1 commit d2906ca519ecc9fb864eb7005809982322137964
2 Author: Frank Denis <github@pureftpd.org>
3 Date: Fri Mar 15 13:12:04 2019 +0100
5 Add tlsext servername callback
7 diff --git a/src/tls.c b/src/tls.c
8 index e4bddb2..f34617b 100644
11 @@ -219,6 +219,18 @@ static void tls_init_cache(void)
12 SSL_CTX_set_timeout(tls_ctx, 60 * 60L);
15 +static int ssl_servername_cb(SSL *cnx, int *al, void *arg)
17 + const char *servername;
19 + if ((servername = SSL_get_servername(cnx, TLSEXT_NAMETYPE_host_name))
21 + logfile(LOG_INFO, "SNI: [%s]", servername);
22 + return SSL_TLSEXT_ERR_NOACK;
24 + return SSL_TLSEXT_ERR_OK;
27 # ifdef DISABLE_SSL_RENEGOTIATION
28 static void ssl_info_cb(const SSL *cnx, int where, int ret)
30 @@ -348,6 +360,7 @@ int tls_init_library(void)
31 SSL_CTX_set_options(tls_ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
33 SSL_CTX_set_info_callback(tls_ctx, ssl_info_cb);
34 + SSL_CTX_set_tlsext_servername_callback(tls_ctx, ssl_servername_cb);
36 SSL_CTX_set_verify_depth(tls_ctx, 6);
37 if (ssl_verify_client_cert) {
38 commit 1d110dd103d306ce14c17320a03d6c324ef2db9c
39 Author: Frank Denis <github@pureftpd.org>
40 Date: Fri Mar 15 13:45:14 2019 +0100
42 Don't log a NULL name :)
44 diff --git a/src/tls.c b/src/tls.c
45 index f34617b..6078dd7 100644
48 @@ -225,9 +225,10 @@ static int ssl_servername_cb(SSL *cnx, int *al, void *arg)
50 if ((servername = SSL_get_servername(cnx, TLSEXT_NAMETYPE_host_name))
52 - logfile(LOG_INFO, "SNI: [%s]", servername);
53 return SSL_TLSEXT_ERR_NOACK;
55 + logfile(LOG_INFO, "SNI: [%s]", servername);
57 return SSL_TLSEXT_ERR_OK;
60 commit f0659f8357952c0a95cd62c938bd6c9852cd78f9
61 Author: Frank Denis <github@pureftpd.org>
62 Date: Fri Mar 15 14:14:15 2019 +0100
66 diff --git a/src/tls.c b/src/tls.c
67 index 6078dd7..a992473 100644
70 @@ -224,7 +224,7 @@ static int ssl_servername_cb(SSL *cnx, int *al, void *arg)
71 const char *servername;
73 if ((servername = SSL_get_servername(cnx, TLSEXT_NAMETYPE_host_name))
75 + == NULL || *servername == 0) {
76 return SSL_TLSEXT_ERR_NOACK;
78 logfile(LOG_INFO, "SNI: [%s]", servername);