/* Server Name Indication callback function
*/
static int sni_callback(void UNUSED(*param), mbedtls_ssl_context *context, const unsigned char *sni_hostname, size_t len) {
char hostname[SNI_MAX_HOSTNAME_LEN + 1];
t_sni_list *sni;
int i;
if (len > SNI_MAX_HOSTNAME_LEN) {
return -1;
}
memcpy(hostname, sni_hostname, len);
hostname[len] = '\0';
sni = sni_list;
while (sni != NULL) {
for (i = 0; i < sni->hostname->size; i++) {
if (hostname_match(hostname, *(sni->hostname->item + i))) {
/* Set private key and certificate
*/
if ((sni->private_key != NULL) && (sni->certificate != NULL)) {
mbedtls_ssl_set_hs_own_cert(context, sni->certificate, sni->private_key);
}
/* Set CA certificate for TLS client authentication
*/
if (sni->ca_certificate != NULL) {
mbedtls_ssl_set_hs_authmode(context, MBEDTLS_SSL_VERIFY_REQUIRED);
mbedtls_ssl_set_hs_ca_chain(context, sni->ca_certificate, sni->ca_crl);
}
return 0;
}
}
sni = sni->next;
}
return 0;
}
int SSLContext::setAuthmode(State & state, SSLContextData * ssl_context_data) {
Stack * stack = state.stack;
mbedtls_ssl_set_hs_authmode(ssl_context_data->context, stack->to<int>(1));
return 0;
}
