Skip to content
Permalink
Browse files

Merge pull request #232 from RichardSteele/fix-sni-231

Fix #231: SNI breaks STARTTLS
  • Loading branch information
vincent-richard committed Nov 18, 2019
2 parents 19fb3c2 + 893726c commit 8ac5b7f5fc99828f6718df09f9b5fc336a65b6cb
@@ -94,8 +94,6 @@ void TLSSocket_GnuTLS::connect(const string& address, const port_t port) {

try {

gnutls_server_name_set(*m_session->m_gnutlsSession, GNUTLS_NAME_DNS, address.c_str(), address.size());

m_wrapped->connect(address, port);

handshake();
@@ -319,6 +317,9 @@ void TLSSocket_GnuTLS::handshake() {

// Start handshaking process
try {
string peerName = getPeerName();

gnutls_server_name_set(*m_session->m_gnutlsSession, GNUTLS_NAME_DNS, peerName.c_str(), peerName.size());

while (true) {

@@ -122,8 +122,9 @@ TLSSocket_OpenSSL::~TLSSocket_OpenSSL() {
void TLSSocket_OpenSSL::createSSLHandle() {

if (m_wrapped->isConnected()) {

if (m_address.empty()) {
string peerName = getPeerName();

if (peerName.empty()) {
throw exceptions::tls_exception("Unknown host name, will not be able to set SNI");
}

@@ -167,7 +168,7 @@ void TLSSocket_OpenSSL::createSSLHandle() {
}

SSL_set_bio(m_ssl, sockBio, sockBio);
SSL_set_tlsext_host_name(m_ssl, m_address.c_str());
SSL_set_tlsext_host_name(m_ssl, peerName.c_str());
SSL_set_connect_state(m_ssl);
SSL_set_mode(m_ssl, SSL_MODE_AUTO_RETRY | SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);

@@ -183,8 +184,7 @@ void TLSSocket_OpenSSL::connect(const string& address, const port_t port) {
try {

m_wrapped->connect(address, port);
m_address = address;


createSSLHandle();

handshake();
@@ -116,8 +116,6 @@ class TLSSocket_OpenSSL : public TLSSocket {

shared_ptr <socket> m_wrapped;

std::string m_address;

bool m_connected;

byte_t m_buffer[65536];

0 comments on commit 8ac5b7f

Please sign in to comment.
You can’t perform that action at this time.