mirror of
https://github.com/matrix-construct/construct
synced 2024-06-25 05:18:23 +02:00
ircd::net: Send server name identification when opening client connections.
This commit is contained in:
Jason Volk
parent
59f63841ba
commit
d6e97f6aab
|
|
@ -17,6 +17,7 @@ namespace ircd::net
|
|||
using open_callback = std::function<void (std::exception_ptr)>;
|
||||
|
||||
string_view common_name(const open_opts &);
|
||||
string_view server_name(const open_opts &);
|
||||
|
||||
// Open existing socket with callback.
|
||||
void open(socket &, const open_opts &, open_callback);
|
||||
|
|
@ -91,6 +92,16 @@ struct ircd::net::open_opts
|
|||
/// some rfc2818/rfc2459 wildcard we will properly match that for you.
|
||||
string_view common_name;
|
||||
|
||||
/// The server name identification string to send in the ClientHello.
|
||||
/// If this is not set, then common_name is used (or if common_name is
|
||||
/// empty, the value that is eventually used for common_name).
|
||||
string_view server_name;
|
||||
|
||||
/// Option to toggle whether server name identification is sent. If
|
||||
/// false, it will not be sent regardless of the string values having
|
||||
/// been set. If true, it will be sent regardless.
|
||||
bool send_sni { true };
|
||||
|
||||
/// Option to toggle whether to allow self-signed certificates. This
|
||||
/// currently defaults to true to not break Matrix development but will
|
||||
/// likely change later and require setting to true for specific conns.
|
||||
|
|
@ -120,6 +131,12 @@ ircd::net::open_opts::open_opts(const net::ipport &ipport,
|
|||
,ipport{ipport}
|
||||
{}
|
||||
|
||||
inline ircd::string_view
|
||||
ircd::net::server_name(const open_opts &opts)
|
||||
{
|
||||
return opts.server_name?: common_name(opts);
|
||||
}
|
||||
|
||||
inline ircd::string_view
|
||||
ircd::net::common_name(const open_opts &opts)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -2188,8 +2188,11 @@ ircd::net::socket::handshake(const open_opts &opts,
|
|||
{
|
||||
log::debug
|
||||
{
|
||||
log, "%s handshaking for '%s' to:%ld$ms",
|
||||
log, "%s handshaking to '%s' for '%s' to:%ld$ms",
|
||||
loghead(*this),
|
||||
opts.send_sni?
|
||||
server_name(opts):
|
||||
"<no sni>"_sv,
|
||||
common_name(opts),
|
||||
opts.handshake_timeout.count()
|
||||
};
|
||||
|
|
@ -2205,6 +2208,10 @@ ircd::net::socket::handshake(const open_opts &opts,
|
|||
};
|
||||
|
||||
set_timeout(opts.handshake_timeout);
|
||||
|
||||
if(opts.send_sni)
|
||||
openssl::server_name(*this, server_name(opts));
|
||||
|
||||
ssl.set_verify_callback(std::move(verify_handler));
|
||||
ssl.async_handshake(handshake_type::client, std::move(handshake_handler));
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue