WebSockets: use Server Name Indication with TLS
This commit is contained in:
parent
bdbfb915d2
commit
0f0c5d2617
|
|
@ -900,7 +900,8 @@ backend_ws_establish_connection (struct app_context *ctx,
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool
|
static bool
|
||||||
backend_ws_initialize_tls (struct app_context *ctx, struct error **e)
|
backend_ws_initialize_tls (struct app_context *ctx,
|
||||||
|
const char *server_name, struct error **e)
|
||||||
{
|
{
|
||||||
struct ws_context *self = &ctx->ws;
|
struct ws_context *self = &ctx->ws;
|
||||||
const char *error_info = NULL;
|
const char *error_info = NULL;
|
||||||
|
|
@ -923,6 +924,12 @@ backend_ws_initialize_tls (struct app_context *ctx, struct error **e)
|
||||||
// Avoid SSL_write() returning SSL_ERROR_WANT_READ
|
// Avoid SSL_write() returning SSL_ERROR_WANT_READ
|
||||||
SSL_set_mode (self->ssl, SSL_MODE_AUTO_RETRY);
|
SSL_set_mode (self->ssl, SSL_MODE_AUTO_RETRY);
|
||||||
|
|
||||||
|
// Literal IP addresses aren't allowed in the SNI
|
||||||
|
struct in6_addr dummy;
|
||||||
|
if (!inet_pton (AF_INET, server_name, &dummy)
|
||||||
|
&& !inet_pton (AF_INET6, server_name, &dummy))
|
||||||
|
SSL_set_tlsext_host_name (self->ssl, server_name);
|
||||||
|
|
||||||
switch (xssl_get_error (self->ssl, SSL_connect (self->ssl), &error_info))
|
switch (xssl_get_error (self->ssl, SSL_connect (self->ssl), &error_info))
|
||||||
{
|
{
|
||||||
case SSL_ERROR_NONE:
|
case SSL_ERROR_NONE:
|
||||||
|
|
@ -1157,7 +1164,7 @@ backend_ws_connect (struct app_context *ctx, struct error **e)
|
||||||
if (!backend_ws_establish_connection (ctx, url_host, url_port, e))
|
if (!backend_ws_establish_connection (ctx, url_host, url_port, e))
|
||||||
goto fail_1;
|
goto fail_1;
|
||||||
|
|
||||||
if (use_tls && !backend_ws_initialize_tls (ctx, e))
|
if (use_tls && !backend_ws_initialize_tls (ctx, url_host, e))
|
||||||
goto fail_2;
|
goto fail_2;
|
||||||
|
|
||||||
unsigned char key[16];
|
unsigned char key[16];
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue