Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Set initial SNI hostname when creating an OpenSSL engine in client mode #8178
When using the JDK SSL provider in client mode, the SNI host names (called serverNames in SslEngineImpl) is set to the peerHost (if available) that is used to initialize the SSL Engine:
This allows one to call SslEngine.getSSLParameters() and inspect what is the SNI name to be sent. The same should be done in the OpenSSL provider as well. Currently even though the the SNI name is sent by the OpenSSL provider during handshake when the peerHost is specified, it is missing from the parameters.
Set the sniHostNames field when SNI is to be used. Also verifies the peer is actually a hostname before setting it as the SNI name, which is consistent with JDK SSL provider's behavior.
SslEngine using the OpenSSL provider created in client mode with peerHost should initialize sniHostNames with the peerHost.
Calling SslEngine.getSSLParameters().getServerNames() should return a list that contains that name.
I'm not sure where to put tests. Please advise.