From 7132716fdb00d814ca6a9cb35f04d3b52ee2bc88 Mon Sep 17 00:00:00 2001 From: Zhixin Lu Date: Thu, 18 Aug 2022 12:18:42 +0800 Subject: [PATCH 1/2] Enable SNI (Server Name Indication) in cfstream for imap and smtp --- src/data-types/mailstream_cfstream.c | 12 ++++++++++++ src/low-level/imap/mailimap_ssl.c | 1 + src/low-level/smtp/mailsmtp_ssl.c | 1 + 3 files changed, 14 insertions(+) diff --git a/src/data-types/mailstream_cfstream.c b/src/data-types/mailstream_cfstream.c index 406fda1e..af9b69c2 100755 --- a/src/data-types/mailstream_cfstream.c +++ b/src/data-types/mailstream_cfstream.c @@ -991,9 +991,21 @@ int mailstream_cfstream_set_ssl_enabled(mailstream * s, int ssl_enabled) CFDictionarySetValue(settings, kCFStreamSSLValidatesCertificateChain, kCFBooleanFalse); } + // enable SNI (Server Name Indication) + if (cfstream_data->ssl_peer_name && cfstream_data->ssl_peer_name[0] != 0) { + CFStringRef ssl_peer_name = CFStringCreateWithCString(NULL, cfstream_data->ssl_peer_name, kCFStringEncodingUTF8); + CFDictionarySetValue(settings, kCFStreamSSLPeerName, ssl_peer_name); + CFRelease(ssl_peer_name); + } + CFReadStreamSetProperty(cfstream_data->readStream, kCFStreamPropertySSLSettings, settings); CFWriteStreamSetProperty(cfstream_data->writeStream, kCFStreamPropertySSLSettings, settings); CFRelease(settings); + + // only for test, lzx + CFMutableDictionaryRef setting_copy = (CFMutableDictionaryRef)CFReadStreamCopyProperty(cfstream_data->readStream, kCFStreamPropertySSLSettings); + CFStringRef cf_ssl_peer_name_copy = CFDictionaryGetValue(setting_copy, kCFStreamSSLPeerName); + const char * ssl_peer_name_copy = CFStringGetCStringPtr(cf_ssl_peer_name_copy, kCFStringEncodingUTF8); } else { CFMutableDictionaryRef settings; diff --git a/src/low-level/imap/mailimap_ssl.c b/src/low-level/imap/mailimap_ssl.c index 2e0029da..86612569 100644 --- a/src/low-level/imap/mailimap_ssl.c +++ b/src/low-level/imap/mailimap_ssl.c @@ -129,6 +129,7 @@ static int mailimap_cfssl_connect_voip_ssl_level(mailimap * f, const char * serv } mailstream_cfstream_set_ssl_level(stream, ssl_level); mailstream_cfstream_set_ssl_verification_mask(stream, MAILSTREAM_CFSTREAM_SSL_NO_VERIFICATION); + mailstream_cfstream_set_ssl_peer_name(stream, server); // for SNI (Server Name Indication) r = mailstream_cfstream_set_ssl_enabled(stream, 1); if (r < 0) { mailstream_close(stream); diff --git a/src/low-level/smtp/mailsmtp_ssl.c b/src/low-level/smtp/mailsmtp_ssl.c index 1f3af8ba..a13fdd5b 100644 --- a/src/low-level/smtp/mailsmtp_ssl.c +++ b/src/low-level/smtp/mailsmtp_ssl.c @@ -121,6 +121,7 @@ static int mailsmtp_cfssl_connect_ssl_level(mailsmtp * session, } mailstream_cfstream_set_ssl_level(stream, ssl_level); mailstream_cfstream_set_ssl_verification_mask(stream, MAILSTREAM_CFSTREAM_SSL_NO_VERIFICATION); + mailstream_cfstream_set_ssl_peer_name(stream, server); // for SNI (Server Name Indication) r = mailstream_cfstream_set_ssl_enabled(stream, 1); if (r < 0) { mailstream_close(stream); From badbdd63935dd48437343e3441996501f9bee679 Mon Sep 17 00:00:00 2001 From: Zhixin Lu Date: Thu, 18 Aug 2022 14:05:02 +0800 Subject: [PATCH 2/2] Remove debug codes --- src/data-types/mailstream_cfstream.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/src/data-types/mailstream_cfstream.c b/src/data-types/mailstream_cfstream.c index af9b69c2..63a83fd2 100755 --- a/src/data-types/mailstream_cfstream.c +++ b/src/data-types/mailstream_cfstream.c @@ -1001,11 +1001,6 @@ int mailstream_cfstream_set_ssl_enabled(mailstream * s, int ssl_enabled) CFReadStreamSetProperty(cfstream_data->readStream, kCFStreamPropertySSLSettings, settings); CFWriteStreamSetProperty(cfstream_data->writeStream, kCFStreamPropertySSLSettings, settings); CFRelease(settings); - - // only for test, lzx - CFMutableDictionaryRef setting_copy = (CFMutableDictionaryRef)CFReadStreamCopyProperty(cfstream_data->readStream, kCFStreamPropertySSLSettings); - CFStringRef cf_ssl_peer_name_copy = CFDictionaryGetValue(setting_copy, kCFStreamSSLPeerName); - const char * ssl_peer_name_copy = CFStringGetCStringPtr(cf_ssl_peer_name_copy, kCFStringEncodingUTF8); } else { CFMutableDictionaryRef settings;