int has_rsa_sig = 0, has_ecdsa_sig = 0;
char *wildp = NULL;
- const uint8_t *servername;
+ const char *servername;
size_t servername_len;
struct ebmb_node *node, *n, *node_ecdsa = NULL, *node_rsa = NULL, *node_anonymous = NULL;
int allow_early = 0;
if (len == 0 || len + 2 > extension_len || len > TLSEXT_MAXLEN_host_name
|| memchr(extension_data, 0, len) != NULL)
goto abort;
- servername = extension_data;
+ servername = (char *)extension_data;
servername_len = len;
} else {
#if (!defined SSL_NO_GENERATE_CERTIFICATES)
wildp = &trash.area[i];
}
trash.area[i] = 0;
+ servername = trash.area;
HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
* name and if not found in the wildcard */
for (i = 0; i < 2; i++) {
if (i == 0) /* lookup in full qualified names */
- node = ebst_lookup(&s->sni_ctx, trash.area);
+ node = ebst_lookup(&s->sni_ctx, servername);
else if (i == 1 && wildp) /* lookup in wildcards names */
node = ebst_lookup(&s->sni_w_ctx, wildp);
else
/* If this is a wildcard, look for an exclusion on the same crt-list line */
sni = container_of(n, struct sni_ctx, name);
list_for_each_entry(sni_tmp, &sni->ckch_inst->sni_ctx, by_ckch_inst) {
- if (sni_tmp->neg && (strcmp((const char *)sni_tmp->name.key, trash.area) == 0)) {
+ if (sni_tmp->neg && (strcmp((const char *)sni_tmp->name.key, servername) == 0)) {
skip = 1;
break;
}
HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
#if (!defined SSL_NO_GENERATE_CERTIFICATES)
- if (s->options & BC_O_GENERATE_CERTS && ssl_sock_generate_certificate(trash.area, s, ssl)) {
+ if (s->options & BC_O_GENERATE_CERTS && ssl_sock_generate_certificate(servername, s, ssl)) {
/* switch ctx done in ssl_sock_generate_certificate */
goto allow_early;
}
{
char *client_sni = pool_alloc(ssl_sock_client_sni_pool);
if (client_sni) {
- strncpy(client_sni, trash.area, TLSEXT_MAXLEN_host_name);
+ strncpy(client_sni, servername, TLSEXT_MAXLEN_host_name);
client_sni[TLSEXT_MAXLEN_host_name] = '\0';
SSL_set_ex_data(ssl, ssl_client_sni_index, client_sni);
}
wildp = &trash.area[i];
}
trash.area[i] = 0;
+ servername = trash.area;
HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
* name and if not found in the wildcard */
for (i = 0; i < 2; i++) {
if (i == 0) /* lookup in full qualified names */
- node = ebst_lookup(&s->sni_ctx, trash.area);
+ node = ebst_lookup(&s->sni_ctx, servername);
else if (i == 1 && wildp) /* lookup in wildcards names */
node = ebst_lookup(&s->sni_w_ctx, wildp);
else
/* If this is a wildcard, look for an exclusion on the same crt-list line */
sni = container_of(n, struct sni_ctx, name);
list_for_each_entry(sni_tmp, &sni->ckch_inst->sni_ctx, by_ckch_inst) {
- if (sni_tmp->neg && (strcmp((const char *)sni_tmp->name.key, trash.area) == 0)) {
+ if (sni_tmp->neg && (strcmp((const char *)sni_tmp->name.key, servername) == 0)) {
skip = 1;
break;
}
{
char *client_sni = pool_alloc(ssl_sock_client_sni_pool);
if (client_sni) {
- strncpy(client_sni, trash.area, TLSEXT_MAXLEN_host_name);
+ strncpy(client_sni, servername, TLSEXT_MAXLEN_host_name);
client_sni[TLSEXT_MAXLEN_host_name] = '\0';
SSL_set_ex_data(ssl, ssl_client_sni_index, client_sni);
}
projects / thirdparty / haproxy.git / commitdiff
