mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-12-10 12:11:28 +01:00
Code Issues Projects Releases Wiki Activity

MINOR: ssl: provide ia function to set the SNI extension on a connection

Browse Source 
ssl_sock_set_servername() is used to set the SNI hostname on an
outgoing connection. This function comes from code originally
provided by Christopher Faulet of Qualys.
This commit is contained in:
Willy Tarreau 2015-07-10 11:33:32 +02:00
parent 42529c38ac
commit 630764188b
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/proto/ssl_sock.h
View File

@ -52,6 +52,7 @@ void ssl_sock_free_ca(struct bind_conf *bind_conf);
const char *ssl_sock_get_cipher_name(struct connection *conn);
const char *ssl_sock_get_proto_version(struct connection *conn);
char *ssl_sock_get_version(struct connection *conn);
void ssl_sock_set_servername(struct connection *conn, const char *hostname);
int ssl_sock_get_cert_used_sess(struct connection *conn);
int ssl_sock_get_cert_used_conn(struct connection *conn);
int ssl_sock_get_remote_common_name(struct connection *conn, struct chunk *out);

10
src/ssl_sock.c
View File

@ -3292,6 +3292,16 @@ char *ssl_sock_get_version(struct connection *conn)
return (char *)SSL_get_version(conn->xprt_ctx);
}
void ssl_sock_set_servername(struct connection *conn, const char *hostname)
{
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
if (!ssl_sock_is_ssl(conn))
return;
SSL_set_tlsext_host_name(conn->xprt_ctx, hostname);
#endif
}
/* Extract peer certificate's common name into the chunk dest
* Returns
* the len of the extracted common name