diff options
| author | Ravi Teja <raviteja28031990@gmail.com> | 2023-07-31 17:39:32 +0300 |
|---|---|---|
| committer | Ed Tanous <ed@tanous.net> | 2023-08-24 19:18:30 +0300 |
| commit | e7c2991e044d2e31f911a237b7ee41197b7d018c (patch) | |
| tree | a30a67feeb0e2a4c55bd61eb5b5934386f84515d /http | |
| parent | 18fc70c08f3e6ef4ef0be523760882a5ccda4d72 (diff) | |
| download | bmcweb-e7c2991e044d2e31f911a237b7ee41197b7d018c.tar.xz | |
Avoid setting SNI hostname for IP addresses
ssl_handshake fails while establishing connection to IPv6 destination
address, as IPv6 addresses considered as invalid value for SNI hostname
due to special characters.
SNI allows valid HostName which allows characters are only {alphabetic
characters (A-Z), numeric characters (0-9), the minus sign
This commit adds check to avoid setting SNI hostname if its an IP
address
Tested By: Verified redfish events 1. Subscribing Destination with IPv6
address. 2. Subscribing Destination with IPv4 address.
Change-Id: I32d30292bbc29c753f1c1815c66fcc93e8074eaa
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>
Diffstat (limited to 'http')
| -rw-r--r-- | http/http_client.hpp | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/http/http_client.hpp b/http/http_client.hpp index 2cbdbbcef1..046df2e0f0 100644 --- a/http/http_client.hpp +++ b/http/http_client.hpp @@ -552,6 +552,13 @@ class ConnectionInfo : public std::enable_shared_from_this<ConnectionInfo> { return; } + + if (host.host_type() != boost::urls::host_type::name) + { + // Avoid setting SNI hostname if its IP address + return; + } + // Create a null terminated string for SSL std::string hostname(host.encoded_host_address()); // NOTE: The SSL_set_tlsext_host_name is defined in tlsv1.h header // file but its having old style casting (name is cast to void*). |