Make SSL_set_tlsext_host_name no effect from server side

Documentation and test cases are also updated

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3783)

doc/man3/SSL_CTX_set_tlsext_servername_callback.pod

@@ -3,8 +3,8 @@
 =head1 NAME
 
 SSL_CTX_set_tlsext_servername_callback, SSL_CTX_set_tlsext_servername_arg,
-SSL_get_servername_type, SSL_get_servername - handle server name indication
-(SNI)
+SSL_get_servername_type, SSL_get_servername,
+SSL_set_tlsext_host_name - handle server name indication (SNI)
 
 =head1 SYNOPSIS
 
@@ -17,6 +17,8 @@ SSL_get_servername_type, SSL_get_servername - handle server name indication
  const char *SSL_get_servername(const SSL *s, const int type);
  int SSL_get_servername_type(const SSL *s);
 
+ int SSL_set_tlsext_host_name(const SSL *s, const char *name);
+
 =head1 DESCRIPTION
 
 The functionality provided by the servername callback is superseded by
@@ -39,16 +41,24 @@ SSL_get_servername_type() returns the servername type or -1 if no servername
 is present. Currently the only supported type (defined in RFC3546) is
 B<TLSEXT_NAMETYPE_host_name>.
 
+SSL_set_tlsext_host_name() sets the server name indication ClientHello extension
+to contain the value B<name>. The type of server name indication extension is set
+to B<TLSEXT_NAMETYPE_host_name> (defined in RFC3546).
+
 =head1 NOTES
 
 Several callbacks are executed during ClientHello processing, including
 the early, ALPN, and servername callbacks.  The early callback is executed
 first, then the servername callback, followed by the ALPN callback.
 
+The SSL_set_tlsext_host_name() function should only be called on SSL objects
+that will act as clients; otherwise the configured B<name> will be ignored.
+
 =head1 RETURN VALUES
 
 SSL_CTX_set_tlsext_servername_callback() and
 SSL_CTX_set_tlsext_servername_arg() both always return 1 indicating success.
+SSL_set_tlsext_host_name() returns 1 on success, 0 in case of error.
 
 =head1 SEE ALSO
 

ssl/ssl_lib.c

@@ -3315,6 +3315,12 @@ int SSL_do_handshake(SSL *s)
 
     s->method->ssl_renegotiate_check(s, 0);
 
+    if (SSL_is_server(s)) {
+        /* clear SNI settings at server-side */
+        OPENSSL_free(s->ext.hostname);
+        s->ext.hostname = NULL;
+    }
+
     if (SSL_in_init(s) || SSL_in_before(s)) {
         if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
             struct ssl_async_args args;

test/build.info

@@ -44,7 +44,8 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
           pkey_meth_test uitest cipherbytes_test asn1_encode_test asn1_string_table_test \
           x509_time_test x509_dup_cert_test x509_check_cert_pkey_test \
           recordlentest drbgtest sslbuffertest \
-          time_offset_test pemtest ssl_cert_table_internal_test ciphername_test
+          time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \
+          servername_test
 
   SOURCE[aborttest]=aborttest.c
   INCLUDE[aborttest]=../include
@@ -327,6 +328,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
   INCLUDE[ciphername_test]=.. ../include
   DEPEND[ciphername_test]=../libcrypto ../libssl libtestutil.a
 
+  SOURCE[servername_test]=servername_test.c
+  INCLUDE[servername_test]=.. ../include
+  DEPEND[servername_test]=../libcrypto ../libssl libtestutil.a
+
   IF[{- !$disabled{psk} -}]
     PROGRAMS_NO_INST=dtls_mtu_test
     SOURCE[dtls_mtu_test]=dtls_mtu_test.c ssltestlib.c

test/recipes/70-test_servername.t

@@ -0,0 +1,22 @@
+#! /usr/bin/env perl
+# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017 BaishanCloud. All rights reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use warnings;
+
+use OpenSSL::Test::Simple;
+use OpenSSL::Test;
+use OpenSSL::Test::Utils qw(alldisabled available_protocols);
+
+setup("test_servername");
+
+plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build"
+    if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls"));
+
+simple_test("test_servername", "servername_test");

test/servername_test.c

@@ -0,0 +1,241 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 BaishanCloud. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <time.h>
+
+#include "../ssl/packet_locl.h"
+
+#include "testutil.h"
+#include "e_os.h"
+
+#define CLIENT_VERSION_LEN      2
+
+static const char *host = "dummy-host";
+
+static int get_sni_from_client_hello(BIO *bio, char **sni)
+{
+    long len;
+    unsigned char *data;
+    PACKET pkt = {0}, pkt2 = {0}, pkt3 = {0}, pkt4 = {0}, pkt5 = {0};
+    unsigned int servname_type = 0, type = 0;
+    int ret = 0;
+
+    len = BIO_get_mem_data(bio, (char **)&data);
+    if (!TEST_true(PACKET_buf_init(&pkt, data, len))
+               /* Skip the record header */
+            || !PACKET_forward(&pkt, SSL3_RT_HEADER_LENGTH)
+               /* Skip the handshake message header */
+            || !TEST_true(PACKET_forward(&pkt, SSL3_HM_HEADER_LENGTH))
+               /* Skip client version and random */
+            || !TEST_true(PACKET_forward(&pkt, CLIENT_VERSION_LEN
+                                               + SSL3_RANDOM_SIZE))
+               /* Skip session id */
+            || !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2))
+               /* Skip ciphers */
+            || !TEST_true(PACKET_get_length_prefixed_2(&pkt, &pkt2))
+               /* Skip compression */
+            || !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2))
+               /* Extensions len */
+            || !TEST_true(PACKET_as_length_prefixed_2(&pkt, &pkt2)))
+        goto end;
+
+    /* Loop through all extensions for SNI */
+    while (PACKET_remaining(&pkt2)) {
+        if (!TEST_true(PACKET_get_net_2(&pkt2, &type))
+                || !TEST_true(PACKET_get_length_prefixed_2(&pkt2, &pkt3)))
+            goto end;
+        if (type == TLSEXT_TYPE_server_name) {
+            if (!TEST_true(PACKET_get_length_prefixed_2(&pkt3, &pkt4))
+                    || !TEST_uint_ne(PACKET_remaining(&pkt4), 0)
+                    || !TEST_true(PACKET_get_1(&pkt4, &servname_type))
+                    || !TEST_uint_eq(servname_type, TLSEXT_NAMETYPE_host_name)
+                    || !TEST_true(PACKET_get_length_prefixed_2(&pkt4, &pkt5))
+                    || !TEST_uint_le(PACKET_remaining(&pkt5), TLSEXT_MAXLEN_host_name)
+                    || !TEST_false(PACKET_contains_zero_byte(&pkt5))
+                    || !TEST_true(PACKET_strndup(&pkt5, sni)))
+                goto end;
+            ret = 1;
+            goto end;
+        }
+    }
+end:
+    return ret;
+}
+
+static int client_setup_sni_before_state()
+{
+    SSL_CTX *ctx;
+    SSL *con = NULL;
+    BIO *rbio;
+    BIO *wbio;
+    char *hostname = NULL;
+    int ret = 0;
+
+    /* use TLS_method to blur 'side' */
+    ctx = SSL_CTX_new(TLS_method());
+    if (!TEST_ptr(ctx))
+        goto end;
+
+    con = SSL_new(ctx);
+    if (!TEST_ptr(con))
+        goto end;
+
+    /* set SNI before 'client side' is set */
+    SSL_set_tlsext_host_name(con, host);
+
+    rbio = BIO_new(BIO_s_mem());
+    wbio = BIO_new(BIO_s_mem());
+    if (!TEST_ptr(rbio)|| !TEST_ptr(wbio)) {
+        BIO_free(rbio);
+        BIO_free(wbio);
+        goto end;
+    }
+
+    SSL_set_bio(con, rbio, wbio);
+
+    if (!TEST_int_le(SSL_connect(con), 0))
+        /* This shouldn't succeed because we don't have a server! */
+        goto end;
+    if (!TEST_true(get_sni_from_client_hello(wbio, &hostname)))
+        /* no SNI in client hello */
+        goto end;
+    if (!TEST_str_eq(hostname, host))
+        /* incorrect SNI value */
+        goto end;
+    ret = 1;
+end:
+    OPENSSL_free(hostname);
+    SSL_free(con);
+    SSL_CTX_free(ctx);
+    return ret;
+}
+
+static int client_setup_sni_after_state()
+{
+    SSL_CTX *ctx;
+    SSL *con = NULL;
+    BIO *rbio;
+    BIO *wbio;
+    char *hostname = NULL;
+    int ret = 0;
+
+    /* use TLS_method to blur 'side' */
+    ctx = SSL_CTX_new(TLS_method());
+    if (!TEST_ptr(ctx))
+        goto end;
+
+    con = SSL_new(ctx);
+    if (!TEST_ptr(con))
+        goto end;
+
+    rbio = BIO_new(BIO_s_mem());
+    wbio = BIO_new(BIO_s_mem());
+    if (!TEST_ptr(rbio)|| !TEST_ptr(wbio)) {
+        BIO_free(rbio);
+        BIO_free(wbio);
+        goto end;
+    }
+
+    SSL_set_bio(con, rbio, wbio);
+    SSL_set_connect_state(con);
+
+    /* set SNI after 'client side' is set */
+    SSL_set_tlsext_host_name(con, host);
+
+    if (!TEST_int_le(SSL_connect(con), 0))
+        /* This shouldn't succeed because we don't have a server! */
+        goto end;
+    if (!TEST_true(get_sni_from_client_hello(wbio, &hostname)))
+        /* no SNI in client hello */
+        goto end;
+    if (!TEST_str_eq(hostname, host))
+        /* incorrect SNI value */
+        goto end;
+    ret = 1;
+end:
+    OPENSSL_free(hostname);
+    SSL_free(con);
+    SSL_CTX_free(ctx);
+    return ret;
+}
+
+static int server_setup_sni()
+{
+    SSL_CTX *ctx;
+    SSL *con = NULL;
+    BIO *rbio;
+    BIO *wbio;
+    int ret = 0;
+
+    /* use TLS_server_method to choose 'server-side' */
+    ctx = SSL_CTX_new(TLS_server_method());
+    if (!TEST_ptr(ctx))
+        goto end;
+
+    con = SSL_new(ctx);
+    if (!TEST_ptr(con))
+        goto end;
+
+    rbio = BIO_new(BIO_s_mem());
+    wbio = BIO_new(BIO_s_mem());
+    if (!TEST_ptr(rbio)|| !TEST_ptr(wbio)) {
+        BIO_free(rbio);
+        BIO_free(wbio);
+        goto end;
+    }
+
+    SSL_set_bio(con, rbio, wbio);
+
+    /* set SNI at server side */
+    SSL_set_tlsext_host_name(con, host);
+
+    if (!TEST_int_le(SSL_accept(con), 0))
+        /* This shouldn't succeed because we have nothing to listen on */
+        goto end;
+    if (!TEST_ptr_null(SSL_get_servername(con, TLSEXT_NAMETYPE_host_name)))
+        /* SNI should be cleared by SSL_accpet */
+        goto end;
+    ret = 1;
+end:
+    SSL_free(con);
+    SSL_CTX_free(ctx);
+    return ret;
+}
+
+typedef int (*sni_test_fn)(void);
+
+static sni_test_fn sni_test_fns[3] = {
+    client_setup_sni_before_state,
+    client_setup_sni_after_state,
+    server_setup_sni
+};
+
+static int test_servername(int test)
+{
+    /*
+     * For each test set up an SSL_CTX and SSL and see
+     * what SNI behaves.
+     */
+    return sni_test_fns[test]();
+}
+
+int setup_tests(void)
+{
+    ADD_ALL_TESTS(test_servername, OSSL_NELEM(sni_test_fns));
+    return 1;
+}

util/private.num

@@ -339,6 +339,7 @@ SSL_set_mtu                             define
 SSL_set_split_send_fragment             define
 SSL_set_time                            define
 SSL_set_timeout                         define
+SSL_set_tlsext_host_name                define
 SSL_set_tlsext_status_ocsp_resp         define
 SSL_set_tlsext_status_type              define
 SSL_set_tmp_dh                          define