h2load, nghttp: Use SNI field for non-numeric host
This commit is contained in:
Tatsuhiro Tsujikawa
parent
843ecd8cc1
commit
a457d2a138
|
|
@ -124,6 +124,13 @@ int Client::connect()
|
|||
{
|
||||
if(config.scheme == "https") {
|
||||
ssl = SSL_new(worker->ssl_ctx);
|
||||
|
||||
auto config = worker->config;
|
||||
|
||||
if(!util::numeric_host(config->host.c_str())) {
|
||||
SSL_set_tlsext_host_name(ssl, config->host.c_str());
|
||||
}
|
||||
|
||||
bev = bufferevent_openssl_socket_new(worker->evbase, -1, ssl,
|
||||
BUFFEREVENT_SSL_CONNECTING,
|
||||
BEV_OPT_DEFER_CALLBACKS);
|
||||
|
|
|
|||
|
|
@ -444,10 +444,11 @@ struct HttpClient {
|
|||
} else {
|
||||
host_string = host.c_str();
|
||||
}
|
||||
if (!SSL_set_tlsext_host_name(ssl, host_string)) {
|
||||
std::cerr << ERR_error_string(ERR_get_error(), nullptr) << std::endl;
|
||||
return -1;
|
||||
|
||||
if (!util::numeric_host(host_string)) {
|
||||
SSL_set_tlsext_host_name(ssl, host_string);
|
||||
}
|
||||
|
||||
bev = bufferevent_openssl_socket_new(evbase, -1, ssl,
|
||||
BUFFEREVENT_SSL_CONNECTING,
|
||||
BEV_OPT_DEFER_CALLBACKS);
|
||||
|
|
|
|||
|
|
@ -421,7 +421,7 @@ int Http2Session::initiate_connection()
|
|||
sni_name = get_config()->downstream_host;
|
||||
}
|
||||
|
||||
if(!ssl::numeric_host(sni_name)) {
|
||||
if(!util::numeric_host(sni_name)) {
|
||||
// TLS extensions: SNI. There is no documentation about the return
|
||||
// code for this function (actually this is macro wrapping SSL_ctrl
|
||||
// at the time of this writing).
|
||||
|
|
|
|||
|
|
@ -485,20 +485,6 @@ ClientHandler* accept_connection
|
|||
}
|
||||
}
|
||||
|
||||
bool numeric_host(const char *hostname)
|
||||
{
|
||||
struct addrinfo hints;
|
||||
struct addrinfo* res;
|
||||
memset(&hints, 0, sizeof(hints));
|
||||
hints.ai_family = AF_UNSPEC;
|
||||
hints.ai_flags = AI_NUMERICHOST;
|
||||
if(getaddrinfo(hostname, nullptr, &hints, &res)) {
|
||||
return false;
|
||||
}
|
||||
freeaddrinfo(res);
|
||||
return true;
|
||||
}
|
||||
|
||||
namespace {
|
||||
bool tls_hostname_match(const char *pattern, const char *hostname)
|
||||
{
|
||||
|
|
@ -541,7 +527,7 @@ int verify_hostname(const char *hostname,
|
|||
const std::vector<std::string>& ip_addrs,
|
||||
const std::string& common_name)
|
||||
{
|
||||
if(numeric_host(hostname)) {
|
||||
if(util::numeric_host(hostname)) {
|
||||
if(ip_addrs.empty()) {
|
||||
return util::strieq(common_name.c_str(), hostname) ? 0 : -1;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -52,8 +52,6 @@ ClientHandler* accept_connection
|
|||
evutil_socket_t fd,
|
||||
sockaddr *addr, int addrlen);
|
||||
|
||||
bool numeric_host(const char *hostname);
|
||||
|
||||
int check_cert(SSL *ssl);
|
||||
|
||||
// Retrieves DNS and IP address in subjectAltNames and commonName from
|
||||
|
|
|
|||
17
src/util.cc
17
src/util.cc
|
|
@ -25,6 +25,9 @@
|
|||
#include "util.h"
|
||||
|
||||
#include <time.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#include <netdb.h>
|
||||
|
||||
#include <cassert>
|
||||
#include <cstdio>
|
||||
|
|
@ -529,6 +532,20 @@ size_t EvbufferBuffer::get_buflen() const
|
|||
return buflen_;
|
||||
}
|
||||
|
||||
bool numeric_host(const char *hostname)
|
||||
{
|
||||
struct addrinfo hints;
|
||||
struct addrinfo* res;
|
||||
memset(&hints, 0, sizeof(hints));
|
||||
hints.ai_family = AF_UNSPEC;
|
||||
hints.ai_flags = AI_NUMERICHOST;
|
||||
if(getaddrinfo(hostname, nullptr, &hints, &res)) {
|
||||
return false;
|
||||
}
|
||||
freeaddrinfo(res);
|
||||
return true;
|
||||
}
|
||||
|
||||
} // namespace util
|
||||
|
||||
} // namespace nghttp2
|
||||
|
|
|
|||
|
|
@ -449,6 +449,8 @@ private:
|
|||
size_t buflen_;
|
||||
};
|
||||
|
||||
bool numeric_host(const char *hostname);
|
||||
|
||||
} // namespace util
|
||||
|
||||
} // namespace nghttp2
|
||||
|
|
|
|||
Loading…
Reference in New Issue