Bump liberty, enable TLS SNI

Involves some rewrites to fit the new APIs.

SNI has been implemented Mostly just because we can, I don't think it's
widely in use and kike doesn't support this feature of the protocol either.

1 files changed, 18 insertions, 30 deletions

diff --git a/degesch.c b/degesch.c
index 59a60a0..7163098 100644
--- a/degesch.c
+++ b/degesch.c
@@ -1150,7 +1150,7 @@ enum transport_io_result
 struct transport
 {
 	/// Initialize the transport
-	bool (*init) (struct server *s, struct error **e);
+	bool (*init) (struct server *s, const char *hostname, struct error **e);
 	/// Destroy the user data pointer
 	void (*cleanup) (struct server *s);
 
@@ -4492,7 +4492,7 @@ transport_tls_init_cert (struct server *s, SSL *ssl, struct error **e)
 }
 
 static bool
-transport_tls_init (struct server *s, struct error **e)
+transport_tls_init (struct server *s, const char *hostname, struct error **e)
 {
 	ERR_clear_error ();
 
@@ -4519,6 +4519,12 @@ transport_tls_init (struct server *s, struct error **e)
 	if (!SSL_set_fd (ssl, s->socket))
 		goto error_ssl_3;
 
+	// Enable SNI, FWIW; literal IP addresses aren't allowed
+	struct in6_addr dummy;
+	if (!inet_pton (AF_INET, hostname, &dummy)
+	 && !inet_pton (AF_INET6, hostname, &dummy))
+		SSL_set_tlsext_host_name (ssl, hostname);
+
 	struct transport_tls_data *data = xcalloc (1, sizeof *data);
 	data->ssl_ctx = ssl_ctx;
 	data->ssl = ssl;
@@ -4749,7 +4755,7 @@ irc_register (struct server *s)
 }
 
 static void
-irc_finish_connection (struct server *s, int socket)
+irc_finish_connection (struct server *s, int socket, const char *hostname)
 {
 	struct app_context *ctx = s->ctx;
 
@@ -4766,7 +4772,7 @@ irc_finish_connection (struct server *s, int socket)
 		: &g_transport_plain;
 
 	struct error *e = NULL;
-	if (s->transport->init && !s->transport->init (s, &e))
+	if (s->transport->init && !s->transport->init (s, hostname, &e))
 	{
 		log_server_error (s, s->buffer, "Connection failed: #s", e->message);
 		error_free (e);
@@ -4837,16 +4843,17 @@ irc_on_connector_failure (void *user_data)
 }
 
 static void
-irc_on_connector_connected (void *user_data, int socket)
+irc_on_connector_connected (void *user_data, int socket, const char *hostname)
 {
 	struct server *s = user_data;
+	char *hostname_copy = xstrdup (hostname);
 	irc_destroy_connector (s);
-	irc_finish_connection (s, socket);
+	irc_finish_connection (s, socket, hostname_copy);
+	free (hostname_copy);
 }
 
-static bool
-irc_setup_connector (struct server *s,
-	const struct str_vector *addresses, struct error **e)
+static void
+irc_setup_connector (struct server *s, const struct str_vector *addresses)
 {
 	struct connector *connector = xmalloc (sizeof *connector);
 	connector_init (connector, &s->ctx->poller);
@@ -4858,31 +4865,12 @@ irc_setup_connector (struct server *s,
 	connector->on_connected  = irc_on_connector_connected;
 	connector->on_failure    = irc_on_connector_failure;
 
-	bool at_least_one_address_succeeded = false;
 	for (size_t i = 0; i < addresses->len; i++)
 	{
 		char *host, *port;
 		irc_split_host_port (addresses->vector[i], &host, &port);
-
-		struct error *error = NULL;
-		if (connector_add_target (connector, host, port, &error))
-			at_least_one_address_succeeded = true;
-		else
-		{
-			log_server_error (s, s->buffer,
-				"Address resolution failed for #&s: #s",
-				format_host_port_pair (host, port), error->message);
-			error_free (error);
-		}
-	}
-	if (!at_least_one_address_succeeded)
-	{
-		error_set (e, "No address to connect to");
-		return false;
+		connector_add_target (connector, host, port);
 	}
-
-	connector_step (connector);
-	return true;
 }
 
 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
@@ -4963,7 +4951,7 @@ irc_initiate_connect (struct server *s)
 
 	struct error *e = NULL;
 	if (!irc_setup_connector_socks (s, &servers, &e) && !e)
-		irc_setup_connector (s, &servers, &e);
+		irc_setup_connector (s, &servers);
 
 	str_vector_free (&servers);