Skip to content

Commit

Permalink
crypto: use SSL_get_servername.
Browse files Browse the repository at this point in the history
(Patch by David Benjamin.)

Rather than reach into the SSL_SESSION, use the intended API,
SSL_get_servername. This will also help the transition to OpenSSL 1.1.0.

Also don't fill in the tlsTicket field here. This is never read by
oncertcb and was always false anyway; that field is maintained by
clients and tracks whether the server issued a ticket or a session ID.

(Note this is distinct from the copy passed to onclienthello which is
used and is not a no-op.)

PR-URL: #9347
Reviewed-By: Fedor Indutny <[email protected]>
Reviewed-By: Shigeki Ohtsu <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
  • Loading branch information
agl authored and MylesBorins committed Dec 21, 2016
1 parent 8994562 commit fd9939f
Showing 1 changed file with 7 additions and 12 deletions.
19 changes: 7 additions & 12 deletions src/node_crypto.cc
Original file line number Diff line number Diff line change
Expand Up @@ -2131,18 +2131,13 @@ int SSLWrap<Base>::SSLCertCallback(SSL* s, void* arg) {

Local<Object> info = Object::New(env->isolate());

SSL_SESSION* sess = SSL_get_session(s);
if (sess != nullptr) {
if (sess->tlsext_hostname == nullptr) {
info->Set(env->servername_string(), String::Empty(env->isolate()));
} else {
Local<String> servername = OneByteString(env->isolate(),
sess->tlsext_hostname,
strlen(sess->tlsext_hostname));
info->Set(env->servername_string(), servername);
}
info->Set(env->tls_ticket_string(),
Boolean::New(env->isolate(), sess->tlsext_ticklen != 0));
const char* servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
if (servername == nullptr) {
info->Set(env->servername_string(), String::Empty(env->isolate()));
} else {
Local<String> str = OneByteString(env->isolate(), servername,
strlen(servername));
info->Set(env->servername_string(), str);
}

bool ocsp = false;
Expand Down

0 comments on commit fd9939f

Please sign in to comment.