Make function mbedtls_ssl_set_hostname(...) as optional

Now function mbedtls_ssl_set_hostname is compile-time configurable in config.h with define MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION. This affects to many x509 API's. See config.h for details.
2026-05-09 11:14:26 +02:00 · 2019-08-19 14:48:09 +03:00
parent f0f01e1f0a
commit 4009d8f377
23 changed files with 313 additions and 57 deletions
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@@ -222,12 +222,13 @@ int main( int argc, char *argv[] )
        mbedtls_printf( " failed\n  ! mbedtls_ssl_setup returned %d\n\n", ret );
        goto exit;
    }
-
+#if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION)
    if( ( ret = mbedtls_ssl_set_hostname( &ssl, SERVER_NAME ) ) != 0 )
    {
        mbedtls_printf( " failed\n  ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
        goto exit;
    }
+#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */

 #if !defined(MBEDTLS_SSL_CONF_RECV) && \
    !defined(MBEDTLS_SSL_CONF_SEND) && \
--- a/programs/ssl/mini_client.c
+++ b/programs/ssl/mini_client.c
@@ -250,7 +250,7 @@ int main( void )
        goto exit;
    }

-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION)
    if( mbedtls_ssl_set_hostname( &ssl, HOSTNAME ) != 0 )
    {
        ret = hostname_failed;
--- a/programs/ssl/query_config.c
+++ b/programs/ssl/query_config.c
@@ -1570,6 +1570,14 @@ int query_config( const char *config )
    }
 #endif /* MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID */

+#if defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION)
+    if( strcmp( "MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION );
+        return( 0 );
+    }
+#endif /* MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */
+
 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
    if( strcmp( "MBEDTLS_X509_RSASSA_PSS_SUPPORT", config ) == 0 )
    {
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -210,11 +210,13 @@ int main( void )
        goto exit;
    }

+#if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION)
    if( ( ret = mbedtls_ssl_set_hostname( &ssl, SERVER_NAME ) ) != 0 )
    {
        mbedtls_printf( " failed\n  ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
        goto exit;
    }
+#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */

 #if !defined(MBEDTLS_SSL_CONF_RECV) &&          \
    !defined(MBEDTLS_SSL_CONF_SEND) &&          \
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -2053,7 +2053,7 @@ int main( int argc, char *argv[] )
        goto exit;
    }

-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION)
    if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
    {
        mbedtls_printf( " failed\n  ! mbedtls_ssl_set_hostname returned %d\n\n",
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -662,11 +662,13 @@ int main( int argc, char *argv[] )
        goto exit;
    }

+#if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION)
    if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
    {
        mbedtls_printf( " failed\n  ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
        goto exit;
    }
+#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */

 #if !defined(MBEDTLS_SSL_CONF_RECV) &&          \
    !defined(MBEDTLS_SSL_CONF_SEND) &&          \
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -363,8 +363,11 @@ int main( int argc, char *argv[] )
        {
            mbedtls_printf( "  . Verifying X.509 certificate..." );

-            if( ( ret = mbedtls_x509_crt_verify( &crt, &cacert, &cacrl, NULL, &flags,
-                                         my_verify, NULL ) ) != 0 )
+            if( ( ret = mbedtls_x509_crt_verify( &crt, &cacert, &cacrl,
+#if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION)
+                                        NULL,
+#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */
+                                        &flags, my_verify, NULL ) ) != 0 )
            {
                char vrfy_buf[512];

@@ -453,12 +456,13 @@ int main( int argc, char *argv[] )
            mbedtls_printf( " failed\n  ! mbedtls_ssl_setup returned %d\n\n", ret );
            goto ssl_exit;
        }
-
+#if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION)
        if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
        {
            mbedtls_printf( " failed\n  ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
            goto ssl_exit;
        }
+#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */

 #if !defined(MBEDTLS_SSL_CONF_RECV) &&          \
    !defined(MBEDTLS_SSL_CONF_SEND) &&          \