[Spice-commits] src/spice-channel.c
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Mon Aug 23 08:49:52 UTC 2021
src/spice-channel.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
New commits:
commit 0031c57fccaa1514bea7dcef450207faba77af34
Author: Frediano Ziglio <freddy77 at gmail.com>
Date: Fri Aug 20 06:59:19 2021 +0100
Add support for SNI connecting trough TLS
This will pass hostname.
This fixes https://gitlab.freedesktop.org/spice/spice-gtk/-/issues/137.
You can easily verify the change with a network capture program running
something like
remote-viewer spice+tls://www.spice-space.org:443
you will see the hostname in the initial exchange.
Signed-off-by: Frediano Ziglio <freddy77 at gmail.com>
Acked-by: Victor Toso <victortoso at redhat.com>
diff --git a/src/spice-channel.c b/src/spice-channel.c
index ab38571..d6199a5 100644
--- a/src/spice-channel.c
+++ b/src/spice-channel.c
@@ -2633,6 +2633,19 @@ reconnect:
spice_session_get_cert_subject(c->session));
}
+#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
+ {
+ const char *hostname = spice_session_get_host(c->session);
+ // check is not an ip address
+ GInetAddress * ip = g_inet_address_new_from_string(hostname);
+ if (ip == NULL) {
+ SSL_set_tlsext_host_name(c->ssl, hostname);
+ } else {
+ g_object_unref(ip);
+ }
+ }
+#endif
+
ssl_reconnect:
rc = SSL_connect(c->ssl);
if (rc <= 0) {
More information about the Spice-commits
mailing list