Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dnsdist: Fix SNI on resumed sessions by acknowledging the name sent by the client #9921

Merged
merged 2 commits into from Jan 8, 2021
Merged

dnsdist: Fix SNI on resumed sessions by acknowledging the name sent by the client #9921

merged 2 commits into from Jan 8, 2021

Conversation

rgacogne
Copy link
Member

@rgacogne rgacogne commented Jan 7, 2021
edited

Short description

Otherwise SSL_get_servername() only returns true when the session has been freshly established, and will return nullptr when it is resumed.

Checklist

I have:

  • read the CONTRIBUTING.md document
  • compiled this code
  • tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)

@rgacogne
dnsdist: Fix SNI on resumed sessions by acknowledging the name sent b…
767a9d3 
…y the client

Otherwise `SSL_get_servername()` only returns true when the session
has been freshly established, and will return `nullptr` when it is
resumed.
@rgacogne rgacogne added this to the dnsdist-1.6.0 milestone Jan 7, 2021
@rgacogne rgacogne mentioned this pull request Jan 7, 2021
Merged
7 tasks
omoerbeek
omoerbeek reviewed Jan 7, 2021
View reviewed changes
pdns/dnsdistdist/libssl.cc
/* we need to set this callback to acknowledge the server name sent by the client,
otherwise it will not stored in the session and will not be accessible when the
session is resumed, causing SSL_get_servername to return nullptr */
SSL_CTX_set_tlsext_servername_callback(ctx.get(), &libssl_server_name_callback);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

extremely pedantic nit: redundant &

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I personally prefer it that way to make it more clear that we pass the address of the function, and not the result of a call to the function.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To my eyes it's clear it isn't a call since no arguments are passed. But fair enough.

@rgacogne
Copy link
Member Author

rgacogne commented Jan 7, 2021

Regression tests added.

@rgacogne rgacogne merged commit dbdd4bf into PowerDNS:master Jan 8, 2021
@rgacogne rgacogne deleted the ddist-sni-resumption branch January 8, 2021 09:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@omoerbeek omoerbeek omoerbeek left review comments

Assignees
No one assigned
Labels
defect dnsdist
Projects
None yet
Milestone
dnsdist-1.6.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@rgacogne @omoerbeek