From 753bcb48efeea86c92a8fc3e85587855b230bb35 Mon Sep 17 00:00:00 2001 From: zusicheng Date: Mon, 21 Oct 2019 17:00:31 +0800 Subject: [PATCH] ssl: Support TLS SNI extension --- src/ssl.c | 5 +++-- src/ssl.h | 2 +- src/uwsc.c | 3 +-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 66deab0..b414857 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -65,7 +65,7 @@ struct uwsc_ssl_ctx { #endif -int uwsc_ssl_init(struct uwsc_ssl_ctx **ctx, int sock) +int uwsc_ssl_init(struct uwsc_ssl_ctx **ctx, int sock, char *host) { struct uwsc_ssl_ctx *c = calloc(1, sizeof(struct uwsc_ssl_ctx)); @@ -93,6 +93,7 @@ int uwsc_ssl_init(struct uwsc_ssl_ctx **ctx, int sock) mbedtls_ssl_set_bio(&c->ssl, &c->net, mbedtls_net_send, mbedtls_net_recv, NULL); + mbedtls_ssl_set_hostname(&c->ssl, host); mbedtls_ssl_setup(&c->ssl, &c->cfg); @@ -111,8 +112,8 @@ int uwsc_ssl_init(struct uwsc_ssl_ctx **ctx, int sock) c->ctx = SSL_CTX_new(TLS_client_method()); #endif SSL_CTX_set_verify(c->ctx, SSL_VERIFY_NONE, NULL); - c->ssl = SSL_new(c->ctx); + SSL_set_tlsext_host_name(c->ssl, host); SSL_set_fd(c->ssl, sock); #endif diff --git a/src/ssl.h b/src/ssl.h index 8a8a533..a235815 100644 --- a/src/ssl.h +++ b/src/ssl.h @@ -34,7 +34,7 @@ struct uwsc_ssl_ctx; -int uwsc_ssl_init(struct uwsc_ssl_ctx **ctx, int sock); +int uwsc_ssl_init(struct uwsc_ssl_ctx **ctx, int sock, char *host); int uwsc_ssl_handshake(struct uwsc_ssl_ctx *ctx); void uwsc_ssl_free(struct uwsc_ssl_ctx *ctx); diff --git a/src/uwsc.c b/src/uwsc.c index 0b74e61..6f5875f 100644 --- a/src/uwsc.c +++ b/src/uwsc.c @@ -616,10 +616,9 @@ int uwsc_init(struct uwsc_client *cl, struct ev_loop *loop, const char *url, cl->free = uwsc_free; cl->start_time = ev_now(cl->loop); cl->ping_interval = ping_interval; - if (ssl) { #if (UWSC_SSL_SUPPORT) - uwsc_ssl_init((struct uwsc_ssl_ctx **)&cl->ssl, cl->sock); + uwsc_ssl_init((struct uwsc_ssl_ctx **)&cl->ssl, cl->sock, host); #else uwsc_log_err("SSL is not enabled at compile\n"); uwsc_free(cl);