diff options
| author | Jose <jose@zeroc.com> | 2019-09-06 18:49:02 +0200 |
|---|---|---|
| committer | Jose <jose@zeroc.com> | 2019-09-06 18:52:30 +0200 |
| commit | f77a9b7847525d56ba64a0631652401885457a9e (patch) | |
| tree | a3283476120c498a6e28bc0712d51886e64125e3 /cpp/src/IceSSL/SecureTransportTransceiverI.cpp | |
| parent | Mark SNI support in UWP as not tested (diff) | |
| download | ice-f77a9b7847525d56ba64a0631652401885457a9e.tar.bz2 ice-f77a9b7847525d56ba64a0631652401885457a9e.tar.xz ice-f77a9b7847525d56ba64a0631652401885457a9e.zip | |
Enable SNI extension with CheckCertName > 1
- Remove IceSSL.ServerNameIndication, IceSSL.CheckCertName = 2 should be used
instead.
- Minor style fixes
Diffstat (limited to 'cpp/src/IceSSL/SecureTransportTransceiverI.cpp')
| -rw-r--r-- | cpp/src/IceSSL/SecureTransportTransceiverI.cpp | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/cpp/src/IceSSL/SecureTransportTransceiverI.cpp b/cpp/src/IceSSL/SecureTransportTransceiverI.cpp index d44d3e796e7..a52067b962d 100644 --- a/cpp/src/IceSSL/SecureTransportTransceiverI.cpp +++ b/cpp/src/IceSSL/SecureTransportTransceiverI.cpp @@ -243,13 +243,15 @@ IceSSL::SecureTransport::TransceiverI::initialize(IceInternal::Buffer& readBuffe sslErrorToString(err)); } - if (!_incoming && _engine->getServerNameIndication() && !_host.empty() && !IceInternal::isIpAddress(_host)) + // + // Enable SNI + // + if(!_incoming && _engine->getServerNameIndication() && !_host.empty() && !IceInternal::isIpAddress(_host)) { - if ((err = SSLSetPeerDomainName(_ssl.get(), _host.data(), _host.length()))) + if((err = SSLSetPeerDomainName(_ssl.get(), _host.data(), _host.length()))) { - ostringstream ostr; - ostr << "IceSSL: failed to set SNI host " << _host << " with SSLSetPeerDomainName\n" << sslErrorToString(err); - throw SecurityException(__FILE__, __LINE__, ostr.str()); + throw SecurityException(__FILE__, __LINE__, "IceSSL: setting SNI host failed `" + _host + "'\n" + + sslErrorToString(err)); } } } |