Cryptography Reference
In-Depth Information
{
unsigned short host_name_len;
unsigned char *host_name;
data = read_buffer( ( void * ) &host_name_len,
( void * ) data, 2 );
host_name_len = ntohs( host_name_len );
host_name = malloc( host_name_len + 1 );
data = read_buffer( ( void * ) host_name,
( void * ) data, host_name_len );
host_name[ host_name_len ] = '\0';
printf( “got host name '%s'\n”, host_name );
// TODO store this and use it to select a certificate
// TODO return an “unrecognized_name” alert if the host name
// is unknown
free( host_name );
}
break;
default:
// nothing else defined by the spec
break;
}
}
As you can see from these listings, there's nothing particularly different about
the server name extension — it's a triply-nested list. Each list is prepended with
a two-byte length that needs to be converted from network order to host order
before the list can be processed, as usual. A client hello with a server name
extension is illustrated in Figure 8-1. Compare this to the plain client hello in
Figure 6-2.
major
minor
current time
random bytes
client
random
random bytes
sess
id
len
cipher
suites
length
Comp
meth
len
compression
methods
(variable)
session id
(variable)
cipher suites
(variable)
random bytes
length of
server name
extension
length of
server name
list
extensions
length
server name
extension
name
type
length of
server name
server name (variable)
Figure 8-1:
Client Hello with SNI
Strangely, the server name extension itself allows for a list of host names. It's
not clear how the server ought to behave if one of the names was recognized,
but another wasn't, or if both were recognized and correspond, for example,
Search WWH ::
Custom Search