diff options
author | CatboxParadox <CatboxParadox@users.noreply.github.com> | 2022-12-07 14:45:21 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-12-07 15:45:21 +0200 |
commit | 049f5d87e368e2de99479c1b7ea813e6832ac74e (patch) | |
tree | 097a3079267839416869b4fcc454864fd549bfc2 /src/tls.c | |
parent | c0267b3fa5808df475dec83c956b9a2bec112b90 (diff) | |
download | redis-049f5d87e368e2de99479c1b7ea813e6832ac74e.tar.gz |
Use SNI on outgoing TLS connections (#11458)
When establishing an outgoing TLS connection using a hostname as a target, use TLS SNI extensions to include the hostname in use.
Diffstat (limited to 'src/tls.c')
-rw-r--r-- | src/tls.c | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -44,6 +44,7 @@ #include <openssl/decoder.h> #endif #include <sys/uio.h> +#include <arpa/inet.h> #define REDIS_TLS_PROTO_TLSv1 (1<<0) #define REDIS_TLS_PROTO_TLSv1_1 (1<<1) @@ -857,10 +858,16 @@ static int connTLSAccept(connection *_conn, ConnectionCallbackFunc accept_handle static int connTLSConnect(connection *conn_, const char *addr, int port, const char *src_addr, ConnectionCallbackFunc connect_handler) { tls_connection *conn = (tls_connection *) conn_; + unsigned char addr_buf[sizeof(struct in6_addr)]; if (conn->c.state != CONN_STATE_NONE) return C_ERR; ERR_clear_error(); + /* Check whether addr is an IP address, if not, use the value for Server Name Indication */ + if (inet_pton(AF_INET, addr, addr_buf) != 1 && inet_pton(AF_INET6, addr, addr_buf) != 1) { + SSL_set_tlsext_host_name(conn->ssl, addr); + } + /* Initiate Socket connection first */ if (connectionTypeTcp()->connect(conn_, addr, port, src_addr, connect_handler) == C_ERR) return C_ERR; |