commit e7c2991e044d2e31f911a237b7ee41197b7d018c
author Ravi Teja <raviteja28031990@gmail.com> Mon Jul 31 09:39:32 2023 -0500
committer Ed Tanous <ed@tanous.net> Thu Aug 24 16:18:30 2023 +0000
tree a30a67feeb0e2a4c55bd61eb5b5934386f84515d
parent 18fc70c08f3e6ef4ef0be523760882a5ccda4d72

Avoid setting SNI hostname for IP addresses

ssl_handshake fails while establishing connection to IPv6 destination
address, as IPv6 addresses considered as invalid value for SNI hostname
due to special characters.

SNI allows valid HostName which allows characters are only {alphabetic
characters (A-Z), numeric characters (0-9), the minus sign

This commit adds check to avoid setting SNI hostname if its an IP
address

Tested By: Verified redfish events 1. Subscribing Destination with IPv6
address.  2. Subscribing Destination with IPv4 address.

Change-Id: I32d30292bbc29c753f1c1815c66fcc93e8074eaa
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>

http/http_client.hpp

diff --git a/http/http_client.hpp b/http/http_client.hpp
index 2cbdbbc..046df2e 100644
--- a/http/http_client.hpp
+++ b/http/http_client.hpp
@@ -552,6 +552,13 @@
         {
             return;
         }
+
+        if (host.host_type() != boost::urls::host_type::name)
+        {
+            // Avoid setting SNI hostname if its IP address
+            return;
+        }
+        // Create a null terminated string for SSL
         std::string hostname(host.encoded_host_address());
         // NOTE: The SSL_set_tlsext_host_name is defined in tlsv1.h header
         // file but its having old style casting (name is cast to void*).