Skip to content

Commit

Permalink
SNI by benwaffle - to release/0.6 (#401)
Browse files Browse the repository at this point in the history
* SNI

* check error

* remove unecessary include

* fix

---------

Co-authored-by: Ben Iofel <[email protected]>
  • Loading branch information
beef9999 and benwaffle authored Mar 13, 2024
1 parent e9b62d0 commit a82fa35
Show file tree
Hide file tree
Showing 4 changed files with 31 additions and 0 deletions.
1 change: 1 addition & 0 deletions net/http/client.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@ ISocketStream* PooledDialer::dial(std::string_view host, uint16_t port, bool sec
if (secure) {
tlssock->timeout(timeout);
sock = tlssock->connect(ep);
tls_stream_set_hostname(sock, strhost.c_str());
} else {
tcpsock->timeout(timeout);
sock = tcpsock->connect(ep);
Expand Down
15 changes: 15 additions & 0 deletions net/http/test/client_tls_test.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,21 @@ TEST(client_tls, basic) {
EXPECT_EQ(true, "test" == op->resp.headers["Test_Handle"]);
}

// Server Name Indication (SNI) for SSL
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
TEST(http_client, SNI) {
auto tls = photon::net::new_tls_context();
DEFER(delete tls);
auto client = photon::net::http::new_http_client(nullptr, tls);
DEFER(delete client);
auto op = client->new_operation(photon::net::http::Verb::GET, "https://debug.fly.dev");
DEFER(delete op);
op->retry = 0;
int res = op->call();
ASSERT_EQ(0, res);
}
#endif

int main(int argc, char** arg) {
if (photon::init(photon::INIT_EVENT_DEFAULT, photon::INIT_IO_NONE))
return -1;
Expand Down
13 changes: 13 additions & 0 deletions net/security-context/tls-stream.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ limitations under the License.
#include <openssl/ssl.h>
#include <photon/common/alog-stdstring.h>
#include <photon/common/iovector.h>
#include <photon/common/alog.h>
#include <photon/net/basic_socket.h>
#include <photon/net/socket.h>
#include <photon/thread/thread.h>
Expand Down Expand Up @@ -403,6 +404,18 @@ ISocketStream* new_tls_stream(TLSContext* ctx, ISocketStream* base,
return new TLSSocketStream(ctx, base, role, ownership);
};

void tls_stream_set_hostname(ISocketStream* stream, const char* hostname) {
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
if (auto s1 = dynamic_cast<TLSSocketStream*>(stream)) {
if (SSL_set_tlsext_host_name(s1->ssl, hostname) != 1)
LOG_ERROR("Failed to set hostname on tls stream: `", VALUE(hostname));
} else if (auto s2 = dynamic_cast<ForwardSocketStream*>(stream)) {
auto underlay = static_cast<ISocketStream*>(s2->get_underlay_object(0));
tls_stream_set_hostname(underlay, hostname);
}
#endif
}

class TLSSocketClient : public ForwardSocketClient {
public:
TLSContext* ctx;
Expand Down
2 changes: 2 additions & 0 deletions net/security-context/tls-stream.h
Original file line number Diff line number Diff line change
Expand Up @@ -97,5 +97,7 @@ ISocketServer* new_tls_server(TLSContext* ctx, ISocketServer* base,
ISocketClient* new_tls_client(TLSContext* ctx, ISocketClient* base,
bool ownership = false);

void tls_stream_set_hostname(ISocketStream* stream, const char* hostname);

} // namespace net
} // namespace photon

0 comments on commit a82fa35

Please sign in to comment.