aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeffrey Armstrong <jeffrey.armstrong@approximatrix.com>2020-05-19 08:36:22 -0400
committerJeffrey Armstrong <jeffrey.armstrong@approximatrix.com>2020-05-19 08:36:22 -0400
commit2492cdf6ce85963f2fe269b4d41fd09d92ccf277 (patch)
treec1025eecf8da7263923392ff1c657db75b0ef76e
parent273cccb1a687dfe7d74486def016514a7887c1f5 (diff)
downloadLR-87-2492cdf6ce85963f2fe269b4d41fd09d92ccf277.zip
LR-87-2492cdf6ce85963f2fe269b4d41fd09d92ccf277.tar.gz
Requests should now include SNI over TLS
-rw-r--r--jessl.f9043
-rw-r--r--request.f907
2 files changed, 49 insertions, 1 deletions
diff --git a/jessl.f90 b/jessl.f90
index bd9d1fe..0df3180 100644
--- a/jessl.f90
+++ b/jessl.f90
@@ -23,8 +23,14 @@
! Just Enough SSL...
module jessl
+use iso_c_binding
implicit none
+ ! Constants needed for SNI
+ integer(kind=c_long), parameter::TLSEXT_NAMETYPE_host_name = 0
+
+ integer(kind=c_int), parameter::SSL_CTRL_SET_TLSEXT_HOSTNAME = 55
+
interface
subroutine library_init() bind(c, name="OPENSSL_init_ssl")
@@ -90,6 +96,15 @@ implicit none
type(c_ptr), value::ctx
end function ctx_free
+ function ssl_ctrl_c(ctx, cmd, arg, vp) bind(c, name="SSL_ctrl")
+ use iso_c_binding
+ type(c_ptr), value::ctx
+ integer(kind=c_int), value::cmd
+ integer(kind=c_long), value::arg
+ type(c_ptr), value::vp
+ integer(kind=c_long)::ssl_ctrl_c
+ end function ssl_ctrl_c
+
! Actually a macro...
!function get_cipher_c(ssl) bind(c, name="SSL_get_cipher_name")
!use iso_c_binding
@@ -207,5 +222,33 @@ contains
end if
end subroutine get_cipher
+
+ function set_tlsext_host_name(ctx, hostname)
+ use iso_c_binding
+ implicit none
+
+ type(c_ptr)::ctx
+ character(*), intent(in)::hostname
+ integer::set_tlsext_host_name
+
+ character(kind=c_char), dimension(:), allocatable, target::chostname
+
+ integer::i
+
+ allocate(chostname(len_trim(hostname)+1))
+
+ do i = 1, len_trim(hostname)
+ chostname(i) = hostname(i:i)
+ end do
+ chostname(len_trim(hostname)+1) = c_null_char
+
+ set_tlsext_host_name = ssl_ctrl_c(ctx, &
+ SSL_CTRL_SET_TLSEXT_HOSTNAME, &
+ TLSEXT_NAMETYPE_host_name, &
+ c_loc(chostname))
+
+ deallocate(chostname)
+
+ end function set_tlsext_host_name
end module jessl
diff --git a/request.f90 b/request.f90
index ec35772..139b368 100644
--- a/request.f90
+++ b/request.f90
@@ -115,10 +115,15 @@ contains
! Set up ssl now
ssl_method = tls_client_method()
conn%ssl_ctx = ctx_new(ssl_method)
+
conn%ssl = ssl_new(conn%ssl_ctx)
- if((.not. c_associated(conn%ssl)) .or. (set_fd(conn%ssl, conn%socket) /= 1)) then
+ if((.not. c_associated(conn%ssl)) .or. &
+ (set_tlsext_host_name(conn%ssl, server) == 0) .OR. &
+ (set_fd(conn%ssl, conn%socket) /= 1)) then
+
conn%code = CONNECTION_SSL_SETUP_FAILURE
return
+
end if
! Connect via ssl