From: Timo Sirainen <timo.sirainen@dovecot.fi>
Date: Wed, 1 Nov 2017 10:58:46 +0000 (+0200)
Subject: lib-ssl-iostream: Split host to connected_host and sni_host
X-Git-Tag: 2.2.34~144
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=657f59b5dfec4ac251661e81233a6ee4ed666973;p=thirdparty%2Fdovecot%2Fcore.git

lib-ssl-iostream: Split host to connected_host and sni_host

Using the same variable for both was causing confusion.
---

diff --git a/src/lib-ssl-iostream/iostream-openssl-context.c b/src/lib-ssl-iostream/iostream-openssl-context.c
index b2d8ea6e10..4dca1fd97a 100644
--- a/src/lib-ssl-iostream/iostream-openssl-context.c
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c
@@ -267,8 +267,8 @@ static int ssl_servername_callback(SSL *ssl, int *al ATTR_UNUSED,
 	ssl_io = SSL_get_ex_data(ssl, dovecot_ssl_extdata_index);
 	host = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
 	if (SSL_get_servername_type(ssl) != -1) {
-		i_free(ssl_io->host);
-		ssl_io->host = i_strdup(host);
+		i_free(ssl_io->sni_host);
+		ssl_io->sni_host = i_strdup(host);
 	} else if (ssl_io->verbose) {
 		i_debug("SSL_get_servername() failed");
 	}
diff --git a/src/lib-ssl-iostream/iostream-openssl.c b/src/lib-ssl-iostream/iostream-openssl.c
index 3d4b17b6be..71f48df629 100644
--- a/src/lib-ssl-iostream/iostream-openssl.c
+++ b/src/lib-ssl-iostream/iostream-openssl.c
@@ -242,7 +242,7 @@ openssl_iostream_create(struct ssl_iostream_context *ctx, const char *host,
 	ssl_io->bio_ext = bio_ext;
 	ssl_io->plain_input = *input;
 	ssl_io->plain_output = *output;
-	ssl_io->host = i_strdup(host);
+	ssl_io->connected_host = i_strdup(host);
 	ssl_io->log_prefix = host == NULL ? i_strdup("") :
 		i_strdup_printf("%s: ", host);
 	/* bio_int will be freed by SSL_free() */
@@ -283,7 +283,8 @@ static void openssl_iostream_free(struct ssl_iostream *ssl_io)
 	SSL_free(ssl_io->ssl);
 	i_free(ssl_io->plain_stream_errstr);
 	i_free(ssl_io->last_error);
-	i_free(ssl_io->host);
+	i_free(ssl_io->connected_host);
+	i_free(ssl_io->sni_host);
 	i_free(ssl_io->log_prefix);
 	i_free(ssl_io);
 }
@@ -688,7 +689,7 @@ openssl_iostream_get_peer_name(struct ssl_iostream *ssl_io)
 
 static const char *openssl_iostream_get_server_name(struct ssl_iostream *ssl_io)
 {
-	return ssl_io->host;
+	return ssl_io->sni_host;
 }
 
 static const char *
diff --git a/src/lib-ssl-iostream/iostream-openssl.h b/src/lib-ssl-iostream/iostream-openssl.h
index d46d608d10..d8d3d5348e 100644
--- a/src/lib-ssl-iostream/iostream-openssl.h
+++ b/src/lib-ssl-iostream/iostream-openssl.h
@@ -33,7 +33,10 @@ struct ssl_iostream {
 	struct istream *ssl_input;
 	struct ostream *ssl_output;
 
-	char *host;
+	/* SSL clients: host where we connected to */
+	char *connected_host;
+	/* SSL servers: host requested by the client via SNI */
+	char *sni_host;
 	char *last_error;
 	char *log_prefix;
 	char *plain_stream_errstr;