From e1c98ceaf7922872b84643a6eaeba8a7908e0249 Mon Sep 17 00:00:00 2001 From: Mark Hellegers Date: Sun, 22 May 2016 21:02:03 +0200 Subject: [PATCH] Add support for TLS SNI Signed-off-by: Augustin Cavalier --- headers/os/net/NetworkAddress.h | 1 + headers/os/net/SecureSocket.h | 4 +- src/kits/network/libnetapi/NetworkAddress.cpp | 40 ++++++++++--------- src/kits/network/libnetapi/SecureSocket.cpp | 17 +++++--- 4 files changed, 36 insertions(+), 26 deletions(-) diff --git a/headers/os/net/NetworkAddress.h b/headers/os/net/NetworkAddress.h index 865ed737c6..717108ad86 100644 --- a/headers/os/net/NetworkAddress.h +++ b/headers/os/net/NetworkAddress.h @@ -149,6 +149,7 @@ private: private: sockaddr_storage fAddress; status_t fStatus; + BString fHostName; }; diff --git a/headers/os/net/SecureSocket.h b/headers/os/net/SecureSocket.h index ebf1e15e39..fe55cc66fd 100644 --- a/headers/os/net/SecureSocket.h +++ b/headers/os/net/SecureSocket.h @@ -42,8 +42,8 @@ public: virtual ssize_t Write(const void* buffer, size_t size); protected: - status_t _SetupCommon(); - status_t _SetupConnect(); + status_t _SetupCommon(const char* host = NULL); + status_t _SetupConnect(const char* host = NULL); status_t _SetupAccept(); private: diff --git a/src/kits/network/libnetapi/NetworkAddress.cpp b/src/kits/network/libnetapi/NetworkAddress.cpp index 57de4bc774..2bfbcd10df 100644 --- a/src/kits/network/libnetapi/NetworkAddress.cpp +++ b/src/kits/network/libnetapi/NetworkAddress.cpp @@ -129,7 +129,8 @@ BNetworkAddress::BNetworkAddress(const in6_addr& address, uint16 port) BNetworkAddress::BNetworkAddress(const BNetworkAddress& other) : fAddress(other.fAddress), - fStatus(other.fStatus) + fStatus(other.fStatus), + fHostName(other.fHostName) { } @@ -151,6 +152,7 @@ BNetworkAddress::Unset() { fAddress.ss_family = AF_UNSPEC; fAddress.ss_len = 2; + fHostName = ""; fStatus = B_OK; } @@ -170,15 +172,13 @@ BNetworkAddress::SetTo(const char* host, uint16 port, uint32 flags) uint32 cookie = 0; status = resolver->GetNextAddress(AF_INET6, &cookie, *this); - if (status == B_OK) { - fStatus = B_OK; - return B_OK; + if (status != B_OK) { + cookie = 0; + status = resolver->GetNextAddress(&cookie, *this); + if (status != B_OK) + Unset(); } - - cookie = 0; - status = resolver->GetNextAddress(&cookie, *this); - if (status != B_OK) - Unset(); + fHostName = host; fStatus = status; return status; } @@ -199,15 +199,13 @@ BNetworkAddress::SetTo(const char* host, const char* service, uint32 flags) uint32 cookie = 0; status = resolver->GetNextAddress(AF_INET6, &cookie, *this); - if (status == B_OK) { - fStatus = B_OK; - return B_OK; + if (status != B_OK) { + cookie = 0; + status = resolver->GetNextAddress(&cookie, *this); + if (status != B_OK) + Unset(); } - - cookie = 0; - status = resolver->GetNextAddress(&cookie, *this); - if (status != B_OK) - Unset(); + fHostName = host; fStatus = status; return status; } @@ -235,6 +233,7 @@ BNetworkAddress::SetTo(int family, const char* host, uint16 port, uint32 flags) status = resolver->GetNextAddress(&cookie, *this); if (status != B_OK) Unset(); + fHostName = host; fStatus = status; return status; } @@ -263,6 +262,7 @@ BNetworkAddress::SetTo(int family, const char* host, const char* service, status = resolver->GetNextAddress(&cookie, *this); if (status != B_OK) Unset(); + fHostName = host; fStatus = status; return status; } @@ -372,6 +372,7 @@ BNetworkAddress::SetTo(const BNetworkAddress& other) { fAddress = other.fAddress; fStatus = other.fStatus; + fHostName = other.fHostName; } @@ -1047,7 +1048,7 @@ BString BNetworkAddress::HostName() const { // TODO: implement host name lookup - return ToString(false); + return fHostName; } @@ -1159,6 +1160,7 @@ BNetworkAddress& BNetworkAddress::operator=(const BNetworkAddress& other) { memcpy(&fAddress, &other.fAddress, other.fAddress.ss_len); + fHostName = other.fHostName; fStatus = other.fStatus; return *this; @@ -1291,6 +1293,8 @@ BNetworkAddress::_ParseLinkAddress(const char* address) address += 3; } + + fHostName = address; SetToLinkLevel(linkAddress, length); return B_OK; diff --git a/src/kits/network/libnetapi/SecureSocket.cpp b/src/kits/network/libnetapi/SecureSocket.cpp index ef66cf8a86..773a6eb343 100644 --- a/src/kits/network/libnetapi/SecureSocket.cpp +++ b/src/kits/network/libnetapi/SecureSocket.cpp @@ -297,7 +297,7 @@ BSecureSocket::Connect(const BNetworkAddress& peer, bigtime_t timeout) if (status != B_OK) return status; - return _SetupConnect(); + return _SetupConnect(peer.HostName().String()); } @@ -381,7 +381,7 @@ BSecureSocket::Write(const void* buffer, size_t size) status_t -BSecureSocket::_SetupCommon() +BSecureSocket::_SetupCommon(const char* host) { // Do this only after BSocket::Connect has checked wether we're already // connected. We don't want to kill an existing SSL session, as that would @@ -399,15 +399,20 @@ BSecureSocket::_SetupCommon() BIO_set_fd(fPrivate->fBIO, fSocket, BIO_NOCLOSE); SSL_set_bio(fPrivate->fSSL, fPrivate->fBIO, fPrivate->fBIO); SSL_set_ex_data(fPrivate->fSSL, Private::sDataIndex, this); + if (host != NULL) { + BString hostString = host; + if (hostString != "") + SSL_set_tlsext_host_name(fPrivate->fSSL, host); + } return B_OK; } status_t -BSecureSocket::_SetupConnect() +BSecureSocket::_SetupConnect(const char* host) { - status_t error = _SetupCommon(); + status_t error = _SetupCommon(host); if (error != B_OK) return error; @@ -529,14 +534,14 @@ BSecureSocket::InitCheck() status_t -BSecureSocket::_SetupCommon() +BSecureSocket::_SetupCommon(const char* host) { return B_UNSUPPORTED; } status_t -BSecureSocket::_SetupConnect() +BSecureSocket::_SetupConnect(const char* host) { return B_UNSUPPORTED; }