Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add TLS extension SNI for boost asio based http_client #39

Closed
wants to merge 2 commits into from
Closed

Add TLS extension SNI for boost asio based http_client #39

wants to merge 2 commits into from

Conversation

megaposer
Copy link
Contributor

As per reported issue #35 ...

This adds the TLS 1.0 server name indication extension for the boost asio based http_client. The ClientHello packet in the SSL handshake will then contain the target host name so the remote server can return the corresponding certificate for the (virtual) host.

See https://en.wikipedia.org/wiki/Server_Name_Indication for more information.

The extension is enabled by default as most virtual host environments require it nowadays.

Please note:

  • Setting the extension could potentially fail silently (i.e. if TLS 1.0 is explicitly disabled on the asio SSL stream object altogether).
  • This setting is not applicable to the Windows http_client implementation. The WinHTTP library enables TLS 1.0 on connections with Windows 7 and higher and implicitly sends the SNI extension in the ClientHello. Disabling SNI requires to explicitly unset the WINHTTP_FLAG_SECURE_PROTOCOL_TLS1 option via a native callback handler.

Add TLS extension SNI for boost asio based http_client
948ce4f 
- adds the TLS server name indication extension during handshake
(ClientHello)
- enabled by default as most virtual host environments require it
nowadays
- note: setting the extension could potentially fail (i.e. if TLS would
be disabled on the stream altogether), but other SSL stream options are
not "guarded" either
@msftclas
Copy link

Hi @megaposer, I'm your friendly neighborhood Microsoft Pull Request Bot (You can call me MSBOT). Thanks for your contribution!

In order for us to evaluate and accept your PR, we ask that you sign a contribution license agreement. It's all electronic and will take just minutes. I promise there's no faxing. https://cla.microsoft.com.

TTYL, MSBOT;

@megaposer megaposer mentioned this pull request Dec 21, 2015
Closed
@msftclas
Copy link

@megaposer, Thanks for signing the contribution license agreement so quickly! Actual humans will now validate the agreement and then evaluate the PR.

Thanks, MSBOT;

kavyako
kavyako reviewed Jan 2, 2016
View reviewed changes
Release/include/cpprest/http_client.h
@@ -101,6 +101,7 @@ class http_client_config
, m_set_user_nativehandle_options([](native_handle)->void{})
#if !defined(_WIN32) && !defined(__cplusplus_winrt)
, m_ssl_context_callback([](boost::asio::ssl::context&)->void{})
, m_tlsext_host_name(true)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

minor: Can we have the variable name to reflect the type it is representing, bool here?
For eg, something like m_sni_enabled?
m_tlsext_host_name gives an impression that it is storing the host name to be set.

@kavyako
Copy link
Contributor

kavyako commented Jan 2, 2016

The change looks good. I have added some comments w.r.t to the naming convention for variables and APIs.

@kavyako kavyako self-assigned this Jan 2, 2016
@kavyako
Copy link
Contributor

kavyako commented Jan 4, 2016

This has been merged to the development branch.
The changes will get into the master branch with our 2.8 release.

@kavyako kavyako closed this Jan 4, 2016
@davyuan davyuan mentioned this pull request Mar 18, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@kavyako kavyako

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@megaposer @msftclas @kavyako