Browse Source

crypto: use SSL_get_servername.

(Patch by David Benjamin.)

Rather than reach into the SSL_SESSION, use the intended API,
SSL_get_servername. This will also help the transition to OpenSSL 1.1.0.

Also don't fill in the tlsTicket field here. This is never read by
oncertcb and was always false anyway; that field is maintained by
clients and tracks whether the server issued a ticket or a session ID.

(Note this is distinct from the copy passed to onclienthello which is
used and is not a no-op.)

PR-URL: https://github.com/nodejs/node/pull/9347
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
v6
Adam Langley 8 years ago
committed by Shigeki Ohtsu
parent
commit
305f75a17a
  1. 19
      src/node_crypto.cc

19
src/node_crypto.cc

@ -2351,18 +2351,13 @@ int SSLWrap<Base>::SSLCertCallback(SSL* s, void* arg) {
Local<Object> info = Object::New(env->isolate());
SSL_SESSION* sess = SSL_get_session(s);
if (sess != nullptr) {
if (sess->tlsext_hostname == nullptr) {
info->Set(env->servername_string(), String::Empty(env->isolate()));
} else {
Local<String> servername = OneByteString(env->isolate(),
sess->tlsext_hostname,
strlen(sess->tlsext_hostname));
info->Set(env->servername_string(), servername);
}
info->Set(env->tls_ticket_string(),
Boolean::New(env->isolate(), sess->tlsext_ticklen != 0));
const char* servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
if (servername == nullptr) {
info->Set(env->servername_string(), String::Empty(env->isolate()));
} else {
Local<String> str = OneByteString(env->isolate(), servername,
strlen(servername));
info->Set(env->servername_string(), str);
}
bool ocsp = false;

Loading…
Cancel
Save