Make SNI per-connection, not per-session.
Right now we report the per-connection value during the handshake and
the per-session value after the handshake. This also trims our tickets
slightly by removing a largely unused field from SSL_SESSION.
Putting it on SSL_HANDSHAKE would be better, but sadly a number of
bindings-type APIs expose it after the handshake.
Change-Id: I6a1383f95da9b1b141b9d6adadc05ee1e458a326
Reviewed-on: https://boringssl-review.googlesource.com/20064
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index 853994b..7a75776 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc
@@ -1755,25 +1755,11 @@
return ssl->tlsext_hostname;
}
- // During the handshake, report the handshake value.
- if (ssl->s3->hs != NULL) {
- return ssl->s3->hs->hostname.get();
- }
-
- // SSL_get_servername may also be called after the handshake to look up the
- // SNI value.
- //
- // TODO(davidben): This is almost unused. Can we remove it?
- SSL_SESSION *session = SSL_get_session(ssl);
- if (session == NULL) {
- return NULL;
- }
- return session->tlsext_hostname;
+ return ssl->s3->hostname;
}
int SSL_get_servername_type(const SSL *ssl) {
- SSL_SESSION *session = SSL_get_session(ssl);
- if (session == NULL || session->tlsext_hostname == NULL) {
+ if (SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) == NULL) {
return -1;
}
return TLSEXT_NAMETYPE_host_name;