summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorChuck Lever <chuck.lever@oracle.com>2023-05-11 17:49:50 +0200
committerJakub Kicinski <kuba@kernel.org>2023-05-25 07:05:24 +0200
commit26fb5480a27d34975cc2b680b77af189620dd740 (patch)
tree6e14b559ee327c9fde86287f3ba99f47731308dc /include
parentnet/handshake: Unpin sock->file if a handshake is cancelled (diff)
downloadlinux-26fb5480a27d34975cc2b680b77af189620dd740.tar.xz
linux-26fb5480a27d34975cc2b680b77af189620dd740.zip
net/handshake: Enable the SNI extension to work properly
Enable the upper layer protocol to specify the SNI peername. This avoids the need for tlshd to use a DNS lookup, which can return a hostname that doesn't match the incoming certificate's SubjectName. Fixes: 2fd5532044a8 ("net/handshake: Add a kernel API for requesting a TLSv1.3 handshake") Reviewed-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'include')
-rw-r--r--include/net/handshake.h1
-rw-r--r--include/uapi/linux/handshake.h1
2 files changed, 2 insertions, 0 deletions
diff --git a/include/net/handshake.h b/include/net/handshake.h
index 3352b1ab43b3..2e26e436e85f 100644
--- a/include/net/handshake.h
+++ b/include/net/handshake.h
@@ -24,6 +24,7 @@ struct tls_handshake_args {
struct socket *ta_sock;
tls_done_func_t ta_done;
void *ta_data;
+ const char *ta_peername;
unsigned int ta_timeout_ms;
key_serial_t ta_keyring;
key_serial_t ta_my_cert;
diff --git a/include/uapi/linux/handshake.h b/include/uapi/linux/handshake.h
index 1de4d0b95325..3d7ea58778c9 100644
--- a/include/uapi/linux/handshake.h
+++ b/include/uapi/linux/handshake.h
@@ -44,6 +44,7 @@ enum {
HANDSHAKE_A_ACCEPT_AUTH_MODE,
HANDSHAKE_A_ACCEPT_PEER_IDENTITY,
HANDSHAKE_A_ACCEPT_CERTIFICATE,
+ HANDSHAKE_A_ACCEPT_PEERNAME,
__HANDSHAKE_A_ACCEPT_MAX,
HANDSHAKE_A_ACCEPT_MAX = (__HANDSHAKE_A_ACCEPT_MAX - 1)