WebSockets: use Server Name Indication with TLS

This commit is contained in:
Přemysl Eric Janouch 2015-04-03 00:15:44 +02:00
parent bdbfb915d2
commit 0f0c5d2617
1 changed files with 9 additions and 2 deletions

View File

@ -900,7 +900,8 @@ backend_ws_establish_connection (struct app_context *ctx,
} }
static bool static bool
backend_ws_initialize_tls (struct app_context *ctx, struct error **e) backend_ws_initialize_tls (struct app_context *ctx,
const char *server_name, struct error **e)
{ {
struct ws_context *self = &ctx->ws; struct ws_context *self = &ctx->ws;
const char *error_info = NULL; const char *error_info = NULL;
@ -923,6 +924,12 @@ backend_ws_initialize_tls (struct app_context *ctx, struct error **e)
// Avoid SSL_write() returning SSL_ERROR_WANT_READ // Avoid SSL_write() returning SSL_ERROR_WANT_READ
SSL_set_mode (self->ssl, SSL_MODE_AUTO_RETRY); SSL_set_mode (self->ssl, SSL_MODE_AUTO_RETRY);
// Literal IP addresses aren't allowed in the SNI
struct in6_addr dummy;
if (!inet_pton (AF_INET, server_name, &dummy)
&& !inet_pton (AF_INET6, server_name, &dummy))
SSL_set_tlsext_host_name (self->ssl, server_name);
switch (xssl_get_error (self->ssl, SSL_connect (self->ssl), &error_info)) switch (xssl_get_error (self->ssl, SSL_connect (self->ssl), &error_info))
{ {
case SSL_ERROR_NONE: case SSL_ERROR_NONE:
@ -1157,7 +1164,7 @@ backend_ws_connect (struct app_context *ctx, struct error **e)
if (!backend_ws_establish_connection (ctx, url_host, url_port, e)) if (!backend_ws_establish_connection (ctx, url_host, url_port, e))
goto fail_1; goto fail_1;
if (use_tls && !backend_ws_initialize_tls (ctx, e)) if (use_tls && !backend_ws_initialize_tls (ctx, url_host, e))
goto fail_2; goto fail_2;
unsigned char key[16]; unsigned char key[16];