OSDN -- Desarrollar y descargar software de código abierto
Translation Status of Español translation status for es
  • R/O
  • HTTP
  • SSH
  • HTTPS
Fork

Commit

Tags
No Tags

Frequently used words (click to add to your profile)

javac++androidlinuxc#windowsobjective-ccocoa誰得qtpythonphprubygameguibathyscaphec計画中(planning stage)翻訳omegatframeworktwitterdomtestvb.netdirectxゲームエンジンbtronarduinopreviewer

Commit MetaInfo

Revisión121f3e090a645baec25b19239242ab91e7617aee (tree)
Tiempo2021-11-21 21:33:54
Autordyknon <dyknon@user...>
Commiterdyknon

Log Message

SNI support

Cambiar Resumen

Diferencia incremental

--- a/debian/patches/Add-SNI-support.patch
+++ b/debian/patches/Add-SNI-support.patch
@@ -3,12 +3,12 @@ Date: Sun, 21 Nov 2021 18:48:30 +0900
33 Subject: Add SNI support
44
55 ---
6- SSLBridge.cpp | 52 +++++++++++++++++++++++++++-------------------------
7- SSLBridge.hpp | 3 ++-
8- 2 files changed, 29 insertions(+), 26 deletions(-)
6+ SSLBridge.cpp | 84 +++++++++++++++++++++++++++++++++++++----------------------
7+ SSLBridge.hpp | 7 ++++-
8+ 2 files changed, 59 insertions(+), 32 deletions(-)
99
1010 diff --git a/SSLBridge.cpp b/SSLBridge.cpp
11-index b9259ad..832adc7 100644
11+index b9259ad..93f2b7c 100644
1212 --- a/SSLBridge.cpp
1313 +++ b/SSLBridge.cpp
1414 @@ -26,15 +26,13 @@ X509* SSLBridge::getServerCertificate() {
@@ -51,42 +51,72 @@ index b9259ad..832adc7 100644
5151 SSL_CTX_set_mode(context, SSL_MODE_AUTO_RETRY);
5252 }
5353
54-@@ -71,18 +70,30 @@ void SSLBridge::setServerName() {
54+@@ -70,32 +69,64 @@ void SSLBridge::setServerName() {
55+ free(serverNameStr);
5556 }
5657
58++int SSLBridge::cert_cb(SSL *ssl, void *self){
59++ ((SSLBridge *)self)->setupServerCert();
60++ return 1;
61++}
62++
5763 void SSLBridge::handshakeWithClient(CertificateManager &manager, bool wildcardOK) {
64+- Certificate *leaf;
65+- std::list<Certificate*> *chain;
5866 + ip::address_v4 serverAddress = serverSocket->remote_endpoint().address().to_v4();
59- Certificate *leaf;
60- std::list<Certificate*> *chain;
61-
62-+ /* Server handshake */
63-+ if (SSL_connect(serverSession) < 0) {
64-+ Logger::logError("Error on SSL Connect.");
65-+ throw SSLConnectionError();
66-+ }
67-+ cache->setNewSessionId(serverSession, SSL_get1_session(serverSession),
68-+ serverAddress.to_bytes().data(),
69-+ serverAddress.to_bytes().size());
67++ this->wildcardOK = wildcardOK;
68++ this->certman = &manager;
7069 +
7170 + /* Client handhake */
72- ip::tcp::endpoint endpoint = getRemoteEndpoint();
73- manager.getCertificateForTarget(endpoint, wildcardOK, getServerCertificate(), &leaf, &chain);
71+
72+- ip::tcp::endpoint endpoint = getRemoteEndpoint();
73+- manager.getCertificateForTarget(endpoint, wildcardOK, getServerCertificate(), &leaf, &chain);
7474 -
75-+
76- setServerName();
75+- setServerName();
7776 -
78-+
7977 SSL_CTX *clientContext = SSL_CTX_new(SSLv23_server_method());
8078 - buildClientContext(clientContext, leaf, chain);
8179 + buildClientContext(clientContext);
80++ SSL_CTX_set_cert_cb(clientContext, SSLBridge::cert_cb, this);
8281
8382 SSL *clientSession = SSL_new(clientContext);
84-+ useCertkey(clientSession, leaf, chain);
83++ this->clientSession = clientSession;
8584 SSL_set_fd(clientSession, clientSocket->native_handle());
8685
8786 if (SSL_accept(clientSession) == 0) {
88-@@ -93,9 +104,9 @@ void SSLBridge::handshakeWithClient(CertificateManager &manager, bool wildcardOK
89- this->clientSession = clientSession;
87+ Logger::logError("SSL Accept Failed!");
88+ throw SSLConnectionError();
89+ }
90++ setServerName();
91++}
92+
93+- this->clientSession = clientSession;
94++void SSLBridge::setupServerCert(){
95++ ip::address_v4 serverAddress = serverSocket->remote_endpoint().address().to_v4();
96++ ip::tcp::endpoint endpoint = getRemoteEndpoint();
97++ Certificate *leaf;
98++ std::list<Certificate*> *chain;
99++
100++ /* handle SNI */
101++ int sntype = SSL_get_servername_type(clientSession);
102++ if(sntype == TLSEXT_NAMETYPE_host_name){
103++ const char *sname = SSL_get_servername(clientSession, sntype);
104++ SSL_set_tlsext_host_name(serverSession, sname);
105++ }
106++
107++ /* Server handshake */
108++ if (SSL_connect(serverSession) < 0) {
109++ Logger::logError("Error on SSL Connect.");
110++ throw SSLConnectionError();
111++ }
112++ cache->setNewSessionId(serverSession, SSL_get1_session(serverSession),
113++ serverAddress.to_bytes().data(),
114++ serverAddress.to_bytes().size());
115++
116++ /* Generate and set certificate */
117++ certman->getCertificateForTarget(
118++ endpoint, wildcardOK, getServerCertificate(), &leaf, &chain);
119++ useCertkey(clientSession, leaf, chain);
90120 }
91121
92122 +/* Do not start TLS handshake: to support SNI */
@@ -96,7 +126,7 @@ index b9259ad..832adc7 100644
96126 ip::address_v4 serverAddress = serverSocket->remote_endpoint().address().to_v4();
97127 SSL_CTX *serverCtx = SSL_CTX_new(SSLv23_client_method());;
98128 SSL *serverSession = SSL_new(serverCtx);;
99-@@ -112,15 +123,6 @@ void SSLBridge::handshakeWithServer() {
129+@@ -112,15 +143,6 @@ void SSLBridge::handshakeWithServer() {
100130 SSL_set_connect_state(serverSession);
101131 SSL_set_fd(serverSession, serverSocket->native_handle());
102132 SSL_set_options(serverSession, SSL_OP_ALL);
@@ -113,16 +143,23 @@ index b9259ad..832adc7 100644
113143 this->serverSession = serverSession;
114144 }
115145 diff --git a/SSLBridge.hpp b/SSLBridge.hpp
116-index 753bd4e..d871c2f 100644
146+index 753bd4e..82a44a2 100644
117147 --- a/SSLBridge.hpp
118148 +++ b/SSLBridge.hpp
119-@@ -99,7 +99,8 @@ private:
149+@@ -98,10 +98,15 @@ private:
150+ struct pollfd *pfds;
120151 std::optional<Lane> lanes[2];
121152
153++ bool wildcardOK;
154++ CertificateManager *certman;
122155 X509* getServerCertificate();
123156 - void buildClientContext(SSL_CTX *context, Certificate *leaf, std::list<Certificate*> *chain);
124157 + void buildClientContext(SSL_CTX *context);
125158 + void useCertkey(SSL *context, Certificate *leaf, std::list<Certificate*> *chain);
159++ void setupServerCert();
126160 int forwardData(SSL *from, SSL *to);
127161 void setServerName();
162++ static int cert_cb(SSL *ssl, void *self);
163+
164+ public:
128165