Log In
Log In
Places
All Projects
Status Monitor
Collapse sidebar
obs:server:fedora:2.10:testing
obs-server
obs-server-2.10-0133-backend-support-SSL-SNI-in...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File obs-server-2.10-0133-backend-support-SSL-SNI-in-BSSSL-and-BSRPC.patch of Package obs-server
From c198eed1b119d4a0c9d94f004349f207bf4baf20 Mon Sep 17 00:00:00 2001 From: Michael Schroeder <mls@suse.de> Date: Wed, 17 Feb 2021 12:06:21 +0100 Subject: [PATCH] [backend] support SSL SNI in BSSSL and BSRPC Some servers will not work unless SNI is used to send the hostname. --- src/backend/BSRPC.pm | 2 +- src/backend/BSSSL.pm | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/backend/BSRPC.pm b/src/backend/BSRPC.pm index cb7310035e..6ec67fadff 100644 --- a/src/backend/BSRPC.pm +++ b/src/backend/BSRPC.pm @@ -298,7 +298,7 @@ sub rpc { die("proxy tunnel: CONNECT method failed: $status\n") unless $status =~ /^200[^\d]/; } if ($proto eq 'https' || $proxytunnel) { - ($param->{'https'} || $tossl)->($sock, $param->{'ssl_keyfile'}, $param->{'ssl_certfile'}, 1); + ($param->{'https'} || $tossl)->($sock, $param->{'ssl_keyfile'}, $param->{'ssl_certfile'}, 1, $host); if ($param->{'sslpeerfingerprint'}) { die("bad sslpeerfingerprint '$param->{'sslpeerfingerprint'}'\n") unless $param->{'sslpeerfingerprint'} =~ /^(.*?):(.*)$/s; my $pfp = tied(*{$sock})->peerfingerprint($1); diff --git a/src/backend/BSSSL.pm b/src/backend/BSSSL.pm index 1861dc2ee8..d09beb7820 100644 --- a/src/backend/BSSSL.pm +++ b/src/backend/BSSSL.pm @@ -65,7 +65,7 @@ sub tossl { } sub TIEHANDLE { - my ($self, $socket, $keyfile, $certfile, $forceconnect) = @_; + my ($self, $socket, $keyfile, $certfile, $forceconnect, $sni) = @_; initctx() unless $sslctx; my $ssl = Net::SSLeay::new($sslctx) or die("SSL_new failed\n"); @@ -79,6 +79,7 @@ sub TIEHANDLE { if (defined($keyfile) && !$forceconnect) { Net::SSLeay::accept($ssl) == 1 || die("SSL_accept\n"); } else { + Net::SSLeay::set_tlsext_host_name($ssl, $sni) if $sni && defined(&Net::SSLeay::set_tlsext_host_name); Net::SSLeay::connect($ssl) || die("SSL_connect"); } return bless [$ssl, $socket]; -- 2.35.3
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Contact
Support
@OBShq
The Open Build Service is an
openSUSE project
.
Log In
Places
Places
All Projects
Status Monitor