diff --git a/include/ircd/net/open.h b/include/ircd/net/open.h index 156d6f8f0..d27709374 100644 --- a/include/ircd/net/open.h +++ b/include/ircd/net/open.h @@ -17,6 +17,7 @@ namespace ircd::net using open_callback = std::function; string_view common_name(const open_opts &); + string_view server_name(const open_opts &); // Open existing socket with callback. void open(socket &, const open_opts &, open_callback); @@ -91,6 +92,16 @@ struct ircd::net::open_opts /// some rfc2818/rfc2459 wildcard we will properly match that for you. string_view common_name; + /// The server name identification string to send in the ClientHello. + /// If this is not set, then common_name is used (or if common_name is + /// empty, the value that is eventually used for common_name). + string_view server_name; + + /// Option to toggle whether server name identification is sent. If + /// false, it will not be sent regardless of the string values having + /// been set. If true, it will be sent regardless. + bool send_sni { true }; + /// Option to toggle whether to allow self-signed certificates. This /// currently defaults to true to not break Matrix development but will /// likely change later and require setting to true for specific conns. @@ -120,6 +131,12 @@ ircd::net::open_opts::open_opts(const net::ipport &ipport, ,ipport{ipport} {} +inline ircd::string_view +ircd::net::server_name(const open_opts &opts) +{ + return opts.server_name?: common_name(opts); +} + inline ircd::string_view ircd::net::common_name(const open_opts &opts) { diff --git a/ircd/net.cc b/ircd/net.cc index 2561de3e1..428ae735f 100644 --- a/ircd/net.cc +++ b/ircd/net.cc @@ -2188,8 +2188,11 @@ ircd::net::socket::handshake(const open_opts &opts, { log::debug { - log, "%s handshaking for '%s' to:%ld$ms", + log, "%s handshaking to '%s' for '%s' to:%ld$ms", loghead(*this), + opts.send_sni? + server_name(opts): + ""_sv, common_name(opts), opts.handshake_timeout.count() }; @@ -2205,6 +2208,10 @@ ircd::net::socket::handshake(const open_opts &opts, }; set_timeout(opts.handshake_timeout); + + if(opts.send_sni) + openssl::server_name(*this, server_name(opts)); + ssl.set_verify_callback(std::move(verify_handler)); ssl.async_handshake(handshake_type::client, std::move(handshake_handler)); }