projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f921bd4) | patch
net/handshake: Enable the SNI extension to work properly
authorChuck Lever <chuck.lever@oracle.com>
Thu, 11 May 2023 15:49:50 +0000 (11:49 -0400)
committerDavid S. Miller <davem@davemloft.net>
Fri, 12 May 2023 08:24:08 +0000 (09:24 +0100)
commiteefca7ec514262aef08d0ef261552f2f604bd851
tree9f49873465fa9b923a180c4ac38d78a581b5ba05tree | snapshot
parentf921bd41001ccff2249f5f443f2917f7ef937dafcommit | diff
net/handshake: Enable the SNI extension to work properly

Enable the upper layer protocol to specify the SNI peername. This
avoids the need for tlshd to use a DNS lookup, which can return a
hostname that doesn't match the incoming certificate's SubjectName.

Fixes: 2fd5532044a8 ("net/handshake: Add a kernel API for requesting a TLSv1.3 handshake")
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Documentation/netlink/specs/handshake.yaml diff | blob | history
Documentation/networking/tls-handshake.rst diff | blob | history
include/net/handshake.h diff | blob | history
include/uapi/linux/handshake.h diff | blob | history
net/handshake/tlshd.c diff | blob | history
ep93xx device tree rework repo: git://git.maquefel.me/linux.git