gvsafronov/futriix
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

Use SNI on outgoing TLS connections (#11458)

Browse Source 
When establishing an outgoing TLS connection using a hostname as a target, use TLS SNI extensions to include the hostname in use.
This commit is contained in:
CatboxParadox 2022-12-07 14:45:21 +01:00 committed by GitHub
parent c0267b3fa5
commit 049f5d87e3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/tls.c
View File

@ -44,6 +44,7 @@
#include <openssl/decoder.h>
#endif
#include <sys/uio.h>
#include <arpa/inet.h>
#define REDIS_TLS_PROTO_TLSv1 (1<<0)
#define REDIS_TLS_PROTO_TLSv1_1 (1<<1)
@ -857,10 +858,16 @@ static int connTLSAccept(connection *_conn, ConnectionCallbackFunc accept_handle
static int connTLSConnect(connection *conn_, const char *addr, int port, const char *src_addr, ConnectionCallbackFunc connect_handler) {
tls_connection *conn = (tls_connection *) conn_;
unsigned char addr_buf[sizeof(struct in6_addr)];
if (conn->c.state != CONN_STATE_NONE) return C_ERR;
ERR_clear_error();
/* Check whether addr is an IP address, if not, use the value for Server Name Indication */
if (inet_pton(AF_INET, addr, addr_buf) != 1 && inet_pton(AF_INET6, addr, addr_buf) != 1) {
SSL_set_tlsext_host_name(conn->ssl, addr);
}
/* Initiate Socket connection first */
if (connectionTypeTcp()->connect(conn_, addr, port, src_addr, connect_handler) == C_ERR) return C_ERR;