MCPcopy Create free account
hub / github.com/apache/httpd / init_vhost

Function init_vhost

modules/ssl/ssl_engine_kernel.c:2205–2259  ·  view source on GitHub ↗

* This function sets the virtual host from an extended * client hello with a server name indication extension ("SNI", cf. RFC 6066). */

Source from the content-addressed store, hash-verified

2203 * client hello with a server name indication extension ("SNI", cf. RFC 6066).
2204 */
2205static apr_status_t init_vhost(conn_rec *c, SSL *ssl, const char *servername)
2206{
2207 if (c) {
2208 SSLConnRec *sslcon = myConnConfig(c);
2209
2210 if (sslcon->vhost_found) {
2211 /* already found the vhost? */
2212 return sslcon->vhost_found > 0 ? APR_SUCCESS : APR_NOTFOUND;
2213 }
2214 sslcon->vhost_found = -1;
2215
2216 if (!servername) {
2217 servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
2218 }
2219 if (servername) {
2220 if (ap_vhost_iterate_given_conn(c, ssl_find_vhost,
2221 (void *)servername)) {
2222 ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02043)
2223 "SSL virtual host for servername %s found",
2224 servername);
2225
2226 sslcon->vhost_found = +1;
2227 return APR_SUCCESS;
2228 }
2229 else {
2230 ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02044)
2231 "No matching SSL virtual host for servername "
2232 "%s found (using default/first virtual host)",
2233 servername);
2234 /*
2235 * RFC 6066 section 3 says "It is NOT RECOMMENDED to send
2236 * a warning-level unrecognized_name(112) alert, because
2237 * the client's behavior in response to warning-level alerts
2238 * is unpredictable."
2239 *
2240 * To maintain backwards compatibility in mod_ssl, we
2241 * no longer send any alert (neither warning- nor fatal-level),
2242 * i.e. we take the second action suggested in RFC 6066:
2243 * "If the server understood the ClientHello extension but
2244 * does not recognize the server name, the server SHOULD take
2245 * one of two actions: either abort the handshake by sending
2246 * a fatal-level unrecognized_name(112) alert or continue
2247 * the handshake."
2248 */
2249 }
2250 }
2251 else {
2252 ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02645)
2253 "Server name not provided via TLS extension "
2254 "(using default/first virtual host)");
2255 }
2256 }
2257
2258 return APR_NOTFOUND;
2259}
2260
2261/*
2262 * This callback function is executed when OpenSSL encounters an extended

Callers 3

ssl_callback_ClientHelloFunction · 0.85
ssl_callback_alpn_selectFunction · 0.85

Calls 1

Tested by

no test coverage detected