SNI for server mode

svn path=/trunk/kdesupport/qca/; revision=680254

include/QtCrypto/qca_securelayer.h

@@ -452,6 +452,12 @@ foreach(const CertificateInfoOrdered &info, tls->issuerList())
 	*/
 	void setCompressionEnabled(bool b);
 
+	/**
+	   Returns the host name specified or an empty string if no host
+	   name is specified.
+	*/
+	QString hostName() const;
+
 	/**
 	   Start the TLS/SSL connection as a client
 
@@ -635,10 +641,24 @@ foreach(const CertificateInfoOrdered &info, tls->issuerList())
 
 Q_SIGNALS:
 	/**
-	   Emitted when the server has completed the first part
+	   Emitted if a host name is set by the client.  At
-	   of the TLS negotiation.  At this time, the client can
+	   this time, the server can inspect the hostName().
+
+	   You must call continueAfterStep() in order for TLS
+	   processing to resume after this signal is emitted.
+
+	   This signal is only emitted in server mode.
+
+	   \sa continueAfterStep
+	*/
+	void hostNameReceived();
+
+	/**
+	   Emitted when the first part of the TLS negotiation
+	   has completed.  At this time, the client can
 	   inspect the version(), peerCertificateChain()
-	   and issuerList().
+	   and issuerList(), and the server can inspect the
+	   version().
 
 	   You must call continueAfterStep() in order for TLS
 	   processing to resume after this signal is emitted.

include/QtCrypto/qcaprovider.h

@@ -478,10 +478,9 @@ public:
 
 	virtual void setConstraints(int minSSF, int maxSSF) = 0;
 	virtual void setConstraints(const QStringList &cipherSuiteList) = 0;
-	virtual void setup(const CertificateCollection &trusted,
+	virtual void setup(bool serverMode, const QString &hostName, bool compress) = 0;
-		bool serverMode,
+	virtual void setTrustedCertificates(const CertificateCollection &trusted) = 0;
-		const QList<CertificateInfoOrdered> &issuerList,
+	virtual void setIssuerList(const QList<CertificateInfoOrdered> &issuerList) = 0;
-		const QString &hostName, bool compress) = 0;
 	virtual void setCertificate(const CertificateChain &cert, const PrivateKey &key) = 0;
 
 	virtual void shutdown() = 0; // flag for shutdown, call update next
@@ -519,7 +518,9 @@ public:
 	virtual bool eof() const = 0;
 
 	// call after handshake continue, but before success
+	virtual bool clientHelloReceived() const = 0;
 	virtual bool serverHelloReceived() const = 0;
+	virtual QString hostName() const = 0;
 	virtual QList<CertificateInfoOrdered> issuerList() const = 0;
 
 	// call after successful handshake

plugins/qca-openssl/qca-openssl.cpp

@@ -4987,18 +4987,23 @@ public:
 		Q_UNUSED(cipherSuiteList);
 	}
 
-	virtual void setup(const CertificateCollection &_trusted,
+	virtual void setup(bool serverMode, const QString &hostName, bool compress)
-		bool serverMode,
-		const QList<CertificateInfoOrdered> &issuerList,
-		const QString &hostName, bool compress)
 	{
-		trusted = _trusted;
 		serv = serverMode;
                 if ( false == serverMode ) {
                     // client
                     targetHostName = hostName;
                 }
 		Q_UNUSED(compress); // TODO
+	}
+
+	virtual void setTrustedCertificates(const CertificateCollection &_trusted)
+	{
+		trusted = _trusted;
+	}
+
+	virtual void setIssuerList(const QList<CertificateInfoOrdered> &issuerList)
+	{
 		Q_UNUSED(issuerList); // TODO
 	}
 
@@ -5276,12 +5281,24 @@ public:
 		return v_eof;
 	}
 
+	virtual bool clientHelloReceived() const
+	{
+		// TODO
+		return false;
+	}
+
 	virtual bool serverHelloReceived() const
 	{
 		// TODO
 		return false;
 	}
 
+	virtual QString hostName() const
+	{
+		// TODO
+		return QString();
+	}
+
 	virtual QList<CertificateInfoOrdered> issuerList() const
 	{
 		// TODO

src/qca_securelayer.cpp

@@ -143,7 +143,9 @@ public:
 		else
 			c->setConstraints(con_cipherSuites);
 
-		c->setup(trusted, serverMode, QList<CertificateInfoOrdered>(), host, tryCompress);
+		c->setup(serverMode, host, tryCompress);
+		c->setTrustedCertificates(trusted);
+		//c->setIssuerList(QList<CertificateInfoOrdered>());
 		c->setCertificate(localCert, localKey);
 
 		bool ok;