Support SNI

2018-12-20 16:26:24 +02:00 · 2018-12-20 16:26:24 +02:00 · 58222c26f4
commit 58222c26f4
parent 389e694abe
6 changed files with 15 additions and 9 deletions
--- a/examples/example-libevent-ssl.c
+++ b/examples/example-libevent-ssl.c
@ -57,7 +57,7 @@ int main (int argc, char **argv) {
        printf("Error: %s\n", c->errstr);
        return 1;
    }
-    if (redisSecureConnection(&c->c, caCert, cert, certKey) != REDIS_OK) {
+    if (redisSecureConnection(&c->c, caCert, cert, certKey, "sni") != REDIS_OK) {
        printf("SSL Error!\n");
        exit(1);
    }
--- a/examples/example-ssl.c
+++ b/examples/example-ssl.c
@ -30,7 +30,7 @@ int main(int argc, char **argv) {
        exit(1);
    }
-    if (redisSecureConnection(c, ca, cert, key) != REDIS_OK) {
+    if (redisSecureConnection(c, ca, cert, key, "sni") != REDIS_OK) {
        printf("Couldn't initialize SSL!\n");
        printf("Error: %s\n", c->errstr);
        redisFree(c);
--- a/hiredis.c
+++ b/hiredis.c
@ -753,8 +753,8 @@ redisContext *redisConnectFd(int fd) {
 }
 int redisSecureConnection(redisContext *c, const char *caPath,
-                          const char *certPath, const char *keyPath) {
+                          const char *certPath, const char *keyPath, const char *servername) {
-    return redisSslCreate(c, caPath, certPath, keyPath);
+    return redisSslCreate(c, caPath, certPath, keyPath, servername);
 }
 /* Set read/write timeout on a blocking socket. */
--- a/hiredis.h
+++ b/hiredis.h
@ -207,7 +207,7 @@ redisContext *redisConnectFd(int fd);
 * executed on the connection.
 */
 int redisSecureConnection(redisContext *c, const char *capath, const char *certpath,
-                          const char *keypath);
+                          const char *keypath, const char *servername);
 /**
 * Reconnect the given context using the saved information.
--- a/sslio.c
+++ b/sslio.c
@ -87,7 +87,7 @@ void redisFreeSsl(redisSsl *ssl){
 }
 int redisSslCreate(redisContext *c, const char *capath, const char *certpath,
-                   const char *keypath) {
+                   const char *keypath, const char *servername) {
    assert(!c->ssl);
    c->ssl = calloc(1, sizeof(*c->ssl));
    static int isInit = 0;
@ -131,6 +131,12 @@ int redisSslCreate(redisContext *c, const char *capath, const char *certpath,
        __redisSetError(c, REDIS_ERR, "Couldn't create new SSL instance");
        return REDIS_ERR;
    }
    if (servername) {
        if (!SSL_set_tlsext_host_name(s->ssl, servername)) {
            __redisSetError(c, REDIS_ERR, "Couldn't set server name indication");
            return REDIS_ERR;
        }
    }
    SSL_set_fd(s->ssl, c->fd);
    SSL_set_connect_state(s->ssl);
--- a/sslio.h
+++ b/sslio.h
@ -12,8 +12,8 @@ static inline void redisFreeSsl(redisSsl *ssl) {
    (void)ssl;
 }
 static inline int redisSslCreate(struct redisContext *c, const char *ca,
-                          const char *cert, const char *key) {
+                          const char *cert, const char *key, const char *servername) {
-    (void)c;(void)ca;(void)cert;(void)key;
+    (void)c;(void)ca;(void)cert;(void)key;(void)servername;
    return REDIS_ERR;
 }
 static inline int redisSslRead(struct redisContext *c, char *s, size_t n) {
@ -55,7 +55,7 @@ struct redisContext;
 void redisFreeSsl(redisSsl *);
 int redisSslCreate(struct redisContext *c, const char *caPath,
-                   const char *certPath, const char *keyPath);
+                   const char *certPath, const char *keyPath, const char *servername);
 int redisSslRead(struct redisContext *c, char *buf, size_t bufcap);
 int redisSslWrite(struct redisContext *c);