From 39f8e7528e650ddd0a42648cbd89c2473281be96 Mon Sep 17 00:00:00 2001 From: Paul Beckingham Date: Sat, 11 Feb 2017 13:51:02 -0500 Subject: [PATCH] TLS: Now uses SNI --- src/CMakeLists.txt | 3 ++- src/TLSClient.cpp | 12 ++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index b95a5e49f..a5b55a450 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -41,8 +41,9 @@ add_library (libshared libshared/src/Color.cpp libshared/src/Color.h libshared/src/RX.cpp libshared/src/RX.h libshared/src/Table.cpp libshared/src/Table.h libshared/src/Timer.cpp libshared/src/Timer.h - libshared/src/shared.cpp libshared/src/shared.h libshared/src/format.cpp libshared/src/format.h + libshared/src/ip.cpp + libshared/src/shared.cpp libshared/src/shared.h libshared/src/unicode.cpp libshared/src/unicode.h libshared/src/utf8.cpp libshared/src/utf8.h libshared/src/wcwidth6.cpp) diff --git a/src/TLSClient.cpp b/src/TLSClient.cpp index b276627bd..4bf9026be 100644 --- a/src/TLSClient.cpp +++ b/src/TLSClient.cpp @@ -46,6 +46,7 @@ #include #include #include +#include #include #define MAX_BUF 16384 @@ -210,6 +211,17 @@ void TLSClient::connect (const std::string& host, const std::string& port) gnutls_session_set_verify_cert (_session, _host.c_str (), 0); // 3.4.6 #endif + // SNI. Only permitted when _host is a DNS name, not an IPv4/6 address. + std::string dummyAddress; + int dummyPort; + if (! isIPv4Address (_host, dummyAddress, dummyPort) && + ! isIPv6Address (_host, dummyAddress, dummyPort)) + { + ret = gnutls_server_name_set (_session, GNUTLS_NAME_DNS, _host.c_str (), _host.length ()); // All + if (ret < 0) + throw format ("TLS SNI error. {1}", gnutls_strerror (ret)); // All + } + // Store the TLSClient instance, so that the verification callback can access // it during the handshake below and call the verification method. gnutls_session_set_ptr (_session, (void*) this); // All