From 0f0c5d2617100ec18e4e8400b11c9255d82d455f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C5=99emysl=20Janouch?= <p.janouch@gmail.com>
Date: Fri, 3 Apr 2015 00:15:44 +0200
Subject: WebSockets: use Server Name Indication with TLS

---
 json-rpc-shell.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'json-rpc-shell.c')

diff --git a/json-rpc-shell.c b/json-rpc-shell.c
index 596db73..f0cd711 100644
--- a/json-rpc-shell.c
+++ b/json-rpc-shell.c
@@ -900,7 +900,8 @@ backend_ws_establish_connection (struct app_context *ctx,
 }
 
 static bool
-backend_ws_initialize_tls (struct app_context *ctx, struct error **e)
+backend_ws_initialize_tls (struct app_context *ctx,
+	const char *server_name, struct error **e)
 {
 	struct ws_context *self = &ctx->ws;
 	const char *error_info = NULL;
@@ -923,6 +924,12 @@ backend_ws_initialize_tls (struct app_context *ctx, struct error **e)
 	// Avoid SSL_write() returning SSL_ERROR_WANT_READ
 	SSL_set_mode (self->ssl, SSL_MODE_AUTO_RETRY);
 
+	// Literal IP addresses aren't allowed in the SNI
+	struct in6_addr dummy;
+	if (!inet_pton (AF_INET, server_name, &dummy)
+	 && !inet_pton (AF_INET6, server_name, &dummy))
+		SSL_set_tlsext_host_name (self->ssl, server_name);
+
 	switch (xssl_get_error (self->ssl, SSL_connect (self->ssl), &error_info))
 	{
 	case SSL_ERROR_NONE:
@@ -1157,7 +1164,7 @@ backend_ws_connect (struct app_context *ctx, struct error **e)
 	if (!backend_ws_establish_connection (ctx, url_host, url_port, e))
 		goto fail_1;
 
-	if (use_tls && !backend_ws_initialize_tls (ctx, e))
+	if (use_tls && !backend_ws_initialize_tls (ctx, url_host, e))
 		goto fail_2;
 
 	unsigned char key[16];
-- 
cgit v1.2.3