/** @file\r
SSL/TLS Configuration Library Wrapper Implementation over OpenSSL.\r
\r
-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>\r
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>\r
-This program and the accompanying materials\r
-are licensed and made available under the terms and conditions of the BSD License\r
-which accompanies this distribution. The full text of the license may be found at\r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
SSL_set_verify (TlsConn->Ssl, VerifyMode, NULL);\r
}\r
\r
+/**\r
+ Set the specified host name to be verified.\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+ @param[in] Flags The setting flags during the validation.\r
+ @param[in] HostName The specified host name to be verified.\r
+\r
+ @retval EFI_SUCCESS The HostName setting was set successfully.\r
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
+ @retval EFI_ABORTED Invalid HostName setting.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsSetVerifyHost (\r
+ IN VOID *Tls,\r
+ IN UINT32 Flags,\r
+ IN CHAR8 *HostName\r
+ )\r
+{\r
+ TLS_CONNECTION *TlsConn;\r
+ X509_VERIFY_PARAM *VerifyParam;\r
+ UINTN BinaryAddressSize;\r
+ UINT8 BinaryAddress[MAX (NS_INADDRSZ, NS_IN6ADDRSZ)];\r
+ INTN ParamStatus;\r
+\r
+ TlsConn = (TLS_CONNECTION *) Tls;\r
+ if (TlsConn == NULL || TlsConn->Ssl == NULL || HostName == NULL) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ SSL_set_hostflags(TlsConn->Ssl, Flags);\r
+\r
+ VerifyParam = SSL_get0_param (TlsConn->Ssl);\r
+ ASSERT (VerifyParam != NULL);\r
+\r
+ BinaryAddressSize = 0;\r
+ if (inet_pton (AF_INET6, HostName, BinaryAddress) == 1) {\r
+ BinaryAddressSize = NS_IN6ADDRSZ;\r
+ } else if (inet_pton (AF_INET, HostName, BinaryAddress) == 1) {\r
+ BinaryAddressSize = NS_INADDRSZ;\r
+ }\r
+\r
+ if (BinaryAddressSize > 0) {\r
+ DEBUG ((DEBUG_VERBOSE, "%a:%a: parsed \"%a\" as an IPv%c address "\r
+ "literal\n", gEfiCallerBaseName, __FUNCTION__, HostName,\r
+ (UINTN)((BinaryAddressSize == NS_IN6ADDRSZ) ? '6' : '4')));\r
+ ParamStatus = X509_VERIFY_PARAM_set1_ip (VerifyParam, BinaryAddress,\r
+ BinaryAddressSize);\r
+ } else {\r
+ ParamStatus = X509_VERIFY_PARAM_set1_host (VerifyParam, HostName, 0);\r
+ }\r
+\r
+ return (ParamStatus == 1) ? EFI_SUCCESS : EFI_ABORTED;\r
+}\r
+\r
/**\r
Sets a TLS/SSL session ID to be used during TLS/SSL connect.\r
\r