git: 9front

Info  •  Files  •  Log  •  Branches

webfs: send servername in tls client hello (SNI)

--- a/sys/src/cmd/webfs/http.c

+++ b/sys/src/cmd/webfs/http.c

@@ -73,7 +73,7 @@

 }

 static int

-tlswrap(int fd)

+tlswrap(int fd, char *servername)

 {

 	TLSconn conn;

@@ -80,6 +80,8 @@

 	memset(&conn, 0, sizeof(conn));

 	if(debug)

 		conn.trace = tlstrace;

+	if(servername != nil)

+		conn.serverName = smprint("%H", servername);

 	if((fd = tlsClient(fd, &conn)) < 0){

 		if(debug) fprint(2, "tlsClient: %r\n");

 		return -1;

@@ -86,6 +88,7 @@

 	}

 	free(conn.cert);

 	free(conn.sessionID);

+	free(conn.serverName);

 	return fd;

 }

@@ -123,10 +126,10 @@

 	if((fd = dial(addr, 0, 0, &ctl)) >= 0){

 		if(proxy){

 			if(strcmp(proxy->scheme, "https") == 0)

-				fd = tlswrap(fd);

+				fd = tlswrap(fd, proxy->host);

 		} else {

 			if(strcmp(u->scheme, "https") == 0)

-				fd = tlswrap(fd);

+				fd = tlswrap(fd, u->host);

 		}

 	}

 	if(fd < 0){

@@ -905,7 +908,7 @@

 		 * then the proxy server has established the connection.

 		 */

 		if(h->tunnel && !retry && (i/100) == 2){

-			if((h->fd = tlswrap(h->fd)) < 0)

+			if((h->fd = tlswrap(h->fd, host)) < 0)

 				break;

 			/* proceed to the original request */

-- 

⑨