Merge branch 'main' into debug-nginx

src/TcpAdapterProxy.cpp

@@ -891,8 +891,8 @@ namespace aws { namespace iot { namespace securedtunneling {
                 {
                     BOOST_LOG_SEV(log, debug) << "SSL host verification is off";
                 }
-                //next ssl handshake
-                tac.wss->async_ssl_handshake(boost::asio::ssl::stream_base::client, [=, &tac](boost::system::error_code const &ec)
+                //next ssl handshake and providing host string
+                tac.wss->async_ssl_handshake(boost::asio::ssl::stream_base::client, tac.adapter_config.proxy_host.c_str(), [=, &tac](boost::system::error_code const &ec)
                 {
                     if (ec)
                     {
@@ -2283,4 +2283,4 @@ namespace aws { namespace iot { namespace securedtunneling {
             return false;
         }
     }
-}}}
+}}}

src/WebSocketStream.cpp

@@ -173,15 +173,35 @@ namespace aws {
                 }
             }
 
-            void WebSocketStream::async_ssl_handshake(const ssl::stream_base::handshake_type &type,
+            void WebSocketStream::async_ssl_handshake(const ssl::stream_base::handshake_type &type, const std::string &host,
                                                       const BoostCallbackFunc &handler) {
                 if (localproxyConfig.is_web_proxy_using_tls) {
                     BOOST_LOG_SEV(*log, trace) << "Calling next_layer().async_handshake with type: "
                                                << WEB_PROXY_WITH_TLS_TYPE_NAME;
+                    // Set SNI Hostname (many hosts need this to handshake successfully)
+                    if(!SSL_set_tlsext_host_name(boost::get<unique_ptr<WEB_PROXY_WITH_TLS_TYPE>>(wss)->next_layer().native_handle(), host.c_str()))
+                    {
+                         BOOST_LOG_SEV(*log, trace) << "SSL next_layer() failed to set SNI";
+                    }
+                    else
+                    {
+                         BOOST_LOG_SEV(*log, trace) << "SSL next_layer() SNI is set : "
+                                                    << host;
+                    }
                     return boost::get<unique_ptr<WEB_PROXY_WITH_TLS_TYPE>>(wss)->next_layer().async_handshake(type, handler);
                 } else {
                     BOOST_LOG_SEV(*log, trace) << "Calling next_layer().async_handshake with type: "
                                                << WEB_PROXY_NO_TLS_TYPE_NAME;
+                    // Set SNI Hostname (many hosts need this to handshake successfully)
+                    if(!SSL_set_tlsext_host_name(boost::get<unique_ptr<WEB_PROXY_NO_TLS_TYPE>>(wss)->next_layer().native_handle(), host.c_str()))
+                    {
+                        BOOST_LOG_SEV(*log, trace) << "SSL next_layer() failed to set SNI";
+                    }
+                    else
+                    {
+                        BOOST_LOG_SEV(*log, trace) << "SSL next_layer() SNI is set : "
+                                                   << host;
+                    }
                     return boost::get<unique_ptr<WEB_PROXY_NO_TLS_TYPE>>(wss)->next_layer().async_handshake(type, handler);
                 }
             }

src/WebSocketStream.h

@@ -147,10 +147,11 @@ namespace aws {
                 /**
                  * Performs the SSL handshake between the localproxy and the proxy server asynchronously.
                  * @param type The handshake type
+                 * @param host the host subdoman and domain
                  * @param handler the callback handler when the async operation is complete.
                  */
                 void
-                async_ssl_handshake(const ssl::stream_base::handshake_type &type, const BoostCallbackFunc &handler);
+                async_ssl_handshake(const ssl::stream_base::handshake_type &type, const std::string &host, const BoostCallbackFunc &handler);
 #endif
 
                 /**