diff options
| author | cinap_lenrek <cinap_lenrek@felloff.net> | 2015-05-21 02:28:06 +0200 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@felloff.net> | 2015-05-21 02:28:06 +0200 |
| commit | 890c459567c05647c83e566f491db0d953ca8e66 (patch) | |
| tree | 58f44b2d5ce0c2090e757aeb9032745c6eb78181 /sys/src/cmd/webfs/http.c | |
| parent | 40360a992d03ccccf69a36fa20359ad029b3afcf (diff) | |
webfs: send servername in tls client hello (SNI)
Diffstat (limited to 'sys/src/cmd/webfs/http.c')
| -rw-r--r-- | sys/src/cmd/webfs/http.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/sys/src/cmd/webfs/http.c b/sys/src/cmd/webfs/http.c index d4d7dc36e..7e3f001f7 100644 --- a/sys/src/cmd/webfs/http.c +++ b/sys/src/cmd/webfs/http.c @@ -73,19 +73,22 @@ tlstrace(char *fmt, ...) } static int -tlswrap(int fd) +tlswrap(int fd, char *servername) { TLSconn conn; memset(&conn, 0, sizeof(conn)); if(debug) conn.trace = tlstrace; + if(servername != nil) + conn.serverName = smprint("%H", servername); if((fd = tlsClient(fd, &conn)) < 0){ if(debug) fprint(2, "tlsClient: %r\n"); return -1; } free(conn.cert); free(conn.sessionID); + free(conn.serverName); return fd; } @@ -123,10 +126,10 @@ hdial(Url *u) if((fd = dial(addr, 0, 0, &ctl)) >= 0){ if(proxy){ if(strcmp(proxy->scheme, "https") == 0) - fd = tlswrap(fd); + fd = tlswrap(fd, proxy->host); } else { if(strcmp(u->scheme, "https") == 0) - fd = tlswrap(fd); + fd = tlswrap(fd, u->host); } } if(fd < 0){ @@ -905,7 +908,7 @@ http(char *m, Url *u, Key *shdr, Buq *qbody, Buq *qpost) * then the proxy server has established the connection. */ if(h->tunnel && !retry && (i/100) == 2){ - if((h->fd = tlswrap(h->fd)) < 0) + if((h->fd = tlswrap(h->fd, host)) < 0) break; /* proceed to the original request */ |