You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by pa...@apache.org on 2017/12/04 19:00:56 UTC

[trafficserver] branch master updated: Fix wildcard entry for SNI config

This is an automated email from the ASF dual-hosted git repository.

paziz pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/master by this push:
     new ee2cc17  Fix wildcard entry for SNI config
ee2cc17 is described below

commit ee2cc179e20aef53e581c06d4e43a45301656345
Author: Syeda Persia Aziz <pe...@yahoo.com>
AuthorDate: Tue Nov 28 23:57:57 2017 -0600

    Fix wildcard entry for SNI config
---
 iocore/net/SSLSNIConfig.cc | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/iocore/net/SSLSNIConfig.cc b/iocore/net/SSLSNIConfig.cc
index 9efde0b..fa51bf9 100644
--- a/iocore/net/SSLSNIConfig.cc
+++ b/iocore/net/SSLSNIConfig.cc
@@ -34,6 +34,7 @@
 #include "ts/SimpleTokenizer.h"
 #include "P_SSLConfig.h"
 #include "ts/ink_memory.h"
+#include <ts/TextView.h>
 
 #define SNI_NAME_TAG "dest_host"
 #define SNI_ACTION_TAG "action"
@@ -73,7 +74,14 @@ SNIConfigParams::loadSNIConfig()
     aiVec->push_back(ai1);
     auto ai2 = new VerifyClient(item.verify_client_level);
     aiVec->push_back(ai2);
-    sni_action_map.put(ats_strdup(servername), aiVec);
+    if (wildcard) {
+      ts::TextView domain{servername, strlen(servername)};
+      domain.take_prefix_at('.');
+      if (!domain.empty())
+        wild_sni_action_map.put(ats_stringdup(domain), aiVec);
+    } else {
+      sni_action_map.put(ats_strdup(servername), aiVec);
+    }
 
     if (item.tunnel_destination.length()) {
       TunnelMap.emplace(item.fqdn.data(), item.tunnel_destination);
@@ -108,8 +116,17 @@ actionVector *
 SNIConfigParams::get(cchar *servername) const
 {
   auto actionVec = sni_action_map.get(servername);
-  if (!actionVec)
-    actionVec = wild_sni_action_map.get(servername);
+  if (!actionVec) {
+    Vec<cchar *> keys;
+    wild_sni_action_map.get_keys(keys);
+    for (int i = 0; i < static_cast<int>(keys.length()); i++) {
+      ts::string_view sv{servername, strlen(servername)};
+      ts::string_view key_sv{keys.get(i)};
+      if (sv.size() >= key_sv.size() && sv.substr(sv.size() - key_sv.size()) == key_sv) {
+        return wild_sni_action_map.get(key_sv.data());
+      }
+    }
+  }
   return actionVec;
 }
 

-- 
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" <co...@trafficserver.apache.org>'].