Merge branch '3-send-sni-when-falling-back-to-openssl' into 'master'

Send the server-name-indicator (SNI) when falling back to legacy. If ruby-based SSL negotiation fails then we fallback to invoking (horridly!) openssl directly. Until now this didn't send the SNI hostname to connect to, so it could only test the first/default SSL site that was listening upon a given IP address. This commit updates things such that we send the correct hostname, from the URL under-test. Closes #3 See merge request !1
author: James Hannah <jhannah@bytemark.co.uk> 2016-11-03 15:01:29 +0000
committer: James Hannah <jhannah@bytemark.co.uk> 2016-11-03 15:01:29 +0000
commit: fa8a665c4c13af3fb5f6e9b1e5615c3bdc03dda7 (patch)
tree: d24d8704b306d15c9a88c61de3740a1258c3c0b2
parent: 8a1cc74ee24e44e26dd5c2ca84ffef62e859f5b8 (diff)
parent: 5959b8243b73bbf8b41946fcac9f4544c4b0f017 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/custodian/protocoltest/ssl.rb b/lib/custodian/protocoltest/ssl.rb
index 0989ba9..c58a083 100644
--- a/lib/custodian/protocoltest/ssl.rb
+++ b/lib/custodian/protocoltest/ssl.rb
@@ -164,7 +164,7 @@ class SSLCheck
     in_cert = false
 
     # Run the command.
-    out = `echo "" | openssl s_client -connect  #{uri.host}:#{uri.port} 2>/dev/null`
+    out = `echo "" | openssl s_client -servername #{uri.host} -connect #{uri.host}:#{uri.port} 2>/dev/null`
     # For each line of the output
     out.split( /[\r\n]/ ).each do |line|
author	James Hannah <jhannah@bytemark.co.uk>	2016-11-03 15:01:29 +0000
committer	James Hannah <jhannah@bytemark.co.uk>	2016-11-03 15:01:29 +0000
commit	fa8a665c4c13af3fb5f6e9b1e5615c3bdc03dda7 (patch)
tree	d24d8704b306d15c9a88c61de3740a1258c3c0b2
parent	8a1cc74ee24e44e26dd5c2ca84ffef62e859f5b8 (diff)
parent	5959b8243b73bbf8b41946fcac9f4544c4b0f017 (diff)