BUG/MEDIUM: ssl: for a handshake when server-side SNI changes

Calling SSL_set_tlsext_host_name() on the current SSL ctx has no effect
if the session is being resumed because the hostname is already stored
in the session and is not advertised again in subsequent connections.
It's visible when enabling SNI and health checks at the same time because
checks do not send an SNI and regular traffic reuses the same connection,
resulting in no SNI being sent.

The only short-term solution is to reset the reused session when the
SNI changes compared to the previous one. It can make the server-side
performance suffer when SNIs are interleaved but it will work. A better
long-term solution would be to keep a small cache of a few contexts for
a few SNIs.

Now with SSL_set_session(ctx, NULL) it works. This needs to be double-
checked though. The man says that SSL_set_session() frees any previously
existing context. Some people report a bit of breakage when calling
SSL_set_session(NULL) on openssl 1.1.0a (freed session not reusable at
all though it's not an issue for now).

This needs to be backported to 1.7 and 1.6.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index c5905f92fbb11730c6565d0cfcb9d4b38212e5ea..acf1c39ce3acf6a55429f0e1743dbc4655c25b01 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4248,12 +4248,27 @@ char *ssl_sock_get_version(struct connection *conn)
        return (char *)SSL_get_version(conn->xprt_ctx);
 }
 
+/* Sets advertised SNI for outgoing connections. Please set <hostname> to NULL
+ * to disable SNI.
+ */
 void ssl_sock_set_servername(struct connection *conn, const char *hostname)
 {
 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+       char *prev_name;
+
        if (!ssl_sock_is_ssl(conn))
                return;
 
+       /* if the SNI changes, we must destroy the reusable context so that a
+        * new connection will present a new SNI. As an optimization we could
+        * later imagine having a small cache of ssl_ctx to hold a few SNI per
+        * server.
+        */
+       prev_name = (char *)SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
+       if ((!prev_name && hostname) ||
+           (prev_name && (!hostname || strcmp(hostname, prev_name) != 0)))
+               SSL_set_session(conn->xprt_ctx, NULL);
+
        SSL_set_tlsext_host_name(conn->xprt_ctx, hostname);
 #endif
 }