summaryrefslogtreecommitdiffstats
path: root/vbench
diff options
context:
space:
mode:
authorTor Brede Vekterli <vekterli@verizonmedia.com>2020-02-13 16:03:07 +0000
committerTor Brede Vekterli <vekterli@verizonmedia.com>2020-02-17 16:40:26 +0000
commit79ef6b54da01e4819291ae10faa0fe5e832ac1a2 (patch)
treefbddd35a4d63f052a954a4bbfaf518beb959a293 /vbench
parent17c5ae02ee13cf47516788263aa1792414a8c6a6 (diff)
Implement TLS client SNI and hostname validation in OpenSSL codec
Also adds `disable-hostname-validation` config entry to TLS JSON config file parsing in C++. For the time being, hostname validation is implicitly disabled unless explicitly specified in the config file. This will be gradually changed over to be implicitly enabled by default. SNI is always sent when a valid connection spec is provided.
Diffstat (limited to 'vbench')
-rw-r--r--vbench/src/vbench/vbench/vbench.cpp12
1 files changed, 7 insertions, 5 deletions
diff --git a/vbench/src/vbench/vbench/vbench.cpp b/vbench/src/vbench/vbench/vbench.cpp
index 4f6efadfbdd..58854af705e 100644
--- a/vbench/src/vbench/vbench/vbench.cpp
+++ b/vbench/src/vbench/vbench/vbench.cpp
@@ -29,11 +29,13 @@ CryptoEngine::SP setup_crypto(const vespalib::slime::Inspector &tls) {
if (!tls.valid()) {
return std::make_shared<vespalib::NullCryptoEngine>();
}
- vespalib::net::tls::TransportSecurityOptions
- tls_opts(maybe_load(tls["ca-certificates"]),
- maybe_load(tls["certificates"]),
- maybe_load(tls["private-key"]));
- return std::make_shared<vespalib::TlsCryptoEngine>(tls_opts);
+ auto ts_builder = vespalib::net::tls::TransportSecurityOptions::Params().
+ ca_certs_pem(maybe_load(tls["ca-certificates"])).
+ cert_chain_pem(maybe_load(tls["certificates"])).
+ private_key_pem(maybe_load(tls["private-key"])).
+ authorized_peers(vespalib::net::tls::AuthorizedPeers::allow_all_authenticated()).
+ disable_hostname_validation(true); // TODO configurable or default false!
+ return std::make_shared<vespalib::TlsCryptoEngine>(vespalib::net::tls::TransportSecurityOptions(std::move(ts_builder)));
}
} // namespace vbench::<unnamed>