diff options
author | Přemysl Janouch <p.janouch@gmail.com> | 2015-04-03 00:15:44 +0200 |
---|---|---|
committer | Přemysl Janouch <p.janouch@gmail.com> | 2015-04-03 00:15:44 +0200 |
commit | 0f0c5d2617100ec18e4e8400b11c9255d82d455f (patch) | |
tree | c7674f1fe94efe17d19ee71c47706edeebaf9430 | |
parent | bdbfb915d21ca49259b76a515b4ea12fe8bbe9e4 (diff) | |
download | json-rpc-shell-0f0c5d2617100ec18e4e8400b11c9255d82d455f.tar.gz json-rpc-shell-0f0c5d2617100ec18e4e8400b11c9255d82d455f.tar.xz json-rpc-shell-0f0c5d2617100ec18e4e8400b11c9255d82d455f.zip |
WebSockets: use Server Name Indication with TLS
-rw-r--r-- | json-rpc-shell.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/json-rpc-shell.c b/json-rpc-shell.c index 596db73..f0cd711 100644 --- a/json-rpc-shell.c +++ b/json-rpc-shell.c @@ -900,7 +900,8 @@ backend_ws_establish_connection (struct app_context *ctx, } static bool -backend_ws_initialize_tls (struct app_context *ctx, struct error **e) +backend_ws_initialize_tls (struct app_context *ctx, + const char *server_name, struct error **e) { struct ws_context *self = &ctx->ws; const char *error_info = NULL; @@ -923,6 +924,12 @@ backend_ws_initialize_tls (struct app_context *ctx, struct error **e) // Avoid SSL_write() returning SSL_ERROR_WANT_READ SSL_set_mode (self->ssl, SSL_MODE_AUTO_RETRY); + // Literal IP addresses aren't allowed in the SNI + struct in6_addr dummy; + if (!inet_pton (AF_INET, server_name, &dummy) + && !inet_pton (AF_INET6, server_name, &dummy)) + SSL_set_tlsext_host_name (self->ssl, server_name); + switch (xssl_get_error (self->ssl, SSL_connect (self->ssl), &error_info)) { case SSL_ERROR_NONE: @@ -1157,7 +1164,7 @@ backend_ws_connect (struct app_context *ctx, struct error **e) if (!backend_ws_establish_connection (ctx, url_host, url_port, e)) goto fail_1; - if (use_tls && !backend_ws_initialize_tls (ctx, e)) + if (use_tls && !backend_ws_initialize_tls (ctx, url_host, e)) goto fail_2; unsigned char key[16]; |