diff options
| author | Andreas Sommer <andreas.sommer87@googlemail.com> | 2019-08-08 14:28:34 +0200 |
|---|---|---|
| committer | Jose <jose@zeroc.com> | 2019-09-06 18:51:54 +0200 |
| commit | e8bbc7e415c772c87da289d344796bbc232fdfba (patch) | |
| tree | 41eeb79341a554028a0041f4fae961ddba0a1335 /cpp/src/IceSSL/OpenSSLTransceiverI.cpp | |
| parent | Fix Java build dependencies - Close #509 (diff) | |
| download | ice-e8bbc7e415c772c87da289d344796bbc232fdfba.tar.bz2 ice-e8bbc7e415c772c87da289d344796bbc232fdfba.tar.xz ice-e8bbc7e415c772c87da289d344796bbc232fdfba.zip | |
Implement server name indication (SNI) for OpenSSL and SecureTransport backends (new property `IceSSL.ServerNameIndication`, default enabled)
Diffstat (limited to 'cpp/src/IceSSL/OpenSSLTransceiverI.cpp')
| -rw-r--r-- | cpp/src/IceSSL/OpenSSLTransceiverI.cpp | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/cpp/src/IceSSL/OpenSSLTransceiverI.cpp b/cpp/src/IceSSL/OpenSSLTransceiverI.cpp index 8acfe25a67e..8038b1159b5 100644 --- a/cpp/src/IceSSL/OpenSSLTransceiverI.cpp +++ b/cpp/src/IceSSL/OpenSSLTransceiverI.cpp @@ -187,6 +187,17 @@ OpenSSL::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal:: SSL_set_verify(_ssl, sslVerifyMode, IceSSL_opensslVerifyCallback); } + + // Server name indication + if (!_incoming && _engine->getServerNameIndication() && !_host.empty() && !IceInternal::isIpAddress(_host)) + { + if (!SSL_set_tlsext_host_name(_ssl, _host.c_str())) + { + ostringstream ostr; + ostr << "IceSSL: failed to set SNI host " << _host << " with SSL_set_tlsext_host_name"; + throw SecurityException(__FILE__, __LINE__, ostr.str()); + } + } } while(!SSL_is_init_finished(_ssl)) |