diff --git a/src/TcpAdapterProxy.cpp b/src/TcpAdapterProxy.cpp index 4277120..7a3dfd8 100644 --- a/src/TcpAdapterProxy.cpp +++ b/src/TcpAdapterProxy.cpp @@ -891,8 +891,8 @@ namespace aws { namespace iot { namespace securedtunneling { { BOOST_LOG_SEV(log, debug) << "SSL host verification is off"; } - //next ssl handshake - tac.wss->async_ssl_handshake(boost::asio::ssl::stream_base::client, [=, &tac](boost::system::error_code const &ec) + //next ssl handshake and providing host string + tac.wss->async_ssl_handshake(boost::asio::ssl::stream_base::client, tac.adapter_config.proxy_host.c_str(), [=, &tac](boost::system::error_code const &ec) { if (ec) { @@ -2283,4 +2283,4 @@ namespace aws { namespace iot { namespace securedtunneling { return false; } } -}}} +}}} \ No newline at end of file diff --git a/src/WebSocketStream.cpp b/src/WebSocketStream.cpp index fdd11c8..7790cce 100644 --- a/src/WebSocketStream.cpp +++ b/src/WebSocketStream.cpp @@ -173,15 +173,35 @@ namespace aws { } } - void WebSocketStream::async_ssl_handshake(const ssl::stream_base::handshake_type &type, + void WebSocketStream::async_ssl_handshake(const ssl::stream_base::handshake_type &type, const std::string &host, const BoostCallbackFunc &handler) { if (localproxyConfig.is_web_proxy_using_tls) { BOOST_LOG_SEV(*log, trace) << "Calling next_layer().async_handshake with type: " << WEB_PROXY_WITH_TLS_TYPE_NAME; + // Set SNI Hostname (many hosts need this to handshake successfully) + if(!SSL_set_tlsext_host_name(boost::get>(wss)->next_layer().native_handle(), host.c_str())) + { + BOOST_LOG_SEV(*log, trace) << "SSL next_layer() failed to set SNI"; + } + else + { + BOOST_LOG_SEV(*log, trace) << "SSL next_layer() SNI is set : " + << host; + } return boost::get>(wss)->next_layer().async_handshake(type, handler); } else { BOOST_LOG_SEV(*log, trace) << "Calling next_layer().async_handshake with type: " << WEB_PROXY_NO_TLS_TYPE_NAME; + // Set SNI Hostname (many hosts need this to handshake successfully) + if(!SSL_set_tlsext_host_name(boost::get>(wss)->next_layer().native_handle(), host.c_str())) + { + BOOST_LOG_SEV(*log, trace) << "SSL next_layer() failed to set SNI"; + } + else + { + BOOST_LOG_SEV(*log, trace) << "SSL next_layer() SNI is set : " + << host; + } return boost::get>(wss)->next_layer().async_handshake(type, handler); } } diff --git a/src/WebSocketStream.h b/src/WebSocketStream.h index 981e0d0..1d661e2 100644 --- a/src/WebSocketStream.h +++ b/src/WebSocketStream.h @@ -147,10 +147,11 @@ namespace aws { /** * Performs the SSL handshake between the localproxy and the proxy server asynchronously. * @param type The handshake type + * @param host the host subdoman and domain * @param handler the callback handler when the async operation is complete. */ void - async_ssl_handshake(const ssl::stream_base::handshake_type &type, const BoostCallbackFunc &handler); + async_ssl_handshake(const ssl::stream_base::handshake_type &type, const std::string &host, const BoostCallbackFunc &handler); #endif /**