ref: 890c459567c05647c83e566f491db0d953ca8e66
parent: 40360a992d03ccccf69a36fa20359ad029b3afcf
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Wed May 20 22:28:06 EDT 2015
webfs: send servername in tls client hello (SNI)
--- a/sys/src/cmd/webfs/http.c
+++ b/sys/src/cmd/webfs/http.c
@@ -73,7 +73,7 @@
}
static int
-tlswrap(int fd)
+tlswrap(int fd, char *servername)
{TLSconn conn;
@@ -80,6 +80,8 @@
memset(&conn, 0, sizeof(conn));
if(debug)
conn.trace = tlstrace;
+ if(servername != nil)
+ conn.serverName = smprint("%H", servername); if((fd = tlsClient(fd, &conn)) < 0){if(debug) fprint(2, "tlsClient: %r\n");
return -1;
@@ -86,6 +88,7 @@
}
free(conn.cert);
free(conn.sessionID);
+ free(conn.serverName);
return fd;
}
@@ -123,10 +126,10 @@
if((fd = dial(addr, 0, 0, &ctl)) >= 0){ if(proxy){if(strcmp(proxy->scheme, "https") == 0)
- fd = tlswrap(fd);
+ fd = tlswrap(fd, proxy->host);
} else {if(strcmp(u->scheme, "https") == 0)
- fd = tlswrap(fd);
+ fd = tlswrap(fd, u->host);
}
}
if(fd < 0){@@ -905,7 +908,7 @@
* then the proxy server has established the connection.
*/
if(h->tunnel && !retry && (i/100) == 2){- if((h->fd = tlswrap(h->fd)) < 0)
+ if((h->fd = tlswrap(h->fd, host)) < 0)
break;
/* proceed to the original request */