1=pod
2
3=head1 NAME
4
5SSL_CTX_set_tlsext_servername_callback, SSL_CTX_set_tlsext_servername_arg,
6SSL_get_servername_type, SSL_get_servername,
7SSL_set_tlsext_host_name - handle server name indication (SNI)
8
9=head1 SYNOPSIS
10
11 #include <openssl/ssl.h>
12
13 long SSL_CTX_set_tlsext_servername_callback(SSL_CTX *ctx,
14                                   int (*cb)(SSL *s, int *al, void *arg));
15 long SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg);
16
17 const char *SSL_get_servername(const SSL *s, const int type);
18 int SSL_get_servername_type(const SSL *s);
19
20 int SSL_set_tlsext_host_name(const SSL *s, const char *name);
21
22=head1 DESCRIPTION
23
24The functionality provided by the servername callback is mostly superseded by
25the ClientHello callback, which can be set using SSL_CTX_set_client_hello_cb().
26However, even where the ClientHello callback is used, the servername callback is
27still necessary in order to acknowledge the servername requested by the client.
28
29SSL_CTX_set_tlsext_servername_callback() sets the application callback B<cb>
30used by a server to perform any actions or configuration required based on
31the servername extension received in the incoming connection. When B<cb>
32is NULL, SNI is not used.
33
34The servername callback should return one of the following values:
35
36=over 4
37
38=item SSL_TLSEXT_ERR_OK
39
40This is used to indicate that the servername requested by the client has been
41accepted. Typically a server will call SSL_set_SSL_CTX() in the callback to set
42up a different configuration for the selected servername in this case.
43
44=item SSL_TLSEXT_ERR_ALERT_FATAL
45
46In this case the servername requested by the client is not accepted and the
47handshake will be aborted. The value of the alert to be used should be stored in
48the location pointed to by the B<al> parameter to the callback. By default this
49value is initialised to SSL_AD_UNRECOGNIZED_NAME.
50
51=item SSL_TLSEXT_ERR_ALERT_WARNING
52
53If this value is returned then the servername is not accepted by the server.
54However, the handshake will continue and send a warning alert instead. The value
55of the alert should be stored in the location pointed to by the B<al> parameter
56as for SSL_TLSEXT_ERR_ALERT_FATAL above. Note that TLSv1.3 does not support
57warning alerts, so if TLSv1.3 has been negotiated then this return value is
58treated the same way as SSL_TLSEXT_ERR_NOACK.
59
60=item SSL_TLSEXT_ERR_NOACK
61
62This return value indicates that the servername is not accepted by the server.
63No alerts are sent and the server will not acknowledge the requested servername.
64
65=back
66
67SSL_CTX_set_tlsext_servername_arg() sets a context-specific argument to be
68passed into the callback (via the B<arg> parameter) for this B<SSL_CTX>.
69
70The behaviour of SSL_get_servername() depends on a number of different factors.
71In particular note that in TLSv1.3 the servername is negotiated in every
72handshake. In TLSv1.2 the servername is only negotiated on initial handshakes
73and not on resumption handshakes.
74
75=over 4
76
77=item On the client, before the handshake
78
79If a servername has been set via a call to SSL_set_tlsext_host_name() then it
80will return that servername.
81
82If one has not been set, but a TLSv1.2 resumption is being attempted and the
83session from the original handshake had a servername accepted by the server then
84it will return that servername.
85
86Otherwise it returns NULL.
87
88=item On the client, during or after the handshake and a TLSv1.2 (or below)
89resumption occurred
90
91If the session from the original handshake had a servername accepted by the
92server then it will return that servername.
93
94Otherwise it returns the servername set via SSL_set_tlsext_host_name() or NULL
95if it was not called.
96
97=item On the client, during or after the handshake and a TLSv1.2 (or below)
98resumption did not occur
99
100It will return the servername set via SSL_set_tlsext_host_name() or NULL if it
101was not called.
102
103=item On the server, before the handshake
104
105The function will always return NULL before the handshake
106
107=item On the server, after the servername extension has been processed and a
108TLSv1.2 (or below) resumption occurred
109
110If a servername was accepted by the server in the original handshake then it
111will return that servername, or NULL otherwise.
112
113=item On the server, after the servername extension has been processed and a
114TLSv1.2 (or below) resumption did not occur
115
116The function will return the servername requested by the client in this
117handshake or NULL if none was requested.
118
119=back
120
121Note that the ClientHello callback occurs before a servername extension from the
122client is processed. The servername, certificate and ALPN callbacks occur after
123a servername extension from the client is processed.
124
125SSL_get_servername_type() returns the servername type or -1 if no servername
126is present. Currently the only supported type (defined in RFC3546) is
127B<TLSEXT_NAMETYPE_host_name>.
128
129SSL_set_tlsext_host_name() sets the server name indication ClientHello extension
130to contain the value B<name>. The type of server name indication extension is set
131to B<TLSEXT_NAMETYPE_host_name> (defined in RFC3546).
132
133=head1 NOTES
134
135Several callbacks are executed during ClientHello processing, including
136the ClientHello, ALPN, and servername callbacks.  The ClientHello callback is
137executed first, then the servername callback, followed by the ALPN callback.
138
139The SSL_set_tlsext_host_name() function should only be called on SSL objects
140that will act as clients; otherwise the configured B<name> will be ignored.
141
142=head1 RETURN VALUES
143
144SSL_CTX_set_tlsext_servername_callback() and
145SSL_CTX_set_tlsext_servername_arg() both always return 1 indicating success.
146SSL_set_tlsext_host_name() returns 1 on success, 0 in case of error.
147
148=head1 SEE ALSO
149
150L<ssl(7)>, L<SSL_CTX_set_alpn_select_cb(3)>,
151L<SSL_get0_alpn_selected(3)>, L<SSL_CTX_set_client_hello_cb(3)>
152
153=head1 HISTORY
154
155SSL_get_servername() historically provided some unexpected results in certain
156corner cases. This has been fixed from OpenSSL 1.1.1e.
157
158Prior to 1.1.1e, when the client requested a servername in an initial TLSv1.2
159handshake, the server accepted it, and then the client successfully resumed but
160set a different explicit servername in the second handshake then when called by
161the client it returned the servername from the second handshake. This has now
162been changed to return the servername requested in the original handshake.
163
164Also prior to 1.1.1e, if the client sent a servername in the first handshake but
165the server did not accept it, and then a second handshake occurred where TLSv1.2
166resumption was successful then when called by the server it returned the
167servername requested in the original handshake. This has now been changed to
168NULL.
169
170=head1 COPYRIGHT
171
172Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
173
174Licensed under the Apache License 2.0 (the "License").  You may not use
175this file except in compliance with the License.  You can obtain a copy
176in the file LICENSE in the source distribution or at
177L<https://www.openssl.org/source/license.html>.
178
179=cut
180