nghttpx: Use --backend-tls-sni-field to verify certificate hostname

2015-11-08 00:19:56 +09:00 · 2015-11-08 00:19:56 +09:00 · 9b18e47671
parent aecddc2cda
commit 9b18e47671
1 changed files with 4 additions and 1 deletions
--- a/src/shrpx_ssl.cc
+++ b/src/shrpx_ssl.cc
@ -930,7 +930,10 @@ int check_cert(SSL *ssl, const DownstreamAddr *addr) {
  std::vector<std::string> dns_names;
  std::vector<std::string> ip_addrs;
  get_altnames(cert, dns_names, ip_addrs, common_name);
-  if (verify_hostname(addr->host.get(), &addr->addr, dns_names, ip_addrs,
+  auto hostname = get_config()->backend_tls_sni_name
+                      ? get_config()->backend_tls_sni_name.get()
+                      : addr->host.get();
+  if (verify_hostname(hostname, &addr->addr, dns_names, ip_addrs,
                      common_name) != 0) {
    LOG(ERROR) << "Certificate verification failed: hostname does not match";
    return -1;