summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--examples/example-libevent-ssl.c2
-rw-r--r--examples/example-ssl.c2
-rw-r--r--hiredis.c4
-rw-r--r--hiredis.h2
-rw-r--r--sslio.c8
-rw-r--r--sslio.h6
6 files changed, 15 insertions, 9 deletions
diff --git a/examples/example-libevent-ssl.c b/examples/example-libevent-ssl.c
index f780e3e..562e1a1 100644
--- a/examples/example-libevent-ssl.c
+++ b/examples/example-libevent-ssl.c
@@ -57,7 +57,7 @@ int main (int argc, char **argv) {
printf("Error: %s\n", c->errstr);
return 1;
}
- if (redisSecureConnection(&c->c, caCert, cert, certKey) != REDIS_OK) {
+ if (redisSecureConnection(&c->c, caCert, cert, certKey, "sni") != REDIS_OK) {
printf("SSL Error!\n");
exit(1);
}
diff --git a/examples/example-ssl.c b/examples/example-ssl.c
index 28489e4..a90b78a 100644
--- a/examples/example-ssl.c
+++ b/examples/example-ssl.c
@@ -30,7 +30,7 @@ int main(int argc, char **argv) {
exit(1);
}
- if (redisSecureConnection(c, ca, cert, key) != REDIS_OK) {
+ if (redisSecureConnection(c, ca, cert, key, "sni") != REDIS_OK) {
printf("Couldn't initialize SSL!\n");
printf("Error: %s\n", c->errstr);
redisFree(c);
diff --git a/hiredis.c b/hiredis.c
index 7ba51f6..dd499b8 100644
--- a/hiredis.c
+++ b/hiredis.c
@@ -753,8 +753,8 @@ redisContext *redisConnectFd(int fd) {
}
int redisSecureConnection(redisContext *c, const char *caPath,
- const char *certPath, const char *keyPath) {
- return redisSslCreate(c, caPath, certPath, keyPath);
+ const char *certPath, const char *keyPath, const char *servername) {
+ return redisSslCreate(c, caPath, certPath, keyPath, servername);
}
/* Set read/write timeout on a blocking socket. */
diff --git a/hiredis.h b/hiredis.h
index bb9b6a7..0d646f8 100644
--- a/hiredis.h
+++ b/hiredis.h
@@ -207,7 +207,7 @@ redisContext *redisConnectFd(int fd);
* executed on the connection.
*/
int redisSecureConnection(redisContext *c, const char *capath, const char *certpath,
- const char *keypath);
+ const char *keypath, const char *servername);
/**
* Reconnect the given context using the saved information.
diff --git a/sslio.c b/sslio.c
index 8933f95..efbf06e 100644
--- a/sslio.c
+++ b/sslio.c
@@ -87,7 +87,7 @@ void redisFreeSsl(redisSsl *ssl){
}
int redisSslCreate(redisContext *c, const char *capath, const char *certpath,
- const char *keypath) {
+ const char *keypath, const char *servername) {
assert(!c->ssl);
c->ssl = calloc(1, sizeof(*c->ssl));
static int isInit = 0;
@@ -131,6 +131,12 @@ int redisSslCreate(redisContext *c, const char *capath, const char *certpath,
__redisSetError(c, REDIS_ERR, "Couldn't create new SSL instance");
return REDIS_ERR;
}
+ if (servername) {
+ if (!SSL_set_tlsext_host_name(s->ssl, servername)) {
+ __redisSetError(c, REDIS_ERR, "Couldn't set server name indication");
+ return REDIS_ERR;
+ }
+ }
SSL_set_fd(s->ssl, c->fd);
SSL_set_connect_state(s->ssl);
diff --git a/sslio.h b/sslio.h
index 9edac87..e5493b7 100644
--- a/sslio.h
+++ b/sslio.h
@@ -12,8 +12,8 @@ static inline void redisFreeSsl(redisSsl *ssl) {
(void)ssl;
}
static inline int redisSslCreate(struct redisContext *c, const char *ca,
- const char *cert, const char *key) {
- (void)c;(void)ca;(void)cert;(void)key;
+ const char *cert, const char *key, const char *servername) {
+ (void)c;(void)ca;(void)cert;(void)key;(void)servername;
return REDIS_ERR;
}
static inline int redisSslRead(struct redisContext *c, char *s, size_t n) {
@@ -55,7 +55,7 @@ struct redisContext;
void redisFreeSsl(redisSsl *);
int redisSslCreate(struct redisContext *c, const char *caPath,
- const char *certPath, const char *keyPath);
+ const char *certPath, const char *keyPath, const char *servername);
int redisSslRead(struct redisContext *c, char *buf, size_t bufcap);
int redisSslWrite(struct redisContext *c);