From 8ec98dd875fd6a810693852d63f42f95dbbaeb52 Mon Sep 17 00:00:00 2001 From: Abhik Chatterjee Date: Fri, 29 May 2015 13:54:24 -0700 Subject: [PATCH] Comparing against tlsExthostname_ Summary: Instead of comparing tlsExthostname_ with NULL, we are comparing it against tlsExthostname_. Test Plan: Automated tests Reviewed By: afrind@fb.com Subscribers: folly-diffs@, yfeldblum, chalfant, moa FB internal diff: D2106257 Tasks: 4751985 Signature: t1:2106257:1432932687:78c6244392d7842e844a3c1e654ffc4dc0e760a2 --- folly/io/async/AsyncSSLSocket.cpp | 5 +++- folly/io/async/test/AsyncSSLSocketTest.cpp | 35 ++++++++++++++++++++++ 2 files changed, 39 insertions(+), 1 deletion(-) diff --git a/folly/io/async/AsyncSSLSocket.cpp b/folly/io/async/AsyncSSLSocket.cpp index cec2cdeb..3eeb932f 100644 --- a/folly/io/async/AsyncSSLSocket.cpp +++ b/folly/io/async/AsyncSSLSocket.cpp @@ -559,7 +559,10 @@ bool AsyncSSLSocket::isServerNameMatch() const { return false; } - return (ss->tlsext_hostname ? true : false); + if(!ss->tlsext_hostname) { + return false; + } + return (tlsextHostname_.compare(ss->tlsext_hostname) ? false : true); } void AsyncSSLSocket::setServerName(std::string serverName) noexcept { diff --git a/folly/io/async/test/AsyncSSLSocketTest.cpp b/folly/io/async/test/AsyncSSLSocketTest.cpp index de88b059..20f782a1 100644 --- a/folly/io/async/test/AsyncSSLSocketTest.cpp +++ b/folly/io/async/test/AsyncSSLSocketTest.cpp @@ -499,6 +499,41 @@ TEST(AsyncSSLSocketTest, SNITestNotMatch) { EXPECT_TRUE(!client.serverNameMatch); EXPECT_TRUE(!server.serverNameMatch); } +/** + * 1. Client sends TLSEXT_HOSTNAME in client hello. + * 2. We then change the serverName. + * 3. We expect that we get 'false' as the result for serNameMatch. + */ + +TEST(AsyncSSLSocketTest, SNITestChangeServerName) { + EventBase eventBase; + std::shared_ptr clientCtx(new SSLContext); + std::shared_ptr dfServerCtx(new SSLContext); + // Use the same SSLContext to continue the handshake after + // tlsext_hostname match. + std::shared_ptr hskServerCtx(dfServerCtx); + const std::string serverName("xyz.newdev.facebook.com"); + int fds[2]; + getfds(fds); + getctx(clientCtx, dfServerCtx); + + AsyncSSLSocket::UniquePtr clientSock( + new AsyncSSLSocket(clientCtx, &eventBase, fds[0], serverName)); + //Change the server name + std::string newName("new.com"); + clientSock->setServerName(newName); + AsyncSSLSocket::UniquePtr serverSock( + new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true)); + SNIClient client(std::move(clientSock)); + SNIServer server(std::move(serverSock), + dfServerCtx, + hskServerCtx, + serverName); + + eventBase.loop(); + + EXPECT_TRUE(!client.serverNameMatch); +} /** * 1. Client does not send TLSEXT_HOSTNAME in client hello. -- 2.34.1