Commit 8ec98dd8 authored by Abhik Chatterjee's avatar Abhik Chatterjee Committed by Noam Lerner

Comparing against tlsExthostname_

Summary:
Instead of comparing tlsExthostname_ with NULL, we are comparing it
against tlsExthostname_.

Test Plan: Automated tests

Reviewed By: afrind@fb.com

Subscribers: folly-diffs@, yfeldblum, chalfant, moa

FB internal diff: D2106257

Tasks: 4751985

Signature: t1:2106257:1432932687:78c6244392d7842e844a3c1e654ffc4dc0e760a2
parent b044e5c9
...@@ -559,7 +559,10 @@ bool AsyncSSLSocket::isServerNameMatch() const { ...@@ -559,7 +559,10 @@ bool AsyncSSLSocket::isServerNameMatch() const {
return false; return false;
} }
return (ss->tlsext_hostname ? true : false); if(!ss->tlsext_hostname) {
return false;
}
return (tlsextHostname_.compare(ss->tlsext_hostname) ? false : true);
} }
void AsyncSSLSocket::setServerName(std::string serverName) noexcept { void AsyncSSLSocket::setServerName(std::string serverName) noexcept {
......
...@@ -499,6 +499,41 @@ TEST(AsyncSSLSocketTest, SNITestNotMatch) { ...@@ -499,6 +499,41 @@ TEST(AsyncSSLSocketTest, SNITestNotMatch) {
EXPECT_TRUE(!client.serverNameMatch); EXPECT_TRUE(!client.serverNameMatch);
EXPECT_TRUE(!server.serverNameMatch); EXPECT_TRUE(!server.serverNameMatch);
} }
/**
* 1. Client sends TLSEXT_HOSTNAME in client hello.
* 2. We then change the serverName.
* 3. We expect that we get 'false' as the result for serNameMatch.
*/
TEST(AsyncSSLSocketTest, SNITestChangeServerName) {
EventBase eventBase;
std::shared_ptr<SSLContext> clientCtx(new SSLContext);
std::shared_ptr<SSLContext> dfServerCtx(new SSLContext);
// Use the same SSLContext to continue the handshake after
// tlsext_hostname match.
std::shared_ptr<SSLContext> hskServerCtx(dfServerCtx);
const std::string serverName("xyz.newdev.facebook.com");
int fds[2];
getfds(fds);
getctx(clientCtx, dfServerCtx);
AsyncSSLSocket::UniquePtr clientSock(
new AsyncSSLSocket(clientCtx, &eventBase, fds[0], serverName));
//Change the server name
std::string newName("new.com");
clientSock->setServerName(newName);
AsyncSSLSocket::UniquePtr serverSock(
new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true));
SNIClient client(std::move(clientSock));
SNIServer server(std::move(serverSock),
dfServerCtx,
hskServerCtx,
serverName);
eventBase.loop();
EXPECT_TRUE(!client.serverNameMatch);
}
/** /**
* 1. Client does not send TLSEXT_HOSTNAME in client hello. * 1. Client does not send TLSEXT_HOSTNAME in client hello.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment