Get SNI for OpenSSL

[bararchy]

This PR adds the ability to query the SNI string, having this ability is important when needing to decide which certificate to show the connecting client, or, when creating a proxy that should show the relevant certificate for each host.
There are other reasons for having this ability.

Overall this change is minor and have been tested locally.

[asterite]

Looks good, though in Ruby I think the method is called hostname and there's also hostname=. I know nothing about openssl, but I just found that.

[asterite]

(note: I might be wrong)

[bararchy]

@asterite the hostname= or sni= should be in the Client part of SSL::Socket as it sets the SNI for the connection.
I wanted to divide those into small manageable PRs because C bindings + OpenSSL is a scary concept and it's better to take in small doses

[ysbaddaden]

I agree with @asterite. Looking at the OpenSSL documentation, the method could be #hostname with documentation stating that it returns the server name indication (SNI), and there could be SSL_set_tlsext_host_name to implement the #hostname= method which is useful on clients.

[straight-shoota]

Could you add a spec for this method, please?

[bararchy]

@straight-shoota regarding specs, sadly can't make those until the client side will be finished, unless you wish me to do an ugly hack like

system("openssl s_client")

etc..

[jhass]

For which openssl versions are these methods available? Do we need or want to conditionalize defining them for nicer compilation errors?

Btw, maybe I'm wrong, but I vaguely remember that you can bundle up your certs and keys into a single file, load that into a context and openssl will pick the first matching one.

[bararchy]

Ok, this is really wierd, the function should be present in 1.1.0..master, I can see it here: https://github.com/openssl/openssl/blob/master/apps/s_client.c#L1980
Also here: https://www.openssl.org/docs/man1.1.1/man3/SSL_set_tlsext_host_name.html

[bararchy]

@asterite @jhass @straight-shoota @RX14

I totally missed we already have the hostname ability in the client socket already, so, Added only server side, added specs which should pass.

Let's squash and merge, then I'll start working on adding the callback which is the needed part for the whole SNI server flow

[bararchy]

@asterite @ysbaddaden @straight-shoota can I get another approval ?

[asterite]

I just left a question, feel free to ignore it if it doesn't make sense.

[ysbaddaden]

Just one last tiny change to use @jhass proposal for the documentation, and it's 👍

[bararchy]

@jhass @ysbaddaden done. Updated docs comment
Feel free to merge or let the CI ran for 50min for a comment hahahah

[bararchy]

@ysbaddaden all green LGTM 🎉

[Sija]

Could you please split this line? Its complexity makes it hard to read.

[bararchy]

I can, keep in mind its a copy paste of the above tests, I just wanted to keep the same structure, maybe it should be better to merge this PR and make a new one fixing all the examples in the file which use this exact same line?

[bararchy]

@straight-shoota can I get your approval?

[straight-shoota]

I'm not happy about the sleep 1 but I think at this point it's fine to merge and refactor the entire specs file.

[sdogruyol]

Thank you @bararchy 👍