net/handshake: Enable the SNI extension to work properly

Enable the upper layer protocol to specify the SNI peername. This avoids the need for tlshd to use a DNS lookup, which can return a hostname that doesn't match the incoming certificate's SubjectName. Fixes: 2fd5532044a8 ("net/handshake: Add a kernel API for requesting a TLSv1.3 handshake") Reviewed-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Chuck Lever <chuck.lever@oracle.com> 2023-05-11 18:49:50 +0300
committer: David S. Miller <davem@davemloft.net> 2023-05-12 11:24:08 +0300
commit: eefca7ec514262aef08d0ef261552f2f604bd851 (patch)
tree: 9f49873465fa9b923a180c4ac38d78a581b5ba05 /Documentation/netlink
parent: f921bd41001ccff2249f5f443f2917f7ef937daf (diff)
download: linux-eefca7ec514262aef08d0ef261552f2f604bd851.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/Documentation/netlink/specs/handshake.yaml b/Documentation/netlink/specs/handshake.yaml
index 614f1a585511..6d89e30f5fd5 100644
--- a/Documentation/netlink/specs/handshake.yaml
+++ b/Documentation/netlink/specs/handshake.yaml
@@ -68,6 +68,9 @@ attribute-sets:
         type: nest
         nested-attributes: x509
         multi-attr: true
+      -
+        name: peername
+        type: string
   -
     name: done
     attributes:
@@ -105,6 +108,7 @@ operations:
             - auth-mode
             - peer-identity
             - certificate
+            - peername
     -
       name: done
       doc: Handler reports handshake completion
author	Chuck Lever <chuck.lever@oracle.com>	2023-05-11 18:49:50 +0300
committer	David S. Miller <davem@davemloft.net>	2023-05-12 11:24:08 +0300
commit	eefca7ec514262aef08d0ef261552f2f604bd851 (patch)
tree	9f49873465fa9b923a180c4ac38d78a581b5ba05 /Documentation/netlink
parent	f921bd41001ccff2249f5f443f2917f7ef937daf (diff)
download	linux-eefca7ec514262aef08d0ef261552f2f604bd851.tar.xz