fix(HTTPSClientSession): There is no way to resolve host in advance and connect to HTTPS server with SNI. #4395 (#4751)

2025-10-20 22:31:31 +02:00 · 2024-11-05 13:46:42 -06:00
parent ca63bf0db9
commit c156f0b357
6 changed files with 53 additions and 4 deletions
--- a/NetSSL_OpenSSL/include/Poco/Net/HTTPSClientSession.h
+++ b/NetSSL_OpenSSL/include/Poco/Net/HTTPSClientSession.h
@@ -78,10 +78,12 @@ public:
 	HTTPSClientSession();
 		/// Creates an unconnected HTTPSClientSession.

-	explicit HTTPSClientSession(const SecureStreamSocket& socket);
+	explicit HTTPSClientSession(const SecureStreamSocket& socket, const std::string& host, Poco::UInt16 port = HTTPS_PORT);
 		/// Creates a HTTPSClientSession using the given socket.
 		/// The socket must not be connected. The session
 		/// takes ownership of the socket.
+		///
+		/// The given host name is used for certificate verification.

 	HTTPSClientSession(const SecureStreamSocket& socket, Session::Ptr pSession);
 		/// Creates a HTTPSClientSession using the given socket.
--- a/NetSSL_OpenSSL/include/Poco/Net/SecureStreamSocket.h
+++ b/NetSSL_OpenSSL/include/Poco/Net/SecureStreamSocket.h
@@ -108,6 +108,12 @@ public:
 		///
 		/// The given host name is used for certificate verification.

+	SecureStreamSocket(const std::string& hostName);
+		/// Creates a secure stream socket using the default
+		/// client SSL context. The created socket is not connected.
+		///
+		/// The given host name is used for certificate verification.
+
 	SecureStreamSocket(const SocketAddress& address, const std::string& hostName, Context::Ptr pContext);
 		/// Creates a secure stream socket using the given
 		/// client SSL context and connects it to
@@ -115,6 +121,12 @@ public:
 		///
 		/// The given host name is used for certificate verification.

+	SecureStreamSocket(const std::string& hostName, Context::Ptr pContext);
+		/// Creates a secure stream socket using the given
+		/// client SSL context. The created socket is not connected.
+		///
+		/// The given host name is used for certificate verification.
+
 	SecureStreamSocket(const SocketAddress& address, const std::string& hostName, Context::Ptr pContext, Session::Ptr pSession);
 		/// Creates a secure stream socket using the given
 		/// client SSL context and connects it to
--- a/NetSSL_OpenSSL/src/HTTPSClientSession.cpp
+++ b/NetSSL_OpenSSL/src/HTTPSClientSession.cpp
@@ -39,11 +39,12 @@ HTTPSClientSession::HTTPSClientSession():
 }


-HTTPSClientSession::HTTPSClientSession(const SecureStreamSocket& socket):
+HTTPSClientSession::HTTPSClientSession(const SecureStreamSocket& socket, const std::string& host, Poco::UInt16 port):
 	HTTPClientSession(socket),
 	_pContext(socket.context())
 {
-	setPort(HTTPS_PORT);
+	setHost(host);
+	setPort(port);
 }


--- a/NetSSL_OpenSSL/src/SecureStreamSocket.cpp
+++ b/NetSSL_OpenSSL/src/SecureStreamSocket.cpp
@@ -60,6 +60,13 @@ SecureStreamSocket::SecureStreamSocket(const SocketAddress& address, const std::
 }


+SecureStreamSocket::SecureStreamSocket(const std::string& hostName):
+	StreamSocket(new SecureStreamSocketImpl(SSLManager::instance().defaultClientContext()))
+{
+	static_cast<SecureStreamSocketImpl*>(impl())->setPeerHostName(hostName);
+}
+
+
 SecureStreamSocket::SecureStreamSocket(const SocketAddress& address, Context::Ptr pContext):
 	StreamSocket(new SecureStreamSocketImpl(pContext))
 {
@@ -83,6 +90,13 @@ SecureStreamSocket::SecureStreamSocket(const SocketAddress& address, const std::
 }


+SecureStreamSocket::SecureStreamSocket(const std::string& hostName, Context::Ptr pContext):
+	StreamSocket(new SecureStreamSocketImpl(pContext))
+{
+	static_cast<SecureStreamSocketImpl*>(impl())->setPeerHostName(hostName);
+}
+
+
 SecureStreamSocket::SecureStreamSocket(const SocketAddress& address, const std::string& hostName, Context::Ptr pContext, Session::Ptr pSession):
 	StreamSocket(new SecureStreamSocketImpl(pContext))
 {
--- a/NetSSL_OpenSSL/testsuite/src/HTTPSClientSessionTest.cpp
+++ b/NetSSL_OpenSSL/testsuite/src/HTTPSClientSessionTest.cpp
@@ -88,6 +88,23 @@ HTTPSClientSessionTest::~HTTPSClientSessionTest()
 }


+void HTTPSClientSessionTest::testFromSocket()
+{
+	HTTPSTestServer srv;
+	SecureStreamSocket sss("localhost");
+	HTTPSClientSession s(sss, "127.0.0.1", srv.port());
+	HTTPRequest request(HTTPRequest::HTTP_GET, "/small");
+	s.sendRequest(request);
+	HTTPResponse response;
+	std::istream& rs = s.receiveResponse(response);
+	assertTrue (response.getContentLength() == HTTPSTestServer::SMALL_BODY.length());
+	assertTrue (response.getContentType() == "text/plain");
+	std::ostringstream ostr;
+	StreamCopier::copyStream(rs, ostr);
+	assertTrue (ostr.str() == HTTPSTestServer::SMALL_BODY);
+}
+
+
 void HTTPSClientSessionTest::testGetSmall()
 {
 	HTTPSTestServer srv;
@@ -458,6 +475,7 @@ void HTTPSClientSessionTest::testUnknownContentLength()
 	assertTrue (ostr.str() == HTTPSTestServer::SMALL_BODY);
 }

+
 void HTTPSClientSessionTest::testServerAbort()
 {
 	HTTPSTestServer srv;
@@ -490,6 +508,7 @@ CppUnit::Test* HTTPSClientSessionTest::suite()
 {
 	CppUnit::TestSuite* pSuite = new CppUnit::TestSuite("HTTPSClientSessionTest");

+	CppUnit_addTest(pSuite, HTTPSClientSessionTest, testFromSocket);
 	CppUnit_addTest(pSuite, HTTPSClientSessionTest, testGetSmall);
 	CppUnit_addTest(pSuite, HTTPSClientSessionTest, testGetLarge);
 	CppUnit_addTest(pSuite, HTTPSClientSessionTest, testHead);
--- a/NetSSL_OpenSSL/testsuite/src/HTTPSClientSessionTest.h
+++ b/NetSSL_OpenSSL/testsuite/src/HTTPSClientSessionTest.h
@@ -24,6 +24,7 @@ public:
 	HTTPSClientSessionTest(const std::string& name);
 	~HTTPSClientSessionTest();

+	void testFromSocket();
 	void testGetSmall();
 	void testGetLarge();
 	void testHead();