Merge remote-tracking branch 'origin/release/0.6' into release/0.7

Coldwings · Mar 13, 2024 · 852e7b1 · 852e7b1
2 parents 930ae49 + a82fa35
commit 852e7b1
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -35,4 +35,3 @@
 <img src="/doc/static/img/slack.svg" width="20"> Join Slack: [link](https://join.slack.com/t/photonlibos/shared_invite/zt-25wauq8g1-iK_oHMrXetcvWNNhIt8Nkg)
 
 <img src="/doc/static/img/dingtalk.svg" width="20"> Join DingTalk group: 55690000272
-
diff --git a/net/http/client.cpp b/net/http/client.cpp
@@ -79,6 +79,7 @@ ISocketStream* PooledDialer::dial(std::string_view host, uint16_t port, bool sec
     if (secure) {
         tlssock->timeout(timeout);
         sock = tlssock->connect(ep);
+        tls_stream_set_hostname(sock, strhost.c_str());
     } else {
         tcpsock->timeout(timeout);
         sock = tcpsock->connect(ep);

diff --git a/net/http/test/client_tls_test.cpp b/net/http/test/client_tls_test.cpp
@@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
+#include <openssl/ssl.h>
 #include <gtest/gtest.h>
 
 #include <photon/photon.h>
@@ -78,6 +79,21 @@ TEST(client_tls, basic) {
     EXPECT_EQ(true, "test" == op->resp.headers["Test_Handle"]);
 }
 
+// Server Name Indication (SNI) for SSL
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+TEST(http_client, SNI) {
+    auto tls = photon::net::new_tls_context();
+    DEFER(delete tls);
+    auto client = photon::net::http::new_http_client(nullptr, tls);
+    DEFER(delete client);
+    auto op = client->new_operation(photon::net::http::Verb::GET, "https://debug.fly.dev");
+    DEFER(delete op);
+    op->retry = 0;
+    int res = op->call();
+    ASSERT_EQ(0, res);
+}
+#endif
+
 int main(int argc, char** arg) {
     if (photon::init(photon::INIT_EVENT_DEFAULT, photon::INIT_IO_NONE))
         return -1;

diff --git a/net/security-context/tls-stream.cpp b/net/security-context/tls-stream.cpp
@@ -21,6 +21,7 @@ limitations under the License.
 #include <openssl/ssl.h>
 #include <photon/common/alog-stdstring.h>
 #include <photon/common/iovector.h>
+#include <photon/common/alog.h>
 #include <photon/net/basic_socket.h>
 #include <photon/net/socket.h>
 #include <photon/thread/thread.h>
@@ -406,6 +407,18 @@ ISocketStream* new_tls_stream(TLSContext* ctx, ISocketStream* base,
     return new TLSSocketStream(ctx, base, role, ownership);
 };
 
+void tls_stream_set_hostname(ISocketStream* stream, const char* hostname) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+    if (auto s1 = dynamic_cast<TLSSocketStream*>(stream)) {
+        if (SSL_set_tlsext_host_name(s1->ssl, hostname) != 1)
+            LOG_ERROR("Failed to set hostname on tls stream: `", VALUE(hostname));
+    } else if (auto s2 = dynamic_cast<ForwardSocketStream*>(stream)) {
+        auto underlay = static_cast<ISocketStream*>(s2->get_underlay_object(0));
+        tls_stream_set_hostname(underlay, hostname);
+    }
+#endif
+}
+
 class TLSSocketClient : public ForwardSocketClient {
 public:
     TLSContext* ctx;

diff --git a/net/security-context/tls-stream.h b/net/security-context/tls-stream.h
@@ -97,5 +97,7 @@ ISocketServer* new_tls_server(TLSContext* ctx, ISocketServer* base,
 ISocketClient* new_tls_client(TLSContext* ctx, ISocketClient* base,
                               bool ownership = false);
 
+void tls_stream_set_hostname(ISocketStream* stream, const char* hostname);
+
 }  // namespace net
 }  // namespace photon