summaryrefslogtreecommitdiffstats
path: root/lib/libtls/tls_conninfo.c
diff options
context:
space:
mode:
authorjsing <jsing@openbsd.org>2016-08-22 14:55:59 +0000
committerjsing <jsing@openbsd.org>2016-08-22 14:55:59 +0000
commit55272e791e8761e9e22ccec7985f6a67b353362d (patch)
treee99d76979710a452eda038cbee08395145948362 /lib/libtls/tls_conninfo.c
parentCreate contexts for server side SNI - these include the additional SSL_CTX (diff)
downloadwireguard-openbsd-55272e791e8761e9e22ccec7985f6a67b353362d.tar.xz
wireguard-openbsd-55272e791e8761e9e22ccec7985f6a67b353362d.zip
Provide an API that enables server side SNI support - add the ability to
provide additional keypairs (via tls_config_add_keypair_{file,mem}()) and allow the server to determine what servername the client requested (via tls_conn_servername()). ok beck@
Diffstat (limited to 'lib/libtls/tls_conninfo.c')
-rw-r--r--lib/libtls/tls_conninfo.c15
1 files changed, 14 insertions, 1 deletions
diff --git a/lib/libtls/tls_conninfo.c b/lib/libtls/tls_conninfo.c
index 523b2798d36..281af798665 100644
--- a/lib/libtls/tls_conninfo.c
+++ b/lib/libtls/tls_conninfo.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_conninfo.c,v 1.9 2016/08/15 14:47:41 jsing Exp $ */
+/* $OpenBSD: tls_conninfo.c,v 1.10 2016/08/22 14:55:59 jsing Exp $ */
/*
* Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2015 Bob Beck <beck@openbsd.org>
@@ -199,6 +199,11 @@ tls_get_conninfo(struct tls *ctx)
goto err;
if (tls_conninfo_alpn_proto(ctx) == -1)
goto err;
+ if (ctx->servername != NULL) {
+ if ((ctx->conninfo->servername =
+ strdup(ctx->servername)) == NULL)
+ goto err;
+ }
return (0);
err:
@@ -242,6 +247,14 @@ tls_conn_cipher(struct tls *ctx)
}
const char *
+tls_conn_servername(struct tls *ctx)
+{
+ if (ctx->conninfo == NULL)
+ return (NULL);
+ return (ctx->conninfo->servername);
+}
+
+const char *
tls_conn_version(struct tls *ctx)
{
if (ctx->conninfo == NULL)