From a82fa352f10f3f95afaa8abe69fb607a8cd152cb Mon Sep 17 00:00:00 2001
From: Bob Chen <beef9999@qq.com>
Date: Wed, 13 Mar 2024 09:50:55 +0800
Subject: [PATCH] SNI by benwaffle - to release/0.6 (#401)

* SNI

* check error

* remove unecessary include

* fix

---------

Co-authored-by: Ben Iofel <bi@fly.io>
---
 net/http/client.cpp                 |  1 +
 net/http/test/client_tls_test.cpp   | 15 +++++++++++++++
 net/security-context/tls-stream.cpp | 13 +++++++++++++
 net/security-context/tls-stream.h   |  2 ++
 4 files changed, 31 insertions(+)

diff --git a/net/http/client.cpp b/net/http/client.cpp
index df349ba3..475b579c 100644
--- a/net/http/client.cpp
+++ b/net/http/client.cpp
@@ -73,6 +73,7 @@ ISocketStream* PooledDialer::dial(std::string_view host, uint16_t port, bool sec
     if (secure) {
         tlssock->timeout(timeout);
         sock = tlssock->connect(ep);
+        tls_stream_set_hostname(sock, strhost.c_str());
     } else {
         tcpsock->timeout(timeout);
         sock = tcpsock->connect(ep);
diff --git a/net/http/test/client_tls_test.cpp b/net/http/test/client_tls_test.cpp
index fce96908..533489b9 100644
--- a/net/http/test/client_tls_test.cpp
+++ b/net/http/test/client_tls_test.cpp
@@ -78,6 +78,21 @@ TEST(client_tls, basic) {
     EXPECT_EQ(true, "test" == op->resp.headers["Test_Handle"]);
 }
 
+// Server Name Indication (SNI) for SSL
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+TEST(http_client, SNI) {
+    auto tls = photon::net::new_tls_context();
+    DEFER(delete tls);
+    auto client = photon::net::http::new_http_client(nullptr, tls);
+    DEFER(delete client);
+    auto op = client->new_operation(photon::net::http::Verb::GET, "https://debug.fly.dev");
+    DEFER(delete op);
+    op->retry = 0;
+    int res = op->call();
+    ASSERT_EQ(0, res);
+}
+#endif
+
 int main(int argc, char** arg) {
     if (photon::init(photon::INIT_EVENT_DEFAULT, photon::INIT_IO_NONE))
         return -1;
diff --git a/net/security-context/tls-stream.cpp b/net/security-context/tls-stream.cpp
index dc3ffc59..b9dce05a 100644
--- a/net/security-context/tls-stream.cpp
+++ b/net/security-context/tls-stream.cpp
@@ -21,6 +21,7 @@ limitations under the License.
 #include <openssl/ssl.h>
 #include <photon/common/alog-stdstring.h>
 #include <photon/common/iovector.h>
+#include <photon/common/alog.h>
 #include <photon/net/basic_socket.h>
 #include <photon/net/socket.h>
 #include <photon/thread/thread.h>
@@ -403,6 +404,18 @@ ISocketStream* new_tls_stream(TLSContext* ctx, ISocketStream* base,
     return new TLSSocketStream(ctx, base, role, ownership);
 };
 
+void tls_stream_set_hostname(ISocketStream* stream, const char* hostname) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+    if (auto s1 = dynamic_cast<TLSSocketStream*>(stream)) {
+        if (SSL_set_tlsext_host_name(s1->ssl, hostname) != 1)
+            LOG_ERROR("Failed to set hostname on tls stream: `", VALUE(hostname));
+    } else if (auto s2 = dynamic_cast<ForwardSocketStream*>(stream)) {
+        auto underlay = static_cast<ISocketStream*>(s2->get_underlay_object(0));
+        tls_stream_set_hostname(underlay, hostname);
+    }
+#endif
+}
+
 class TLSSocketClient : public ForwardSocketClient {
 public:
     TLSContext* ctx;
diff --git a/net/security-context/tls-stream.h b/net/security-context/tls-stream.h
index 37ccdc63..4a8d02fd 100644
--- a/net/security-context/tls-stream.h
+++ b/net/security-context/tls-stream.h
@@ -97,5 +97,7 @@ ISocketServer* new_tls_server(TLSContext* ctx, ISocketServer* base,
 ISocketClient* new_tls_client(TLSContext* ctx, ISocketClient* base,
                               bool ownership = false);
 
+void tls_stream_set_hostname(ISocketStream* stream, const char* hostname);
+
 }  // namespace net
 }  // namespace photon