shrpx: Use SNI TLS extension in client mode

This commit is contained in:
Tatsuhiro Tsujikawa 2012-11-22 21:51:11 +09:00
parent d589f4c74c
commit 9aa7af2c7f
3 changed files with 10 additions and 2 deletions

View File

@ -254,6 +254,14 @@ int SpdySession::initiate_connection()
<< ERR_error_string(ERR_get_error(), NULL); << ERR_error_string(ERR_get_error(), NULL);
return -1; return -1;
} }
if(!ssl::numeric_host(get_config()->downstream_host)) {
// TLS extensions: SNI. There is no documentation about the return
// code for this function (actually this is macro wrapping SSL_ctrl
// at the time of this writing).
SSL_set_tlsext_host_name(ssl_, get_config()->downstream_host);
}
bev_ = bufferevent_openssl_socket_new(evbase_, -1, ssl_, bev_ = bufferevent_openssl_socket_new(evbase_, -1, ssl_,
BUFFEREVENT_SSL_CONNECTING, BUFFEREVENT_SSL_CONNECTING,
BEV_OPT_DEFER_CALLBACKS); BEV_OPT_DEFER_CALLBACKS);

View File

@ -250,7 +250,6 @@ ClientHandler* accept_ssl_connection(event_base *evbase, SSL_CTX *ssl_ctx,
} }
} }
namespace {
bool numeric_host(const char *hostname) bool numeric_host(const char *hostname)
{ {
struct addrinfo hints; struct addrinfo hints;
@ -264,7 +263,6 @@ bool numeric_host(const char *hostname)
freeaddrinfo(res); freeaddrinfo(res);
return true; return true;
} }
} // namespace
namespace { namespace {
bool tls_hostname_match(const char *pattern, const char *hostname) bool tls_hostname_match(const char *pattern, const char *hostname)

View File

@ -46,6 +46,8 @@ ClientHandler* accept_ssl_connection(event_base *evbase, SSL_CTX *ssl_ctx,
evutil_socket_t fd, evutil_socket_t fd,
sockaddr *addr, int addrlen); sockaddr *addr, int addrlen);
bool numeric_host(const char *hostname);
int check_cert(SSL *ssl); int check_cert(SSL *ssl);
void setup_ssl_lock(); void setup_ssl_lock();