SSL_SESSION_get0_hostname: stub that returns null

ctz · ctz · commit fcb0c281a4b5 · 2025-02-28T18:19:59.000Z
Due to CVE-2025-23419 fedora's nginx now calls this to learn the session's original SNI value. For more faithful keeping with the OpenSSL API, we could also store this for TLS1.2 and return it here, but we don't do that currently so pretend there is no SNI for TLS1.2 sessions.
diff --git a/build.rs b/build.rs
@@ -178,6 +178,7 @@ const ENTRYPOINTS: &[&str] = &[
     "SSL_select_next_proto",
     "SSL_sendfile",
     "SSL_SESSION_free",
+    "SSL_SESSION_get0_hostname",
     "SSL_SESSION_get_id",
     "SSL_SESSION_get_time",
     "SSL_SESSION_get_timeout",
diff --git a/src/entry.rs b/src/entry.rs
@@ -1702,6 +1702,12 @@ entry! {
     }
 }
 
+entry! {
+    pub fn _SSL_SESSION_get0_hostname(_sess: *const SSL_SESSION) -> *const c_char {
+        ptr::null()
+    }
+}
+
 entry! {
     pub fn _d2i_SSL_SESSION(
         a: *mut *mut SSL_SESSION,

Original file line number	Diff line number	Diff line change
`@@ -1702,6 +1702,12 @@ entry! {`
`1702`	`1702`	`}`
`1703`	`1703`	`}`
`1704`	`1704`
	`1705`	`+entry! {`
	`1706`	`+ pub fn _SSL_SESSION_get0_hostname(_sess: const SSL_SESSION) -> const c_char {`
	`1707`	`+ ptr::null()`
	`1708`	`+ }`
	`1709`	`+}`
	`1710`	`+`
`1705`	`1711`	`entry! {`
`1706`	`1712`	`pub fn _d2i_SSL_SESSION(`
`1707`	`1713`	`a: mut mut SSL_SESSION,`