SSL_SESSION_get0_hostname: stub that returns null

Due to CVE-2025-23419 fedora's nginx now calls this to
learn the session's original SNI value.  For more faithful
keeping with the OpenSSL API, we could also store this for TLS1.2
and return it here, but we don't do that currently so pretend there
is no SNI for TLS1.2 sessions.

Author: ctz

MATRIX.md

@@ -219,7 +219,7 @@
 | `SSL_SESSION_free`  | :white_check_mark: | :white_check_mark: | :white_check_mark: |
 | `SSL_SESSION_get0_alpn_selected`  |  |  |  |
 | `SSL_SESSION_get0_cipher`  |  |  |  |
-| `SSL_SESSION_get0_hostname`  |  |  |  |
+| `SSL_SESSION_get0_hostname`  |  |  | :white_check_mark: |
 | `SSL_SESSION_get0_id_context`  |  |  |  |
 | `SSL_SESSION_get0_peer`  |  |  |  |
 | `SSL_SESSION_get0_ticket`  |  |  |  |

build.rs

@@ -178,6 +178,7 @@ const ENTRYPOINTS: &[&str] = &[
     "SSL_select_next_proto",
     "SSL_sendfile",
     "SSL_SESSION_free",
+    "SSL_SESSION_get0_hostname",
     "SSL_SESSION_get_id",
     "SSL_SESSION_get_time",
     "SSL_SESSION_get_timeout",

src/entry.rs

@@ -1702,6 +1702,14 @@ entry! {
     }
 }
 
+entry! {
+    pub fn _SSL_SESSION_get0_hostname(_sess: *const SSL_SESSION) -> *const c_char {
+        // TODO: this could be implemented accurately by storing the SNI
+        // of the originating connection (but only for TLS1.2) in the `SslSession`
+        ptr::null()
+    }
+}
+
 entry! {
     pub fn _d2i_SSL_SESSION(
         a: *mut *mut SSL_SESSION,