Add server_name_indication_host config option #3510
Conversation
|
small_tests_24 / small_tests / 483b738 small_tests_23 / small_tests / 483b738 dynamic_domains_pgsql_mnesia_24 / pgsql_mnesia / 483b738 dynamic_domains_pgsql_mnesia_23 / pgsql_mnesia / 483b738 dynamic_domains_mysql_redis_24 / mysql_redis / 483b738 dynamic_domains_mssql_mnesia_24 / odbc_mssql_mnesia / 483b738 ldap_mnesia_24 / ldap_mnesia / 483b738 ldap_mnesia_23 / ldap_mnesia / 483b738 internal_mnesia_24 / internal_mnesia / 483b738 pgsql_mnesia_23 / pgsql_mnesia / 483b738 pgsql_mnesia_24 / pgsql_mnesia / 483b738 elasticsearch_and_cassandra_24 / elasticsearch_and_cassandra_mnesia / 483b738 mysql_redis_24 / mysql_redis / 483b738 mssql_mnesia_24 / odbc_mssql_mnesia / 483b738 riak_mnesia_24 / riak_mnesia / 483b738 |
Codecov Report
@@ Coverage Diff @@
## master #3510 +/- ##
==========================================
+ Coverage 80.98% 81.00% +0.01%
==========================================
Files 419 419
Lines 32312 32319 +7
==========================================
+ Hits 26168 26179 +11
+ Misses 6144 6140 -4
Continue to review full report at Codecov.
|
Remove process_sni/1, refactor process_tls_sni/1, enable SNI host in more places.
|
small_tests_24 / small_tests / 1c17815 small_tests_23 / small_tests / 1c17815 dynamic_domains_pgsql_mnesia_23 / pgsql_mnesia / 1c17815 dynamic_domains_pgsql_mnesia_24 / pgsql_mnesia / 1c17815 dynamic_domains_mssql_mnesia_24 / odbc_mssql_mnesia / 1c17815 ldap_mnesia_24 / ldap_mnesia / 1c17815 ldap_mnesia_23 / ldap_mnesia / 1c17815 pgsql_mnesia_24 / pgsql_mnesia / 1c17815 pgsql_mnesia_23 / pgsql_mnesia / 1c17815 internal_mnesia_24 / internal_mnesia / 1c17815 elasticsearch_and_cassandra_24 / elasticsearch_and_cassandra_mnesia / 1c17815 mssql_mnesia_24 / odbc_mssql_mnesia / 1c17815 mysql_redis_24 / mysql_redis / 1c17815 riak_mnesia_24 / riak_mnesia / 1c17815 |
gustawlippa
changed the title
Co-authored-by: Paweł Chrząszcz <pawel.chrzaszcz@erlang-solutions.com>
|
small_tests_24 / small_tests / 8365480 small_tests_23 / small_tests / 8365480 internal_mnesia_24 / internal_mnesia / 8365480 dynamic_domains_pgsql_mnesia_23 / pgsql_mnesia / 8365480 dynamic_domains_mysql_redis_24 / mysql_redis / 8365480 dynamic_domains_mssql_mnesia_24 / odbc_mssql_mnesia / 8365480 ldap_mnesia_23 / ldap_mnesia / 8365480 ldap_mnesia_24 / ldap_mnesia / 8365480 pgsql_mnesia_24 / pgsql_mnesia / 8365480 elasticsearch_and_cassandra_24 / elasticsearch_and_cassandra_mnesia / 8365480 pgsql_mnesia_23 / pgsql_mnesia / 8365480 mysql_redis_24 / mysql_redis / 8365480 mssql_mnesia_24 / odbc_mssql_mnesia / 8365480 riak_mnesia_24 / riak_mnesia / 8365480 |
|
small_tests_24 / small_tests / f175761 small_tests_23 / small_tests / f175761 internal_mnesia_24 / internal_mnesia / f175761 dynamic_domains_pgsql_mnesia_24 / pgsql_mnesia / f175761 dynamic_domains_mysql_redis_24 / mysql_redis / f175761 dynamic_domains_pgsql_mnesia_23 / pgsql_mnesia / f175761 dynamic_domains_mssql_mnesia_24 / odbc_mssql_mnesia / f175761 ldap_mnesia_24 / ldap_mnesia / f175761 ldap_mnesia_23 / ldap_mnesia / f175761 elasticsearch_and_cassandra_24 / elasticsearch_and_cassandra_mnesia / f175761 mysql_redis_24 / mysql_redis / f175761 pgsql_mnesia_24 / pgsql_mnesia / f175761 pgsql_mnesia_23 / pgsql_mnesia / f175761 mssql_mnesia_24 / odbc_mssql_mnesia / f175761 riak_mnesia_24 / riak_mnesia / f175761 |
The SNI options are formatted to be useful to OTP's
ssllibrary, so in any place where they are passed down to it in the end, this should work.This PR makes the option
server_name_indicationsensible - one can set it to eithertrueORfalse. And when usingverify_peerSNI is (in most cases) needed, so there needs to be a way to pass the domain in the config. Because of the awkward waysslexpects an atomdisableor the domain name, there is a need for a new optionserver_name_indication_hostin TOML, and the subsequent parsing.In the future could be used by other places where TLS can be set, but it's a can of worms, we have like five different ways to configure TLS in TOML, and quite a few libraries/abstractions, which all expect a little bit different options passed to them.