diff options
| author | Steve Kemp <steve@steve.org.uk> | 2016-11-03 16:50:24 +0200 |
|---|---|---|
| committer | Steve Kemp <steve@steve.org.uk> | 2016-11-03 16:50:24 +0200 |
| commit | 5959b8243b73bbf8b41946fcac9f4544c4b0f017 (patch) | |
| tree | d24d8704b306d15c9a88c61de3740a1258c3c0b2 /lib | |
| parent | 8a1cc74ee24e44e26dd5c2ca84ffef62e859f5b8 (diff) | |
Send the server-name-indicator (SNI) when falling back to legacy.3-send-sni-when-falling-back-to-openssl
If ruby-based SSL negotiation fails then we fallback to invoking
(horridly!) openssl directly. Until now this didn't send the SNI
hostname to connect to, so it could only test the first/default SSL site
that was listening upon a given IP address.
This commit updates things such that we send the correct hostname,
from the URL under-test.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/custodian/protocoltest/ssl.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/custodian/protocoltest/ssl.rb b/lib/custodian/protocoltest/ssl.rb index 0989ba9..c58a083 100644 --- a/lib/custodian/protocoltest/ssl.rb +++ b/lib/custodian/protocoltest/ssl.rb @@ -164,7 +164,7 @@ class SSLCheck in_cert = false # Run the command. - out = `echo "" | openssl s_client -connect #{uri.host}:#{uri.port} 2>/dev/null` + out = `echo "" | openssl s_client -servername #{uri.host} -connect #{uri.host}:#{uri.port} 2>/dev/null` # For each line of the output out.split( /[\r\n]/ ).each do |line| |