Merge pull request #64 from muzaffar1331/add-sni

Add support for Server Name Indication. Done during IETF 103 hackathon
This commit is contained in:
Adrian Chadd 2018-11-02 09:43:58 -07:00 committed by GitHub
當前提交 536740a8d9
沒有發現已知的金鑰在資料庫的簽署中
GPG Key ID: 4AEE18F83AFDEB23
共有 3 個文件被更改,包括 22 次插入0 次删除

查看文件

@ -122,6 +122,11 @@ conn_init(Conn *conn)
exit(-1);
}
if (param.tls_server_name)
{
SSL_set_tlsext_host_name(conn->ssl, param.tls_server_name);
}
if (param.ssl_cipher_list) {
/* set order of ciphers */
int ssl_err = SSL_set_cipher_list(conn->ssl, param.ssl_cipher_list);

查看文件

@ -144,6 +144,7 @@ static struct option longopts[] = {
#ifdef HAVE_SSL
{"ssl", no_argument, &param.use_ssl, 1},
{"ssl-ciphers", required_argument, (int *) &param.ssl_cipher_list, 0},
{"tls-server-name", required_argument, (int *) &param.tls_server_name, 0},
{"ssl-no-reuse", no_argument, &param.ssl_reuse, 0},
{"ssl-certificate", required_argument, (int *) &param.ssl_cert, 0},
{"ssl-key", required_argument, (int *) &param.ssl_key, 0},
@ -697,6 +698,19 @@ main(int argc, char **argv)
exit (1);
}
}
else if (flag == &param.tls_server_name)
{
if (param.ssl_protocol >= 4)
{
param.tls_server_name = optarg;
}
else
{
fprintf (stderr, "%s: Error setting the SNI (Server Name Indication) server name to %s. The --tls-server-name option can only be used if --ssl-protocol-version is set to TLSv1.0 and above.\n",
prog_name, optarg);
exit (1);
}
}
#endif
else if (flag == &param.uri)
param.uri = optarg;
@ -1294,6 +1308,8 @@ main(int argc, char **argv)
printf(" --ssl");
if (param.ssl_cipher_list)
printf(" --ssl-ciphers=%s", param.ssl_cipher_list);
if (param.tls_server_name)
printf(" --tls-server-name=%s", param.tls_server_name);
if (!param.ssl_reuse)
printf(" --ssl-no-reuse");
if (param.ssl_cert) printf (" --ssl-cert=%s", param.ssl_cert);

查看文件

@ -121,6 +121,7 @@ typedef struct Cmdline_Params
int ssl_reuse; /* reuse SSL Session ID */
int ssl_verify; /* whether to verify the server certificate */
int ssl_protocol; /* which SSL protocol to use */
const char *tls_server_name; /* TLS SNI (server name indication) */
const char *ssl_cipher_list; /* client's list of SSL cipher suites */
const char *ssl_cert; /* client certificate file name */
const char *ssl_key; /* client key file name */