diff options
author | Guilhem Lettron <guilhem@barpilot.io> | 2019-11-30 03:51:40 +0100 |
---|---|---|
committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2019-12-04 23:24:06 +0900 |
commit | 2e22a54f4e085496088b77085f38b66532da59fb (patch) | |
tree | c3bc6bb24cafaae584504da112beb38d1b946695 /src/resolve/resolved-dnstls-openssl.c | |
parent | b7aa08ca15d0080bfbdc8820b8b9b617b550a0e0 (diff) | |
download | systemd-2e22a54f4e085496088b77085f38b66532da59fb.tar.gz |
Implement SNI when using DNS-over-TLS
Some DNS providers need SNI to identify client.
This can be used by adding #name to a DNS.
Example:
[Resolve]
DNS=192.168.1.1#example.com
Diffstat (limited to 'src/resolve/resolved-dnstls-openssl.c')
-rw-r--r-- | src/resolve/resolved-dnstls-openssl.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/resolve/resolved-dnstls-openssl.c b/src/resolve/resolved-dnstls-openssl.c index 85e202ff74..ce0a437371 100644 --- a/src/resolve/resolved-dnstls-openssl.c +++ b/src/resolve/resolved-dnstls-openssl.c @@ -87,6 +87,17 @@ int dnstls_stream_connect_tls(DnsStream *stream, DnsServer *server) { return -ECONNREFUSED; } + if (server->server_name) { + r = SSL_set_tlsext_host_name(s, server->server_name); + if (r <= 0) { + char errbuf[256]; + + error = ERR_get_error(); + ERR_error_string_n(error, errbuf, sizeof(errbuf)); + return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to set server name: %s", errbuf); + } + } + ERR_clear_error(); stream->dnstls_data.handshake = SSL_do_handshake(s); if (stream->dnstls_data.handshake <= 0) { |