CryptoPkg/Library/TlsLib/TlsConfig.c | 71 ++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+)
---
CryptoPkg/Library/TlsLib/TlsConfig.c | 71 ++++++++++++++++++++++++++++
1 file changed, 71 insertions(+)
diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c b/CryptoPkg/Library/TlsLib/TlsConfig.c
index 0673c9d532..aac1a88edf 100644
--- a/CryptoPkg/Library/TlsLib/TlsConfig.c
+++ b/CryptoPkg/Library/TlsLib/TlsConfig.c
@@ -594,6 +594,77 @@ TlsSetVerifyHost (
return (ParamStatus == 1) ? EFI_SUCCESS : EFI_ABORTED;
}
+/**
+ Callback function to get the server name.
+
+ @param[in] SSL
+ @param[in] INT32
+ @param[in] Arg
+
+ @retval INT32
+**/
+static
+INT32
+SslServerNameCallback(SSL *Ssl, INT32 *Ad, VOID *Arg)
+{
+ const CHAR8 *HostName = NULL;
+ TLS_EXT_CTX *TlsCtx = (TLS_EXT_CTX*)Arg;
+
+ HostName = SSL_get_servername (Ssl, TLSEXT_NAMETYPE_host_name);
+
+ if (SSL_get_servername_type(Ssl) != -1) {
+ TlsCtx->Ack = !SSL_session_reused(Ssl) && HostName != NULL;
+ }
+ return SSL_TLSEXT_ERR_OK;
+}
+
+/**
+ Set the specified server name in Server/Client.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in] SslCtx Pointer to the SSL object.
+ @param[in] HostName The specified server name to be set.
+
+ @retval EFI_SUCCESS The Server Name was set successfully.
+ @retval EFI_UNSUPPORTED Failed to set the Server Name.
+**/
+EFI_STATUS
+TlsSetServerName (
+ VOID *Tls,
+ VOID *SslCtx,
+ CHAR8 *HostName
+)
+{
+ SSL_CTX *Ctx;
+ TLS_CONNECTION *TlsConn;
+ UINT32 RetVal;
+ TLS_EXT_CTX *TlsExtCtx = NULL;
+
+ TlsConn = (TLS_CONNECTION*) Tls;
+
+ Ctx = SSL_get_SSL_CTX (TlsConn->Ssl);
+
+ TlsExtCtx = AllocateZeroPool (sizeof(TLS_EXT_CTX));
+
+ RetVal = SSL_CTX_set_tlsext_servername_callback(Ctx, SslServerNameCallback);
+ if (!RetVal) {
+ return EFI_UNSUPPORTED;
+ }
+
+ RetVal = SSL_CTX_set_tlsext_servername_arg(Ctx, &TlsExtCtx);
+ if (!RetVal) {
+ return EFI_UNSUPPORTED;
+ }
+
+ TlsConn->Ssl->options = SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION;
+ RetVal = SSL_set_tlsext_host_name(TlsConn->Ssl, HostName);
+
+ if (!RetVal) {
+ return EFI_UNSUPPORTED;
+ }
+ return EFI_SUCCESS;
+}
+
/**
Sets a TLS/SSL session ID to be used during TLS/SSL connect.
--
2.26.0.windows.1
-The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#92061): https://edk2.groups.io/g/devel/message/92061
Mute This Topic: https://groups.io/mt/92779099/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Please review this changes and provide comments. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#95337): https://edk2.groups.io/g/devel/message/95337 Mute This Topic: https://groups.io/mt/92779099/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2024 Red Hat, Inc.