mirror of https://github.com/omar-polo/gmid.git
allow using a custom hostname for SNI during proxying
add a `sni' option for the `proxy' block: the given name is used instead of the one extracted by the `relay-to' rule.
This commit is contained in:
Omar Polo
parent
1b626eae83
commit
1cdea97b6c
6
gmid.1
6
gmid.1
|
|
@ -472,6 +472,12 @@ block.
|
|||
Allow the proxying only from clients that provide a certificate
|
||||
signed by the CA certificate in
|
||||
.Ar file .
|
||||
.It Ic sni Ar hostname
|
||||
Use the given
|
||||
.Ar hostname
|
||||
instead of the one extracted from the
|
||||
.Ic relay-to
|
||||
rule for the TLS handshake with the proxied gemini server.
|
||||
.It Ic use-tls Ar bool
|
||||
Specify whether to use TLS when connecting to the proxied host.
|
||||
Enabled by default.
|
||||
|
|
|
|||
1
gmid.c
1
gmid.c
|
|
@ -338,6 +338,7 @@ free_config(void)
|
|||
free(p->match_proto);
|
||||
free(p->match_host);
|
||||
free(p->host);
|
||||
free(p->sni);
|
||||
tls_unload_file(p->cert, p->certlen);
|
||||
tls_unload_file(p->key, p->keylen);
|
||||
free(p);
|
||||
|
|
|
|||
1
gmid.h
1
gmid.h
|
|
@ -105,6 +105,7 @@ struct proxy {
|
|||
|
||||
char *host;
|
||||
const char *port;
|
||||
char *sni;
|
||||
int notls;
|
||||
uint32_t protocols;
|
||||
int noverifyname;
|
||||
|
|
|
|||
8
parse.y
8
parse.y
|
|
@ -127,7 +127,7 @@ typedef struct {
|
|||
%token OCSP OFF ON
|
||||
%token PARAM PORT PREFORK PROTO PROTOCOLS PROXY
|
||||
%token RELAY_TO REQUIRE RETURN ROOT
|
||||
%token SERVER SPAWN STRIP
|
||||
%token SERVER SNI SPAWN STRIP
|
||||
%token TCP TOEXT TYPE
|
||||
%token USE_TLS USER
|
||||
%token VERIFYNAME
|
||||
|
|
@ -358,6 +358,11 @@ proxy_opt : CERT string {
|
|||
yyerror("couldn't load ca cert: %s", $4);
|
||||
free($4);
|
||||
}
|
||||
| SNI string {
|
||||
only_once(proxy->sni, "proxy sni");
|
||||
free(proxy->sni);
|
||||
proxy->sni = $2;
|
||||
}
|
||||
| USE_TLS bool {
|
||||
proxy->notls = !$2;
|
||||
}
|
||||
|
|
@ -497,6 +502,7 @@ static struct keyword {
|
|||
{"return", RETURN},
|
||||
{"root", ROOT},
|
||||
{"server", SERVER},
|
||||
{"sni", SNI},
|
||||
{"spawn", SPAWN},
|
||||
{"strip", STRIP},
|
||||
{"tcp", TCP},
|
||||
|
|
|
|||
5
proxy.c
5
proxy.c
|
|
@ -297,6 +297,7 @@ proxy_setup_tls(struct client *c)
|
|||
{
|
||||
struct proxy *p = c->proxy;
|
||||
struct tls_config *conf = NULL;
|
||||
const char *hn;
|
||||
|
||||
if ((conf = tls_config_new()) == NULL)
|
||||
return -1;
|
||||
|
|
@ -325,7 +326,9 @@ proxy_setup_tls(struct client *c)
|
|||
if (tls_configure(c->proxyctx, conf) == -1)
|
||||
goto err;
|
||||
|
||||
if (tls_connect_socket(c->proxyctx, c->pfd, p->host) == -1)
|
||||
if ((hn = p->sni) == NULL)
|
||||
hn = p->host;
|
||||
if (tls_connect_socket(c->proxyctx, c->pfd, hn) == -1)
|
||||
goto err;
|
||||
|
||||
c->proxyevset = 1;
|
||||
|
|
|
|||
Loading…
Reference in New Issue