diff options
| author | valentino <valentino@redislabs.com> | 2018-12-20 16:26:24 +0200 |
|---|---|---|
| committer | Mark Nunberg <mnunberg@haskalah.org> | 2019-02-20 09:10:10 -0500 |
| commit | 58222c26f4889c3f83c453bd7ec87e387459fd0c (patch) | |
| tree | cf07f0fefd55a3ea381f1d26567252c4899ada12 | |
| parent | 389e694abe6bb9ed6e5a44674d89a866c5231422 (diff) | |
Support SNI
| -rw-r--r-- | examples/example-libevent-ssl.c | 2 | ||||
| -rw-r--r-- | examples/example-ssl.c | 2 | ||||
| -rw-r--r-- | hiredis.c | 4 | ||||
| -rw-r--r-- | hiredis.h | 2 | ||||
| -rw-r--r-- | sslio.c | 8 | ||||
| -rw-r--r-- | sslio.h | 6 |
6 files changed, 15 insertions, 9 deletions
diff --git a/examples/example-libevent-ssl.c b/examples/example-libevent-ssl.c index f780e3e..562e1a1 100644 --- a/examples/example-libevent-ssl.c +++ b/examples/example-libevent-ssl.c @@ -57,7 +57,7 @@ int main (int argc, char **argv) { printf("Error: %s\n", c->errstr); return 1; } - if (redisSecureConnection(&c->c, caCert, cert, certKey) != REDIS_OK) { + if (redisSecureConnection(&c->c, caCert, cert, certKey, "sni") != REDIS_OK) { printf("SSL Error!\n"); exit(1); } diff --git a/examples/example-ssl.c b/examples/example-ssl.c index 28489e4..a90b78a 100644 --- a/examples/example-ssl.c +++ b/examples/example-ssl.c @@ -30,7 +30,7 @@ int main(int argc, char **argv) { exit(1); } - if (redisSecureConnection(c, ca, cert, key) != REDIS_OK) { + if (redisSecureConnection(c, ca, cert, key, "sni") != REDIS_OK) { printf("Couldn't initialize SSL!\n"); printf("Error: %s\n", c->errstr); redisFree(c); @@ -753,8 +753,8 @@ redisContext *redisConnectFd(int fd) { } int redisSecureConnection(redisContext *c, const char *caPath, - const char *certPath, const char *keyPath) { - return redisSslCreate(c, caPath, certPath, keyPath); + const char *certPath, const char *keyPath, const char *servername) { + return redisSslCreate(c, caPath, certPath, keyPath, servername); } /* Set read/write timeout on a blocking socket. */ @@ -207,7 +207,7 @@ redisContext *redisConnectFd(int fd); * executed on the connection. */ int redisSecureConnection(redisContext *c, const char *capath, const char *certpath, - const char *keypath); + const char *keypath, const char *servername); /** * Reconnect the given context using the saved information. @@ -87,7 +87,7 @@ void redisFreeSsl(redisSsl *ssl){ } int redisSslCreate(redisContext *c, const char *capath, const char *certpath, - const char *keypath) { + const char *keypath, const char *servername) { assert(!c->ssl); c->ssl = calloc(1, sizeof(*c->ssl)); static int isInit = 0; @@ -131,6 +131,12 @@ int redisSslCreate(redisContext *c, const char *capath, const char *certpath, __redisSetError(c, REDIS_ERR, "Couldn't create new SSL instance"); return REDIS_ERR; } + if (servername) { + if (!SSL_set_tlsext_host_name(s->ssl, servername)) { + __redisSetError(c, REDIS_ERR, "Couldn't set server name indication"); + return REDIS_ERR; + } + } SSL_set_fd(s->ssl, c->fd); SSL_set_connect_state(s->ssl); @@ -12,8 +12,8 @@ static inline void redisFreeSsl(redisSsl *ssl) { (void)ssl; } static inline int redisSslCreate(struct redisContext *c, const char *ca, - const char *cert, const char *key) { - (void)c;(void)ca;(void)cert;(void)key; + const char *cert, const char *key, const char *servername) { + (void)c;(void)ca;(void)cert;(void)key;(void)servername; return REDIS_ERR; } static inline int redisSslRead(struct redisContext *c, char *s, size_t n) { @@ -55,7 +55,7 @@ struct redisContext; void redisFreeSsl(redisSsl *); int redisSslCreate(struct redisContext *c, const char *caPath, - const char *certPath, const char *keyPath); + const char *certPath, const char *keyPath, const char *servername); int redisSslRead(struct redisContext *c, char *buf, size_t bufcap); int redisSslWrite(struct redisContext *c); |