WebSockets: use Server Name Indication with TLS
This commit is contained in:
parent
bdbfb915d2
commit
0f0c5d2617
@ -900,7 +900,8 @@ backend_ws_establish_connection (struct app_context *ctx,
|
||||
}
|
||||
|
||||
static bool
|
||||
backend_ws_initialize_tls (struct app_context *ctx, struct error **e)
|
||||
backend_ws_initialize_tls (struct app_context *ctx,
|
||||
const char *server_name, struct error **e)
|
||||
{
|
||||
struct ws_context *self = &ctx->ws;
|
||||
const char *error_info = NULL;
|
||||
@ -923,6 +924,12 @@ backend_ws_initialize_tls (struct app_context *ctx, struct error **e)
|
||||
// Avoid SSL_write() returning SSL_ERROR_WANT_READ
|
||||
SSL_set_mode (self->ssl, SSL_MODE_AUTO_RETRY);
|
||||
|
||||
// Literal IP addresses aren't allowed in the SNI
|
||||
struct in6_addr dummy;
|
||||
if (!inet_pton (AF_INET, server_name, &dummy)
|
||||
&& !inet_pton (AF_INET6, server_name, &dummy))
|
||||
SSL_set_tlsext_host_name (self->ssl, server_name);
|
||||
|
||||
switch (xssl_get_error (self->ssl, SSL_connect (self->ssl), &error_info))
|
||||
{
|
||||
case SSL_ERROR_NONE:
|
||||
@ -1157,7 +1164,7 @@ backend_ws_connect (struct app_context *ctx, struct error **e)
|
||||
if (!backend_ws_establish_connection (ctx, url_host, url_port, e))
|
||||
goto fail_1;
|
||||
|
||||
if (use_tls && !backend_ws_initialize_tls (ctx, e))
|
||||
if (use_tls && !backend_ws_initialize_tls (ctx, url_host, e))
|
||||
goto fail_2;
|
||||
|
||||
unsigned char key[16];
|
||||
|
Loading…
Reference in New Issue
Block a user