#12388: Missing support for TLS SNI (easy)
--------------------------------+----------------------------
Reporter: FreeFull | Owner: axeld
Type: bug | Status: new
Priority: normal | Milestone: Unscheduled
Component: Kits/Network Kit | Version: R1/Development
Resolution: | Keywords:
Blocked By: | Blocking:
Has a Patch: 1 | Platform: All
--------------------------------+----------------------------
Comment (by markh):
I finally had tie to try the second solution and got something working. It
even works without needing a new version of Web+ to be built.
I added a private variable fHostName to BNetworkAddress and filled it in
when the SetTo call contained a host. This does mean that if you make a
call to a SetTo function without a host, it will not enable the SNI
support. Not sure what to do about that. Thought about adding a host
parameter to those SetTo functions, but decided against it for now.
I used the existing HostName function to return fHostName, but left the
TODO in place. Not sure if we want to do something extra in case fHostName
is empty.
Made some changes in SecureSocket to get the host name from the
BNetworkAddress and use it to make the SSL_set_tlsext_host_name call. Only
did it for Connect, but perhaps Accept needs to be changed as well.
Tested some sites (freelists, slashdot) that didn't work without it and
confirmed that with my changes they work fine. Also tested some other
sites that were already working to make sure I didn't break anything and
it seems fine.
--
Ticket URL: <https://dev.haiku-os.org/ticket/12388#comment:5>
Haiku <https://dev.haiku-os.org>
Haiku - the operating system.