JSSE: set peer InetAddress in WolfSSLSocket.connect(), use as first choice for SNI if jdk.tls.trustNameService set to true
Chris Conlon
parent
f29486d72e
commit
76513f60de
|
|
@ -176,10 +176,28 @@ public class WolfSSLEngineHelper {
|
||||||
* @param port peer port number
|
* @param port peer port number
|
||||||
*/
|
*/
|
||||||
protected void setHostAndPort(String hostname, int port) {
|
protected void setHostAndPort(String hostname, int port) {
|
||||||
|
|
||||||
|
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
|
||||||
|
"entered setHostAndPort()");
|
||||||
|
|
||||||
this.hostname = hostname;
|
this.hostname = hostname;
|
||||||
this.port = port;
|
this.port = port;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Set peer InetAddress.
|
||||||
|
* Used by SSLSocket.connect() when InetAddress is passed in from user.
|
||||||
|
*
|
||||||
|
* @param peerAddr InetAddress of peer
|
||||||
|
*/
|
||||||
|
protected void setPeerAddress(InetAddress peerAddr) {
|
||||||
|
|
||||||
|
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
|
||||||
|
"entered setPeerAddress()");
|
||||||
|
|
||||||
|
this.peerAddr = peerAddr;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the com.wolfssl.WolfSSLSession for this object
|
* Get the com.wolfssl.WolfSSLSession for this object
|
||||||
*
|
*
|
||||||
|
|
@ -619,9 +637,12 @@ public class WolfSSLEngineHelper {
|
||||||
* is defined by Oracle to be true.
|
* is defined by Oracle to be true.
|
||||||
*
|
*
|
||||||
* We first try to set SNI names from SSLParameters if set by the user.
|
* We first try to set SNI names from SSLParameters if set by the user.
|
||||||
* If not set in SSLParameters, use the hostname string if set when
|
* If not set in SSLParameters, try to set using InetAddress.getHostName()
|
||||||
* SSLSocket was created, and if not set using InetAddress.getHostName()
|
* IFF 'jdk.tls.trustNameService` System property has been set to true.
|
||||||
* ONLY if 'jdk.tls.trustNameService' is set to true.
|
* Otherwise fall back and set based on hostname String if not null.
|
||||||
|
* hostname String may be either IP address or fully qualified domain
|
||||||
|
* name depending on what createSocket() API the user has called and with
|
||||||
|
* what String.
|
||||||
*/
|
*/
|
||||||
private void setLocalServerNames() {
|
private void setLocalServerNames() {
|
||||||
|
|
||||||
|
|
@ -654,28 +675,31 @@ public class WolfSSLEngineHelper {
|
||||||
}
|
}
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
if (this.hostname != null) {
|
if (this.peerAddr != null && trustNameService) {
|
||||||
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
|
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
|
||||||
"setting SNI extension with hostname: " +
|
"setting SNI extension with " +
|
||||||
this.hostname);
|
"InetAddress.getHostName(): " +
|
||||||
this.ssl.useSNI((byte)0, this.hostname.getBytes());
|
this.peerAddr.getHostName());
|
||||||
|
|
||||||
|
this.ssl.useSNI((byte)0,
|
||||||
|
this.peerAddr.getHostName().getBytes());
|
||||||
}
|
}
|
||||||
else if (this.peerAddr != null) {
|
else if (this.hostname != null) {
|
||||||
if (trustNameService) {
|
if (peerAddr != null) {
|
||||||
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
|
|
||||||
"setting SNI extension with " +
|
|
||||||
"InetAddress.getHostName(): " +
|
|
||||||
this.peerAddr.getHostName());
|
|
||||||
|
|
||||||
this.ssl.useSNI((byte)0,
|
|
||||||
this.peerAddr.getHostName().getBytes());
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
|
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
|
||||||
"jdk.tls.trustNameService not set to true, " +
|
"jdk.tls.trustNameService not set to true, " +
|
||||||
"not doing reverse DNS lookup to set SNI");
|
"not doing reverse DNS lookup to set SNI");
|
||||||
|
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
|
||||||
|
"setting SNI extension with hostname: " +
|
||||||
|
this.hostname);
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
|
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
|
||||||
|
"peerAddr is null, setting SNI extension with " +
|
||||||
|
"hostname: " + this.hostname);
|
||||||
|
}
|
||||||
|
this.ssl.useSNI((byte)0, this.hostname.getBytes());
|
||||||
|
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
|
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
|
||||||
|
|
|
||||||
|
|
@ -1791,6 +1791,7 @@ public class WolfSSLSocket extends SSLSocket {
|
||||||
EngineHelper.setHostAndPort(
|
EngineHelper.setHostAndPort(
|
||||||
address.getAddress().getHostAddress(),
|
address.getAddress().getHostAddress(),
|
||||||
address.getPort());
|
address.getPort());
|
||||||
|
EngineHelper.setPeerAddress(address.getAddress());
|
||||||
}
|
}
|
||||||
|
|
||||||
/* if user is calling after WolfSSLSession creation, register
|
/* if user is calling after WolfSSLSession creation, register
|
||||||
|
|
@ -1841,6 +1842,7 @@ public class WolfSSLSocket extends SSLSocket {
|
||||||
EngineHelper.setHostAndPort(
|
EngineHelper.setHostAndPort(
|
||||||
address.getAddress().getHostAddress(),
|
address.getAddress().getHostAddress(),
|
||||||
address.getPort());
|
address.getPort());
|
||||||
|
EngineHelper.setPeerAddress(address.getAddress());
|
||||||
}
|
}
|
||||||
|
|
||||||
/* if user is calling after WolfSSLSession creation, register
|
/* if user is calling after WolfSSLSession creation, register
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue