Skip to content

SNI support rfc-6066 #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
brk0v wants to merge 4 commits into from
Closed

SNI support rfc-6066 #9

brk0v wants to merge 4 commits into from

Conversation

@brk0v
Copy link
Contributor

@brk0v brk0v commented Aug 19, 2014

Add SNI support rfc-6066.
Example of usage (you need need to implement tlsCtxStorage object):

// callback
func sniCallback(ssl *openssl.SSL) openssl.SSLTLSExtErr {
    host  := ssl.GetServername()

    if len(host) == 0 {
        return openssl.SSLTLSEXTErrNoAck
    }

    // check if we are already in default host
    if defaulHost, err := tlsCtxStorage.GetDefaultHost(); host == defaulHost && 
        err == nil {
            return openssl.SSLTLSExtErrOK
    }

    // get ctx
    ctx, err := tlsCtxStorage.GetCtx(host);
    if err != nil || ctx == nil {
        return openssl.SSLTLSEXTErrNoAck 
    }
    logger.Debugf("Changed context for: %s.", host)

    // set proper ctx
    ssl.SetSSLCtx(ctx)

    /*
    * SSL_set_SSL_CTX() only changes certs as of 1.0.0d
    * adjust other things we care about
    */

    ssl.SetVerify(ctx.VerifyMode(), ctx.GetVerifyCallback())
    ssl.SetVerifyDepth(ctx.GetVerifyDepth())

    ssl.ClearOptions(ssl.GetOptions() &^ ctx.GetOptions())
    ssl.SetOptions(ctx.GetOptions())

    return openssl.SSLTLSExtErrOK 
}

@jtolio
Copy link
Member

jtolio commented Oct 8, 2014

so actually, before i review more, would you mind squashing these commits into one and rebasing?

This was referenced Nov 13, 2014
Closed
Closed
@jtolio
Copy link
Member

jtolio commented Nov 13, 2014

this has moved to #17

@jtolio jtolio closed this Nov 13, 2014
merlin-northern added a commit to merlin-northern/openssl that referenced this pull request Aug 20, 2020
@merlin-northern
Merge pull request spacemonkeygo#9 from mendersoftware/merge_upstream…
b6c4587 
…_patches_review

Merge upstream patches
BenMatase pushed a commit to mistsys/openssl that referenced this pull request Oct 3, 2024
@huwcbjones
certs/serial: protect against too big serial numbers (spacemonkeygo#9)
6fdd95f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@brk0v @jtolio