WolfSSL
/
wolfssljni
mirror of https://github.com/wolfSSL/wolfssljni.git
1
0
Fork 0
Code Issues Releases Wiki Activity

JSSE: set peer InetAddress in WolfSSLSocket.connect(), use as first choice for SNI if jdk.tls.trustNameService set to true

pull/159/head
Chris Conlon 2023-11-28 10:27:03 -07:00
parent f29486d72e
commit 76513f60de
2 changed files with 44 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java
View File

@ -176,10 +176,28 @@ public class WolfSSLEngineHelper {
* @param port peer port number
*/
protected void setHostAndPort(String hostname, int port) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
"entered setHostAndPort()");
this.hostname = hostname;
this.port = port;
}
/**
* Set peer InetAddress.
* Used by SSLSocket.connect() when InetAddress is passed in from user.
*
* @param peerAddr InetAddress of peer
*/
protected void setPeerAddress(InetAddress peerAddr) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
"entered setPeerAddress()");
this.peerAddr = peerAddr;
}
/**
* Get the com.wolfssl.WolfSSLSession for this object
*
@ -619,9 +637,12 @@ public class WolfSSLEngineHelper {
* is defined by Oracle to be true.
*
* We first try to set SNI names from SSLParameters if set by the user.
* If not set in SSLParameters, use the hostname string if set when
* SSLSocket was created, and if not set using InetAddress.getHostName()
* ONLY if 'jdk.tls.trustNameService' is set to true.
* If not set in SSLParameters, try to set using InetAddress.getHostName()
* IFF 'jdk.tls.trustNameService` System property has been set to true.
* Otherwise fall back and set based on hostname String if not null.
* hostname String may be either IP address or fully qualified domain
* name depending on what createSocket() API the user has called and with
* what String.
*/
private void setLocalServerNames() {
@ -654,28 +675,31 @@ public class WolfSSLEngineHelper {
}
} else {
if (this.hostname != null) {
if (this.peerAddr != null && trustNameService) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
"setting SNI extension with hostname: " +
this.hostname);
this.ssl.useSNI((byte)0, this.hostname.getBytes());
"setting SNI extension with " +
"InetAddress.getHostName(): " +
this.peerAddr.getHostName());
this.ssl.useSNI((byte)0,
this.peerAddr.getHostName().getBytes());
}
else if (this.peerAddr != null) {
if (trustNameService) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
"setting SNI extension with " +
"InetAddress.getHostName(): " +
this.peerAddr.getHostName());
this.ssl.useSNI((byte)0,
this.peerAddr.getHostName().getBytes());
}
else {
else if (this.hostname != null) {
if (peerAddr != null) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
"jdk.tls.trustNameService not set to true, " +
"not doing reverse DNS lookup to set SNI");
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
"setting SNI extension with hostname: " +
this.hostname);
}
else {
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
"peerAddr is null, setting SNI extension with " +
"hostname: " + this.hostname);
}
this.ssl.useSNI((byte)0, this.hostname.getBytes());
}
else {
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,

2
src/java/com/wolfssl/provider/jsse/WolfSSLSocket.java
View File

@ -1791,6 +1791,7 @@ public class WolfSSLSocket extends SSLSocket {
EngineHelper.setHostAndPort(
address.getAddress().getHostAddress(),
address.getPort());
EngineHelper.setPeerAddress(address.getAddress());
}
/* if user is calling after WolfSSLSession creation, register
@ -1841,6 +1842,7 @@ public class WolfSSLSocket extends SSLSocket {
EngineHelper.setHostAndPort(
address.getAddress().getHostAddress(),
address.getPort());
EngineHelper.setPeerAddress(address.getAddress());
}
/* if user is calling after WolfSSLSession creation, register