mbedtls: Set hostname for TURN connections

vikramdattu · vikramdattu · commit 6b09ac043b87 · 2025-05-20T17:42:24.000+05:30
- New API tlsSessionStartWithHostname can receive optional hostname and set the same
 - It is recommened to set the hostname and is on by default for mbedtls v3.6.3 and above
 - Since we receive ICE server credentials via secure API and anyway are use DTLS as WebRTC standard,
 we could skip this, but let's follow the recommendation as precaution
diff --git a/src/source/Crypto/Dtls_mbedtls.c b/src/source/Crypto/Dtls_mbedtls.c
@@ -266,8 +266,8 @@ VOID dtlsSessionKeyDerivationCallback(PVOID customData, mbedtls_ssl_key_export_t
     PDtlsSession pDtlsSession = (PDtlsSession) customData;
     PTlsKeys pKeys = &pDtlsSession->tlsKeys;
 
-    if (pMasterSecretLen != sizeof(pKeys->masterSecret)) {
-        DLOGE("Length check failed, pMasterSecretLen = %d, sizeof(pKeys->masterSecret) = %d\n", pMasterSecretLen, sizeof(pKeys->masterSecret));
+    if (pMasterSecretLen != SIZEOF(pKeys->masterSecret)) {
+        DLOGE("Length check failed, pMasterSecretLen = %d, sizeof(pKeys->masterSecret) = %d", pMasterSecretLen, SIZEOF(pKeys->masterSecret));
     }
 
     MEMCPY(pKeys->masterSecret, pMasterSecret, pMasterSecretLen);
diff --git a/src/source/Crypto/Tls.h b/src/source/Crypto/Tls.h
@@ -119,6 +119,9 @@ INT32 tlsSessionCertificateVerifyCallback(INT32, X509_STORE_CTX*);
 //       a callback signature.
 INT32 tlsSessionSendCallback(PVOID, const unsigned char*, ULONG);
 INT32 tlsSessionReceiveCallback(PVOID, unsigned char*, ULONG);
+
+// Add hostname parameter for mbedTLS 3.x compatibility
+STATUS tlsSessionStartWithHostname(PTlsSession, BOOL, PCHAR);
 #else
 #error "A Crypto implementation is required."
 #endif
diff --git a/src/source/Crypto/Tls_mbedtls.c b/src/source/Crypto/Tls_mbedtls.c
@@ -100,7 +100,7 @@ INT32 tlsSessionReceiveCallback(PVOID customData, unsigned char* buf, ULONG len)
     return STATUS_FAILED(retStatus) ? -retStatus : readBytes;
 }
 
-STATUS tlsSessionStart(PTlsSession pTlsSession, BOOL isServer)
+STATUS tlsSessionStartWithHostname(PTlsSession pTlsSession, BOOL isServer, PCHAR hostname)
 {
     ENTERS();
     STATUS retStatus = STATUS_SUCCESS;
@@ -114,9 +114,25 @@ STATUS tlsSessionStart(PTlsSession pTlsSession, BOOL isServer)
         STATUS_CREATE_SSL_FAILED);
 
     mbedtls_ssl_conf_ca_chain(&pTlsSession->sslCtxConfig, &pTlsSession->cacert, NULL);
-    mbedtls_ssl_conf_authmode(&pTlsSession->sslCtxConfig, MBEDTLS_SSL_VERIFY_REQUIRED);
+
+    // For mbedTLS 3.x, use appropriate verification mode
+    if (hostname != NULL) {
+        // If a hostname is provided, use strict verification
+        mbedtls_ssl_conf_authmode(&pTlsSession->sslCtxConfig, MBEDTLS_SSL_VERIFY_REQUIRED);
+    } else {
+        // Otherwise, use optional verification for IP-based connections
+        mbedtls_ssl_conf_authmode(&pTlsSession->sslCtxConfig, MBEDTLS_SSL_VERIFY_OPTIONAL);
+    }
+
     mbedtls_ssl_conf_rng(&pTlsSession->sslCtxConfig, mbedtls_ctr_drbg_random, &pTlsSession->ctrDrbg);
     CHK(mbedtls_ssl_setup(&pTlsSession->sslCtx, &pTlsSession->sslCtxConfig) == 0, STATUS_SSL_CTX_CREATION_FAILED);
+
+    // Set the hostname for certificate verification (for mbedTLS 3.x compatibility)
+    if (!isServer && hostname != NULL) {
+        // Use the provided hostname for certificate verification
+        CHK(mbedtls_ssl_set_hostname(&pTlsSession->sslCtx, hostname) == 0, STATUS_SSL_CTX_CREATION_FAILED);
+    }
+
     mbedtls_ssl_set_mtu(&pTlsSession->sslCtx, DEFAULT_MTU_SIZE_BYTES);
     mbedtls_ssl_set_bio(&pTlsSession->sslCtx, pTlsSession, tlsSessionSendCallback, tlsSessionReceiveCallback, NULL);
 
@@ -134,6 +150,11 @@ STATUS tlsSessionStart(PTlsSession pTlsSession, BOOL isServer)
     return retStatus;
 }
 
+STATUS tlsSessionStart(PTlsSession pTlsSession, BOOL isServer)
+{
+    return tlsSessionStartWithHostname(pTlsSession, isServer, NULL);
+}
+
 STATUS tlsSessionProcessPacket(PTlsSession pTlsSession, PBYTE pData, UINT32 bufferLen, PUINT32 pDataLen)
 {
     ENTERS();
diff --git a/src/source/Ice/SocketConnection.c b/src/source/Ice/SocketConnection.c
@@ -30,6 +30,7 @@ STATUS createSocketConnection(KVS_IP_FAMILY_TYPE familyType, KVS_SOCKET_PROTOCOL
 
     pSocketConnection->secureConnection = FALSE;
     pSocketConnection->protocol = protocol;
+    pSocketConnection->hostname = NULL;
     if (protocol == KVS_SOCKET_PROTOCOL_TCP) {
         pSocketConnection->peerIpAddr = *pPeerIpAddr;
         CHK_STATUS(socketConnect(pPeerIpAddr, pSocketConnection->localSocket));
@@ -105,6 +106,8 @@ STATUS freeSocketConnection(PSocketConnection* ppSocketConnection)
         freeTlsSession(&pSocketConnection->pTlsSession);
     }
 
+    SAFE_MEMFREE(pSocketConnection->hostname);
+
     getIpAddrStr(&pSocketConnection->hostIpAddr, ipAddr, ARRAY_SIZE(ipAddr));
     DLOGD("close socket with ip: %s:%u. family:%d", ipAddr, (UINT16) getInt16(pSocketConnection->hostIpAddr.port),
           pSocketConnection->hostIpAddr.family);
@@ -186,7 +189,14 @@ STATUS socketConnectionInitSecureConnection(PSocketConnection pSocketConnection,
     callbacks.stateChangeFn = socketConnectionTlsSessionOnStateChange;
 
     CHK_STATUS(createTlsSession(&callbacks, &pSocketConnection->pTlsSession));
+
+#if KVS_USE_MBEDTLS
+    // Setting the hostname is recommended by mbedTLS and is default in mbedTLS 3.0 and above
+    // https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-1/
+    CHK_STATUS(tlsSessionStartWithHostname(pSocketConnection->pTlsSession, isServer, pSocketConnection->hostname));
+#else
     CHK_STATUS(tlsSessionStart(pSocketConnection->pTlsSession, isServer));
+#endif
     pSocketConnection->secureConnection = TRUE;
 
 CleanUp:
diff --git a/src/source/Ice/SocketConnection.h b/src/source/Ice/SocketConnection.h
@@ -44,6 +44,9 @@ struct __SocketConnection {
     ConnectionDataAvailableFunc dataAvailableCallbackFn;
     UINT64 dataAvailableCallbackCustomData;
     UINT64 tlsHandshakeStartTime;
+
+    /* Hostname for TLS verification */
+    PCHAR hostname;
 };
 typedef struct __SocketConnection* PSocketConnection;
 
diff --git a/src/source/Ice/TurnConnection.c b/src/source/Ice/TurnConnection.c
@@ -7,6 +7,48 @@
 extern StateMachineState TURN_CONNECTION_STATE_MACHINE_STATES[];
 extern UINT32 TURN_CONNECTION_STATE_MACHINE_STATE_COUNT;
 
+// On success, ppHostname is allocated and must be freed by the caller
+STATUS getHostnameFromUrl(PCHAR url, PCHAR* ppHostname)
+{
+    ENTERS();
+    STATUS retStatus = STATUS_SUCCESS;
+    PCHAR urlStart = NULL;
+    PCHAR urlEnd = NULL;
+    UINT32 hostnameLen = 0;
+
+    CHK(url != NULL && ppHostname != NULL, STATUS_NULL_ARG);
+
+    // Skip protocol prefix (turn: or turns:) if present
+    urlStart = STRSTR(url, "://");
+    if (urlStart != NULL) {
+        urlStart += 3; // Skip "://"
+    } else {
+        // If no protocol prefix, use the entire URL
+        urlStart = url;
+    }
+
+    // Find port separator if it exists
+    urlEnd = STRCHR(urlStart, ':');
+    if (urlEnd != NULL) {
+        hostnameLen = urlEnd - urlStart;
+    } else {
+        // If no port is specified, use the entire remaining string
+        hostnameLen = STRLEN(urlStart);
+    }
+
+    CHK(hostnameLen > 0 && hostnameLen <= MAX_ICE_CONFIG_URI_LEN, STATUS_INVALID_ARG);
+    *ppHostname = MEMCALLOC(1, hostnameLen + 1);
+    CHK(*ppHostname != NULL, STATUS_NOT_ENOUGH_MEMORY);
+    STRNCPY(*ppHostname, urlStart, hostnameLen);
+
+CleanUp:
+
+    CHK_LOG_ERR(retStatus);
+    LEAVES();
+
+    return retStatus;
+}
+
 STATUS createTurnConnection(PIceServer pTurnServer, TIMER_QUEUE_HANDLE timerQueueHandle, TURN_CONNECTION_DATA_TRANSFER_MODE dataTransferMode,
                             KVS_SOCKET_PROTOCOL protocol, PTurnConnectionCallbacks pTurnConnectionCallbacks, PSocketConnection pTurnSocket,
                             PConnectionListener pConnectionListener, PTurnConnection* ppTurnConnection)
@@ -23,6 +65,11 @@ STATUS createTurnConnection(PIceServer pTurnServer, TIMER_QUEUE_HANDLE timerQueu
             !IS_EMPTY_STRING(pTurnServer->username),
         STATUS_INVALID_ARG);
 
+    // Set the TURN server hostname in the socket connection for TLS hostname verification
+    PCHAR hostname = NULL;
+    CHK_STATUS(getHostnameFromUrl(pTurnServer->url, &hostname));
+    pTurnSocket->hostname = hostname;
+
     pTurnConnection = (PTurnConnection) MEMCALLOC(
         1, SIZEOF(TurnConnection) + DEFAULT_TURN_MESSAGE_RECV_CHANNEL_DATA_BUFFER_LEN * 2 + DEFAULT_TURN_MESSAGE_SEND_CHANNEL_DATA_BUFFER_LEN);
     CHK(pTurnConnection != NULL, STATUS_NOT_ENOUGH_MEMORY);
@@ -70,8 +117,13 @@ STATUS createTurnConnection(PIceServer pTurnServer, TIMER_QUEUE_HANDLE timerQueu
 
     CHK_LOG_ERR(retStatus);
 
-    if (STATUS_FAILED(retStatus) && pTurnConnection != NULL) {
-        freeTurnConnection(&pTurnConnection);
+    if (STATUS_FAILED(retStatus)) {
+        if (pTurnConnection != NULL) {
+            freeTurnConnection(&pTurnConnection);
+        }
+        if (pTurnSocket != NULL) {
+            SAFE_MEMFREE(pTurnSocket->hostname);
+        }
     }
 
     if (ppTurnConnection != NULL) {

Original file line number	Diff line number	Diff line change
`@@ -266,8 +266,8 @@ VOID dtlsSessionKeyDerivationCallback(PVOID customData, mbedtls_ssl_key_export_t`
`266`	`266`	`PDtlsSession pDtlsSession = (PDtlsSession) customData;`
`267`	`267`	`PTlsKeys pKeys = &pDtlsSession->tlsKeys;`
`268`	`268`
`269`		`- if (pMasterSecretLen != sizeof(pKeys->masterSecret)) {`
`270`		`- DLOGE("Length check failed, pMasterSecretLen = %d, sizeof(pKeys->masterSecret) = %d\n", pMasterSecretLen, sizeof(pKeys->masterSecret));`
	`269`	`+ if (pMasterSecretLen != SIZEOF(pKeys->masterSecret)) {`
	`270`	`+ DLOGE("Length check failed, pMasterSecretLen = %d, sizeof(pKeys->masterSecret) = %d", pMasterSecretLen, SIZEOF(pKeys->masterSecret));`
`271`	`271`	`}`
`272`	`272`
`273`	`273`	`MEMCPY(pKeys->masterSecret, pMasterSecret, pMasterSecretLen);`