointer(const mbedtls_ssl_context *ssl)
 {
     if (ssl->hostname == ssl_hostname_skip_cn_verification) {