---
CryptoPkg/Library/TlsLib/TlsConfig.c | 71 ++++++++++++++++++++++++++++
1 file changed, 71 insertions(+)
diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c
b/CryptoPkg/Library/TlsLib/TlsConfig.c
index 0673c9d532..aac1a88edf 100644
--- a/CryptoPkg/Library/TlsLib/TlsConfig.c
+++ b/CryptoPkg/Library/TlsLib/TlsConfig.c
@@ -594,6 +594,77 @@ TlsSetVerifyHost (
return (ParamStatus == 1) ? EFI_SUCCESS : EFI_ABORTED;
}
+/**
+ Callback function to get the server name.
+
+ @param[in] SSL
+ @param[in] INT32
+ @param[in] Arg
+
+ @retval INT32
+**/
+static
+INT32
+SslServerNameCallback(SSL *Ssl, INT32 *Ad, VOID *Arg)
+{
+ const CHAR8 *HostName = NULL;
+ TLS_EXT_CTX *TlsCtx = (TLS_EXT_CTX*)Arg;
+
+ HostName = SSL_get_servername (Ssl, TLSEXT_NAMETYPE_host_name);
+
+ if (SSL_get_servername_type(Ssl) != -1) {
+ TlsCtx->Ack = !SSL_session_reused(Ssl) && HostName != NULL;
+ }
+ return SSL_TLSEXT_ERR_OK;
+}
+
+/**
+ Set the specified server name in Server/Client.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in] SslCtx Pointer to the SSL object.
+ @param[in] HostName The specified server name to be set.
+
+ @retval EFI_SUCCESS The Server Name was set successfully.
+ @retval EFI_UNSUPPORTED Failed to set the Server Name.
+**/
+EFI_STATUS
+TlsSetServerName (
+ VOID *Tls,
+ VOID *SslCtx,
+ CHAR8 *HostName
+)
+{
+ SSL_CTX *Ctx;
+ TLS_CONNECTION *TlsConn;
+ UINT32 RetVal;
+ TLS_EXT_CTX *TlsExtCtx = NULL;
+
+ TlsConn = (TLS_CONNECTION*) Tls;
+
+ Ctx = SSL_get_SSL_CTX (TlsConn->Ssl);
+
+ TlsExtCtx = AllocateZeroPool (sizeof(TLS_EXT_CTX));
+
+ RetVal = SSL_CTX_set_tlsext_servername_callback(Ctx,
SslServerNameCallback);
+ if (!RetVal) {
+ return EFI_UNSUPPORTED;
+ }
+
+ RetVal = SSL_CTX_set_tlsext_servername_arg(Ctx, &TlsExtCtx);
+ if (!RetVal) {
+ return EFI_UNSUPPORTED;
+ }
+
+ TlsConn->Ssl->options = SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION;
+ RetVal = SSL_set_tlsext_host_name(TlsConn->Ssl, HostName);
+
+ if (!RetVal) {
+ return EFI_UNSUPPORTED;
+ }
+ return EFI_SUCCESS;
+}
+
/**
Sets a TLS/SSL session ID to be used during TLS/SSL connect.
--
2.26.0.windows.1
-The information contained in this message may be confidential and proprietary
to American Megatrends (AMI). This communication is intended to be read only by
the individual or entity to whom it is addressed or by their designee. If the
reader of this message is not the intended recipient, you are on notice that
any distribution of this message, in any form, is strictly prohibited. Please
promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and
then delete or destroy all copies of the transmission.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#92061): https://edk2.groups.io/g/devel/message/92061
Mute This Topic: https://groups.io/mt/92779099/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
