Add client support for SNI

Stephen von Takach · Stephen von Takach · commit 72fb5946d828 · 2017-02-04T12:12:11.000+11:00
diff --git a/lib/ruby-tls/ssl.rb b/lib/ruby-tls/ssl.rb
@@ -3,7 +3,7 @@
 require 'ffi'
 require 'ffi-compiler/loader'
 require 'thread'
-require 'thread_safe'
+require 'concurrent'
 
 
 module RubyTls
@@ -141,6 +141,14 @@ def self.SSL_CTX_sess_set_cache_size(ssl_ctx, op)
             SSL_CTX_ctrl(ssl_ctx, SSL_CTRL_SET_SESS_CACHE_SIZE, op, nil)
         end
 
+        attach_function :SSL_ctrl, [:ssl, :int, :long, :pointer], :long
+        SSL_CTRL_SET_TLSEXT_HOSTNAME = 55
+        TLSEXT_NAMETYPE_host_name = 0
+        def self.SSL_set_tlsext_host_name(ssl, host_name)
+            name = FFI::MemoryPointer.from_string(host_name)
+            SSL_ctrl(ssl, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, name)
+        end
+
         attach_function :SSL_CTX_use_PrivateKey_file, [:ssl_ctx, :string, :int], :int, :blocking => true
         attach_function :SSL_CTX_use_PrivateKey, [:ssl_ctx, :pointer], :int
         attach_function :ERR_print_errors_fp, [:pointer], :void     # Pointer == File Handle
@@ -295,7 +303,7 @@ class Context
             SESSION = 'ruby-tls'
 
 
-            ALPN_LOOKUP = ThreadSafe::Cache.new
+            ALPN_LOOKUP = ::Concurrent::Map.new
             ALPN_Select_CB = FFI::Function.new(:int, [
                 # array of str, unit8 out,uint8 in,        *arg
                 :pointer, :pointer, :pointer, :string, :uint, :pointer
@@ -429,7 +437,7 @@ def set_client_ca(ca)
 
 
         class Box
-            InstanceLookup = ThreadSafe::Cache.new
+            InstanceLookup = ::Concurrent::Map.new
 
             READ_BUFFER = 2048
 
@@ -461,6 +469,12 @@ def initialize(server, transport, options = {})
                     SSL.SSL_set_verify(@ssl, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, VerifyCB)
                 end
 
+                # Add Server Name Indication (SNI) for client connections
+                # TODO:: Server support for SNI
+                if !server && options[:host_name]
+                    SSL.SSL_set_tlsext_host_name(@ssl, options[:host_name])
+                end
+
                 SSL.SSL_connect(@ssl) unless server
             end
 
diff --git a/spec/verify_spec.rb b/spec/verify_spec.rb
@@ -6,7 +6,7 @@
     class Client2
         def initialize(client_data, dir)
             @client_data = client_data
-            @ssl = RubyTls::SSL::Box.new(false, self, private_key: dir + 'client.key', cert_chain: dir + 'client.crt')
+            @ssl = RubyTls::SSL::Box.new(false, self, private_key: dir + 'client.key', cert_chain: dir + 'client.crt', host_name: 'just.testing.com')
         end
 
         attr_reader :ssl
