diff --git a/src/h2load.cc b/src/h2load.cc index 47b0d7e5..c5467c32 100644 --- a/src/h2load.cc +++ b/src/h2load.cc @@ -124,6 +124,13 @@ int Client::connect() { if(config.scheme == "https") { ssl = SSL_new(worker->ssl_ctx); + + auto config = worker->config; + + if(!util::numeric_host(config->host.c_str())) { + SSL_set_tlsext_host_name(ssl, config->host.c_str()); + } + bev = bufferevent_openssl_socket_new(worker->evbase, -1, ssl, BUFFEREVENT_SSL_CONNECTING, BEV_OPT_DEFER_CALLBACKS); diff --git a/src/nghttp.cc b/src/nghttp.cc index f8c1bd19..b860686e 100644 --- a/src/nghttp.cc +++ b/src/nghttp.cc @@ -444,10 +444,11 @@ struct HttpClient { } else { host_string = host.c_str(); } - if (!SSL_set_tlsext_host_name(ssl, host_string)) { - std::cerr << ERR_error_string(ERR_get_error(), nullptr) << std::endl; - return -1; + + if (!util::numeric_host(host_string)) { + SSL_set_tlsext_host_name(ssl, host_string); } + bev = bufferevent_openssl_socket_new(evbase, -1, ssl, BUFFEREVENT_SSL_CONNECTING, BEV_OPT_DEFER_CALLBACKS); diff --git a/src/shrpx_http2_session.cc b/src/shrpx_http2_session.cc index 37557b9e..0cfa116b 100644 --- a/src/shrpx_http2_session.cc +++ b/src/shrpx_http2_session.cc @@ -421,7 +421,7 @@ int Http2Session::initiate_connection() sni_name = get_config()->downstream_host; } - if(!ssl::numeric_host(sni_name)) { + if(!util::numeric_host(sni_name)) { // TLS extensions: SNI. There is no documentation about the return // code for this function (actually this is macro wrapping SSL_ctrl // at the time of this writing). diff --git a/src/shrpx_ssl.cc b/src/shrpx_ssl.cc index f8d64c2b..3e95ba2d 100644 --- a/src/shrpx_ssl.cc +++ b/src/shrpx_ssl.cc @@ -485,20 +485,6 @@ ClientHandler* accept_connection } } -bool numeric_host(const char *hostname) -{ - struct addrinfo hints; - struct addrinfo* res; - memset(&hints, 0, sizeof(hints)); - hints.ai_family = AF_UNSPEC; - hints.ai_flags = AI_NUMERICHOST; - if(getaddrinfo(hostname, nullptr, &hints, &res)) { - return false; - } - freeaddrinfo(res); - return true; -} - namespace { bool tls_hostname_match(const char *pattern, const char *hostname) { @@ -541,7 +527,7 @@ int verify_hostname(const char *hostname, const std::vector& ip_addrs, const std::string& common_name) { - if(numeric_host(hostname)) { + if(util::numeric_host(hostname)) { if(ip_addrs.empty()) { return util::strieq(common_name.c_str(), hostname) ? 0 : -1; } diff --git a/src/shrpx_ssl.h b/src/shrpx_ssl.h index 1bea4033..de476a05 100644 --- a/src/shrpx_ssl.h +++ b/src/shrpx_ssl.h @@ -52,8 +52,6 @@ ClientHandler* accept_connection evutil_socket_t fd, sockaddr *addr, int addrlen); -bool numeric_host(const char *hostname); - int check_cert(SSL *ssl); // Retrieves DNS and IP address in subjectAltNames and commonName from diff --git a/src/util.cc b/src/util.cc index 199103b7..56e1b7fb 100644 --- a/src/util.cc +++ b/src/util.cc @@ -25,6 +25,9 @@ #include "util.h" #include +#include +#include +#include #include #include @@ -529,6 +532,20 @@ size_t EvbufferBuffer::get_buflen() const return buflen_; } +bool numeric_host(const char *hostname) +{ + struct addrinfo hints; + struct addrinfo* res; + memset(&hints, 0, sizeof(hints)); + hints.ai_family = AF_UNSPEC; + hints.ai_flags = AI_NUMERICHOST; + if(getaddrinfo(hostname, nullptr, &hints, &res)) { + return false; + } + freeaddrinfo(res); + return true; +} + } // namespace util } // namespace nghttp2 diff --git a/src/util.h b/src/util.h index 2473a76a..0b40d82f 100644 --- a/src/util.h +++ b/src/util.h @@ -449,6 +449,8 @@ private: size_t buflen_; }; +bool numeric_host(const char *hostname); + } // namespace util } // namespace nghttp2