Support SNI

This commit is contained in:
valentino 2018-12-20 16:26:24 +02:00 committed by Mark Nunberg
parent 389e694abe
commit 58222c26f4
6 changed files with 15 additions and 9 deletions

View File

@ -57,7 +57,7 @@ int main (int argc, char **argv) {
printf("Error: %s\n", c->errstr);
return 1;
}
if (redisSecureConnection(&c->c, caCert, cert, certKey) != REDIS_OK) {
if (redisSecureConnection(&c->c, caCert, cert, certKey, "sni") != REDIS_OK) {
printf("SSL Error!\n");
exit(1);
}

View File

@ -30,7 +30,7 @@ int main(int argc, char **argv) {
exit(1);
}
if (redisSecureConnection(c, ca, cert, key) != REDIS_OK) {
if (redisSecureConnection(c, ca, cert, key, "sni") != REDIS_OK) {
printf("Couldn't initialize SSL!\n");
printf("Error: %s\n", c->errstr);
redisFree(c);

View File

@ -753,8 +753,8 @@ redisContext *redisConnectFd(int fd) {
}
int redisSecureConnection(redisContext *c, const char *caPath,
const char *certPath, const char *keyPath) {
return redisSslCreate(c, caPath, certPath, keyPath);
const char *certPath, const char *keyPath, const char *servername) {
return redisSslCreate(c, caPath, certPath, keyPath, servername);
}
/* Set read/write timeout on a blocking socket. */

View File

@ -207,7 +207,7 @@ redisContext *redisConnectFd(int fd);
* executed on the connection.
*/
int redisSecureConnection(redisContext *c, const char *capath, const char *certpath,
const char *keypath);
const char *keypath, const char *servername);
/**
* Reconnect the given context using the saved information.

View File

@ -87,7 +87,7 @@ void redisFreeSsl(redisSsl *ssl){
}
int redisSslCreate(redisContext *c, const char *capath, const char *certpath,
const char *keypath) {
const char *keypath, const char *servername) {
assert(!c->ssl);
c->ssl = calloc(1, sizeof(*c->ssl));
static int isInit = 0;
@ -131,6 +131,12 @@ int redisSslCreate(redisContext *c, const char *capath, const char *certpath,
__redisSetError(c, REDIS_ERR, "Couldn't create new SSL instance");
return REDIS_ERR;
}
if (servername) {
if (!SSL_set_tlsext_host_name(s->ssl, servername)) {
__redisSetError(c, REDIS_ERR, "Couldn't set server name indication");
return REDIS_ERR;
}
}
SSL_set_fd(s->ssl, c->fd);
SSL_set_connect_state(s->ssl);

View File

@ -12,8 +12,8 @@ static inline void redisFreeSsl(redisSsl *ssl) {
(void)ssl;
}
static inline int redisSslCreate(struct redisContext *c, const char *ca,
const char *cert, const char *key) {
(void)c;(void)ca;(void)cert;(void)key;
const char *cert, const char *key, const char *servername) {
(void)c;(void)ca;(void)cert;(void)key;(void)servername;
return REDIS_ERR;
}
static inline int redisSslRead(struct redisContext *c, char *s, size_t n) {
@ -55,7 +55,7 @@ struct redisContext;
void redisFreeSsl(redisSsl *);
int redisSslCreate(struct redisContext *c, const char *caPath,
const char *certPath, const char *keyPath);
const char *certPath, const char *keyPath, const char *servername);
int redisSslRead(struct redisContext *c, char *buf, size_t bufcap);
int redisSslWrite(struct redisContext *c);