diff options
author | Steve Bennett <steveb@workware.net.au> | 2020-05-03 21:26:25 +1000 |
---|---|---|
committer | Steve Bennett <steveb@workware.net.au> | 2020-05-06 11:22:56 +1000 |
commit | 305a61b3d3a69aaea55e15e3fbd47b1c4247cf33 (patch) | |
tree | 0c63be28b4c8247bcab676775727d375ef91be74 /jim-aio.c | |
parent | 90669224d718ec875d83df47694370d1cc6ccf23 (diff) | |
download | jimtcl-305a61b3d3a69aaea55e15e3fbd47b1c4247cf33.zip jimtcl-305a61b3d3a69aaea55e15e3fbd47b1c4247cf33.tar.gz jimtcl-305a61b3d3a69aaea55e15e3fbd47b1c4247cf33.tar.bz2 |
aio: ssl: Allow SNI to be specified
For some SSL connections it is necessary to set the Server Name
Indication in the connection in order to receive the correct
certificate. Allow this as part of the client ssl call with:
$sock ssl -sni $servername
Also for -server mode, allow the certificate and private key to be
stored in a single file and only be specified once.
Signed-off-by: Steve Bennett <steveb@workware.net.au>
Diffstat (limited to 'jim-aio.c')
-rw-r--r-- | jim-aio.c | 41 |
1 files changed, 31 insertions, 10 deletions
@@ -1421,15 +1421,31 @@ static int aio_cmd_ssl(Jim_Interp *interp, int argc, Jim_Obj *const *argv) SSL *ssl; SSL_CTX *ssl_ctx; int server = 0; + const char *sni = NULL; - if (argc == 5) { - if (!Jim_CompareStringImmediate(interp, argv[2], "-server")) { + if (argc > 2) { + static const char * const options[] = { "-server", "-sni", NULL }; + enum { OPT_SERVER, OPT_SNI }; + int option; + + if (Jim_GetEnum(interp, argv[2], options, &option, NULL, JIM_ERRMSG) != JIM_OK) { return JIM_ERR; } - server = 1; - } - else if (argc != 2) { - return -1; + switch (option) { + case OPT_SERVER: + if (argc != 4 && argc != 5) { + return JIM_ERR; + } + server = 1; + break; + + case OPT_SNI: + if (argc != 4) { + return JIM_ERR; + } + sni = Jim_String(argv[3]); + break; + } } if (af->ssl) { @@ -1454,11 +1470,12 @@ static int aio_cmd_ssl(Jim_Interp *interp, int argc, Jim_Obj *const *argv) } if (server) { - if (SSL_use_certificate_file(ssl, Jim_String(argv[3]), SSL_FILETYPE_PEM) != 1) { + const char *certfile = Jim_String(argv[3]); + const char *keyfile = (argc == 4) ? certfile : Jim_String(argv[4]); + if (SSL_use_certificate_file(ssl, certfile, SSL_FILETYPE_PEM) != 1) { goto out; } - - if (SSL_use_PrivateKey_file(ssl, Jim_String(argv[4]), SSL_FILETYPE_PEM) != 1) { + if (SSL_use_PrivateKey_file(ssl, keyfile, SSL_FILETYPE_PEM) != 1) { goto out; } @@ -1467,6 +1484,10 @@ static int aio_cmd_ssl(Jim_Interp *interp, int argc, Jim_Obj *const *argv) } } else { + if (sni) { + /* Set server name indication if requested */ + SSL_set_tlsext_host_name(ssl, sni); + } if (SSL_connect(ssl) != 1) { goto out; } @@ -1796,7 +1817,7 @@ static const jim_subcmd_type aio_command_table[] = { #if !defined(JIM_BOOTSTRAP) #if defined(JIM_SSL) { "ssl", - "?-server cert priv?", + "?-server cert ?priv?|-sni servername?", aio_cmd_ssl, 0, 3, |