net/handshake: Enable the SNI extension to work properly

Enable the upper layer protocol to specify the SNI peername. This avoids the need for tlshd to use a DNS lookup, which can return a hostname that doesn't match the incoming certificate's SubjectName. Fixes: 2fd5532044a8 ("net/handshake: Add a kernel API for requesting a TLSv1.3 handshake") Reviewed-by: Simon Horman <[email protected]> Signed-off-by: Chuck Lever <[email protected]> Signed-off-by: David S. Miller <[email protected]>
author: Chuck Lever <[email protected]> 2023-05-11 11:49:50 -0400
committer: David S. Miller <[email protected]> 2023-05-12 09:24:08 +0100
commit: eefca7ec514262aef08d0ef261552f2f604bd851 (patch)
tree: 9f49873465fa9b923a180c4ac38d78a581b5ba05 /include/uapi/linux
parent: f921bd41001ccff2249f5f443f2917f7ef937daf (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/include/uapi/linux/handshake.h b/include/uapi/linux/handshake.h
index 1de4d0b95325..3d7ea58778c9 100644
--- a/include/uapi/linux/handshake.h
+++ b/include/uapi/linux/handshake.h
@@ -44,6 +44,7 @@ enum {
 	HANDSHAKE_A_ACCEPT_AUTH_MODE,
 	HANDSHAKE_A_ACCEPT_PEER_IDENTITY,
 	HANDSHAKE_A_ACCEPT_CERTIFICATE,
+	HANDSHAKE_A_ACCEPT_PEERNAME,
 
 	__HANDSHAKE_A_ACCEPT_MAX,
 	HANDSHAKE_A_ACCEPT_MAX = (__HANDSHAKE_A_ACCEPT_MAX - 1)
author	Chuck Lever <[email protected]>	2023-05-11 11:49:50 -0400
committer	David S. Miller <[email protected]>	2023-05-12 09:24:08 +0100
commit	eefca7ec514262aef08d0ef261552f2f604bd851 (patch)
tree	9f49873465fa9b923a180c4ac38d78a581b5ba05 /include/uapi/linux
parent	f921bd41001ccff2249f5f443f2917f7ef937daf (diff)