aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPřemysl Janouch <p.janouch@gmail.com>2015-04-03 00:15:44 +0200
committerPřemysl Janouch <p.janouch@gmail.com>2015-04-03 00:15:44 +0200
commit0f0c5d2617100ec18e4e8400b11c9255d82d455f (patch)
treec7674f1fe94efe17d19ee71c47706edeebaf9430
parentbdbfb915d21ca49259b76a515b4ea12fe8bbe9e4 (diff)
downloadjson-rpc-shell-0f0c5d2617100ec18e4e8400b11c9255d82d455f.tar.gz
json-rpc-shell-0f0c5d2617100ec18e4e8400b11c9255d82d455f.tar.xz
json-rpc-shell-0f0c5d2617100ec18e4e8400b11c9255d82d455f.zip
WebSockets: use Server Name Indication with TLS
-rw-r--r--json-rpc-shell.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/json-rpc-shell.c b/json-rpc-shell.c
index 596db73..f0cd711 100644
--- a/json-rpc-shell.c
+++ b/json-rpc-shell.c
@@ -900,7 +900,8 @@ backend_ws_establish_connection (struct app_context *ctx,
}
static bool
-backend_ws_initialize_tls (struct app_context *ctx, struct error **e)
+backend_ws_initialize_tls (struct app_context *ctx,
+ const char *server_name, struct error **e)
{
struct ws_context *self = &ctx->ws;
const char *error_info = NULL;
@@ -923,6 +924,12 @@ backend_ws_initialize_tls (struct app_context *ctx, struct error **e)
// Avoid SSL_write() returning SSL_ERROR_WANT_READ
SSL_set_mode (self->ssl, SSL_MODE_AUTO_RETRY);
+ // Literal IP addresses aren't allowed in the SNI
+ struct in6_addr dummy;
+ if (!inet_pton (AF_INET, server_name, &dummy)
+ && !inet_pton (AF_INET6, server_name, &dummy))
+ SSL_set_tlsext_host_name (self->ssl, server_name);
+
switch (xssl_get_error (self->ssl, SSL_connect (self->ssl), &error_info))
{
case SSL_ERROR_NONE:
@@ -1157,7 +1164,7 @@ backend_ws_connect (struct app_context *ctx, struct error **e)
if (!backend_ws_establish_connection (ctx, url_host, url_port, e))
goto fail_1;
- if (use_tls && !backend_ws_initialize_tls (ctx, e))
+ if (use_tls && !backend_ws_initialize_tls (ctx, url_host, e))
goto fail_2;
unsigned char key[16];