Commit 0031c57f authored by Frediano Ziglio's avatar Frediano Ziglio
Browse files

Add support for SNI connecting trough TLS

This will pass hostname.
This fixes #137.

You can easily verify the change with a network capture program running
something like

    remote-viewer spice+tls://www.spice-space.org:443



you will see the hostname in the initial exchange.
Signed-off-by: Frediano Ziglio's avatarFrediano Ziglio <freddy77@gmail.com>
Acked-by: Victor Toso's avatarVictor Toso <victortoso@redhat.com>
parent 151d9204
Pipeline #386662 passed with stage
in 3 minutes and 35 seconds
......@@ -2633,6 +2633,19 @@ reconnect:
spice_session_get_cert_subject(c->session));
}
#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
{
const char *hostname = spice_session_get_host(c->session);
// check is not an ip address
GInetAddress * ip = g_inet_address_new_from_string(hostname);
if (ip == NULL) {
SSL_set_tlsext_host_name(c->ssl, hostname);
} else {
g_object_unref(ip);
}
}
#endif
ssl_reconnect:
rc = SSL_connect(c->ssl);
if (rc <= 0) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment