From 2bed3437aee3f9519cdffa75e13cd8dd3306f954 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A1s=20Veres-Szentkir=C3=A1lyi?= <vsza@vsza.hu>
Date: Sun, 1 Jun 2014 01:26:21 +0200
Subject: ssl: parse SNI in received client hello records

---
 lib/ssl/src/ssl_handshake.erl | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'lib/ssl')

diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index fc67d2c28d..b018332df1 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -1719,6 +1719,11 @@ dec_hello_extensions(<<?UINT16(?EC_POINT_FORMATS_EXT), ?UINT16(Len),
     dec_hello_extensions(Rest, Acc#hello_extensions{ec_point_formats =
 							#ec_point_formats{ec_point_format_list =
 									      ECPointFormats}});
+
+dec_hello_extensions(<<?UINT16(?SNI_EXT), ?UINT16(Len),
+                ExtData:Len/binary, Rest/binary>>, Acc) ->
+    <<?UINT16(_), NameList/binary>> = ExtData,
+    dec_hello_extensions(Rest, Acc#hello_extensions{sni = dec_sni(NameList)});
 %% Ignore data following the ClientHello (i.e.,
 %% extensions) if not understood.
 
@@ -1731,6 +1736,13 @@ dec_hello_extensions(_, Acc) ->
 dec_hashsign(<<?BYTE(HashAlgo), ?BYTE(SignAlgo)>>) ->
     {ssl_cipher:hash_algorithm(HashAlgo), ssl_cipher:sign_algorithm(SignAlgo)}.
 
+%% Ignore unknown names (only host_name is supported)
+dec_sni(<<?BYTE(?SNI_NAMETYPE_HOST_NAME), ?UINT16(Len),
+                HostName:Len/binary, _/binary>>) ->
+    #sni{hostname = binary_to_list(HostName)};
+dec_sni(<<?BYTE(_), ?UINT16(Len), _:Len, Rest/binary>>) -> dec_sni(Rest);
+dec_sni(_) -> undefined.
+
 decode_next_protocols({next_protocol_negotiation, Protocols}) ->
     decode_next_protocols(Protocols, []).
 decode_next_protocols(<<>>, Acc) ->
-- 
cgit v1.2.3


From 34e4094aabccc22b5b1be609eb8dfbe412dd4328 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A1s=20Veres-Szentkir=C3=A1lyi?= <vsza@vsza.hu>
Date: Thu, 5 Jun 2014 17:38:44 +0200
Subject: added SNI decode test to SSL handshake suite

---
 lib/ssl/test/ssl_handshake_SUITE.erl | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'lib/ssl')

diff --git a/lib/ssl/test/ssl_handshake_SUITE.erl b/lib/ssl/test/ssl_handshake_SUITE.erl
index 5f36842f9e..e5e942ce1b 100644
--- a/lib/ssl/test/ssl_handshake_SUITE.erl
+++ b/lib/ssl/test/ssl_handshake_SUITE.erl
@@ -38,6 +38,7 @@ all() -> [decode_hello_handshake,
 	  decode_supported_elliptic_curves_hello_extension_correctly,
 	  decode_unknown_hello_extension_correctly,
 	  encode_single_hello_sni_extension_correctly,
+	  decode_single_hello_sni_extension_correctly,
 	  select_proper_tls_1_2_rsa_default_hashsign].
 
 %%--------------------------------------------------------------------
@@ -98,6 +99,13 @@ encode_single_hello_sni_extension_correctly(_Config) ->
     Encoded = ssl_handshake:encode_hello_extensions(Exts),
     HelloExt = Encoded.
 
+decode_single_hello_sni_extension_correctly(_Config) ->
+    Exts = #hello_extensions{sni = #sni{hostname = "test.com"}},
+    SNI = <<16#00, 16#00, 16#00, 16#0d, 16#00, 16#0b, 16#00, 16#00, 16#08,
+	    $t,    $e,    $s,    $t,    $.,    $c,    $o,    $m>>,
+    Decoded = ssl_handshake:decode_hello_extensions(SNI),
+    Exts = Decoded.
+
 select_proper_tls_1_2_rsa_default_hashsign(_Config) ->
     % RFC 5246 section 7.4.1.4.1 tells to use {sha1,rsa} as default signature_algorithm for RSA key exchanges
     {sha, rsa} = ssl_handshake:select_hashsign_algs(undefined, ?rsaEncryption, {3,3}),
-- 
cgit v1.2.3