File obs-server-2.10-0133-backend-support-SSL-SNI-in... of Package obs-server

Overview Repositories Revisions Requests Users Attributes Meta

File obs-server-2.10-0133-backend-support-SSL-SNI-in-BSSSL-and-BSRPC.patch of Package obs-server

From c198eed1b119d4a0c9d94f004349f207bf4baf20 Mon Sep 17 00:00:00 2001
From: Michael Schroeder <mls@suse.de>
Date: Wed, 17 Feb 2021 12:06:21 +0100
Subject: [PATCH] [backend] support SSL SNI in BSSSL and BSRPC

Some servers will not work unless SNI is used to send the hostname.
---
 src/backend/BSRPC.pm | 2 +-
 src/backend/BSSSL.pm | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/backend/BSRPC.pm b/src/backend/BSRPC.pm
index cb7310035e..6ec67fadff 100644
--- a/src/backend/BSRPC.pm
+++ b/src/backend/BSRPC.pm
@@ -298,7 +298,7 @@ sub rpc {
       die("proxy tunnel: CONNECT method failed: $status\n") unless $status =~ /^200[^\d]/;
     }
     if ($proto eq 'https' || $proxytunnel) {
-      ($param->{'https'} || $tossl)->($sock, $param->{'ssl_keyfile'}, $param->{'ssl_certfile'}, 1);
+      ($param->{'https'} || $tossl)->($sock, $param->{'ssl_keyfile'}, $param->{'ssl_certfile'}, 1, $host);
       if ($param->{'sslpeerfingerprint'}) {
 	die("bad sslpeerfingerprint '$param->{'sslpeerfingerprint'}'\n") unless $param->{'sslpeerfingerprint'} =~ /^(.*?):(.*)$/s;
 	my $pfp =  tied(*{$sock})->peerfingerprint($1);
diff --git a/src/backend/BSSSL.pm b/src/backend/BSSSL.pm
index 1861dc2ee8..d09beb7820 100644
--- a/src/backend/BSSSL.pm
+++ b/src/backend/BSSSL.pm
@@ -65,7 +65,7 @@ sub tossl {
 }
 
 sub TIEHANDLE {
-  my ($self, $socket, $keyfile, $certfile, $forceconnect) = @_;
+  my ($self, $socket, $keyfile, $certfile, $forceconnect, $sni) = @_;
 
   initctx() unless $sslctx;
   my $ssl = Net::SSLeay::new($sslctx) or die("SSL_new failed\n");
@@ -79,6 +79,7 @@ sub TIEHANDLE {
   if (defined($keyfile) && !$forceconnect) {
     Net::SSLeay::accept($ssl) == 1 || die("SSL_accept\n");
   } else {
+    Net::SSLeay::set_tlsext_host_name($ssl, $sni) if $sni && defined(&Net::SSLeay::set_tlsext_host_name);
     Net::SSLeay::connect($ssl) || die("SSL_connect");
   }
   return bless [$ssl, $socket];
-- 
2.35.3

Places

File obs-server-2.10-0133-backend-support-SSL-SNI-in-BSSSL-and-BSRPC.patch of Package obs-server

Places