Comparing against tlsExthostname_

author Abhik Chatterjee <chat@fb.com>

Fri, 29 May 2015 20:54:24 +0000 (13:54 -0700)

committer Noam Lerner <noamler@fb.com>

Wed, 3 Jun 2015 16:51:47 +0000 (09:51 -0700)
author Abhik Chatterjee <chat@fb.com>
Fri, 29 May 2015 20:54:24 +0000 (13:54 -0700)
committer Noam Lerner <noamler@fb.com>
Wed, 3 Jun 2015 16:51:47 +0000 (09:51 -0700)
diff --git a/folly/io/async/AsyncSSLSocket.cpp b/folly/io/async/AsyncSSLSocket.cpp

index cec2cdeb15ea6fd9703d76ebcd74b7ab67d204ce..3eeb932f0592cf9235c6a5b526da4efa105149a8 100644 (file)
--- a/folly/io/async/AsyncSSLSocket.cpp
+++ b/folly/io/async/AsyncSSLSocket.cpp
@@ -559,7 +559,10 @@ bool AsyncSSLSocket::isServerNameMatch() const {
      return false;
    }
  
-  return (ss->tlsext_hostname ? true : false);
+  if(!ss->tlsext_hostname) {
+    return false;
+  }
+  return (tlsextHostname_.compare(ss->tlsext_hostname) ? false : true);
  }
  
  void AsyncSSLSocket::setServerName(std::string serverName) noexcept {
diff --git a/folly/io/async/test/AsyncSSLSocketTest.cpp b/folly/io/async/test/AsyncSSLSocketTest.cpp

index de88b059420701ca9f0185f73079b46050cf4721..20f782a1e59d535dfa6d75c30cebff269f5c1806 100644 (file)
--- a/folly/io/async/test/AsyncSSLSocketTest.cpp
+++ b/folly/io/async/test/AsyncSSLSocketTest.cpp
@@ -499,6 +499,41 @@ TEST(AsyncSSLSocketTest, SNITestNotMatch) {
    EXPECT_TRUE(!client.serverNameMatch);
    EXPECT_TRUE(!server.serverNameMatch);
  }
+/**
+ * 1. Client sends TLSEXT_HOSTNAME in client hello.
+ * 2. We then change the serverName.
+ * 3. We expect that we get 'false' as the result for serNameMatch.
+ */
+
+TEST(AsyncSSLSocketTest, SNITestChangeServerName) {
+   EventBase eventBase;
+  std::shared_ptr<SSLContext> clientCtx(new SSLContext);
+  std::shared_ptr<SSLContext> dfServerCtx(new SSLContext);
+  // Use the same SSLContext to continue the handshake after
+  // tlsext_hostname match.
+  std::shared_ptr<SSLContext> hskServerCtx(dfServerCtx);
+  const std::string serverName("xyz.newdev.facebook.com");
+  int fds[2];
+  getfds(fds);
+  getctx(clientCtx, dfServerCtx);
+
+  AsyncSSLSocket::UniquePtr clientSock(
+    new AsyncSSLSocket(clientCtx, &eventBase, fds[0], serverName));
+  //Change the server name
+  std::string newName("new.com");
+  clientSock->setServerName(newName);
+  AsyncSSLSocket::UniquePtr serverSock(
+    new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true));
+  SNIClient client(std::move(clientSock));
+  SNIServer server(std::move(serverSock),
+                   dfServerCtx,
+                   hskServerCtx,
+                   serverName);
+
+  eventBase.loop();
+
+  EXPECT_TRUE(!client.serverNameMatch);
+}
  
  /**
   * 1. Client does not send TLSEXT_HOSTNAME in client hello.
author	Abhik Chatterjee <chat@fb.com>
	Fri, 29 May 2015 20:54:24 +0000 (13:54 -0700)
committer	Noam Lerner <noamler@fb.com>
	Wed, 3 Jun 2015 16:51:47 +0000 (09:51 -0700)
folly/io/async/AsyncSSLSocket.cpp		patch \| blob \| history
folly/io/async/test/AsyncSSLSocketTest.cpp		patch \| blob \| history