net/handshake: Enable the SNI extension to work properly
Enable the upper layer protocol to specify the SNI peername. This avoids the need for tlshd to use a DNS lookup, which can return a hostname that doesn't match the incoming certificate's SubjectName. Fixes: 2fd55320 ("net/handshake: Add a kernel API for requesting a TLSv1.3 handshake") Reviewed-by:Simon Horman <simon.horman@corigine.com> Signed-off-by:
Chuck Lever <chuck.lever@oracle.com> Signed-off-by:
David S. Miller <davem@davemloft.net>
Showing
- Documentation/netlink/specs/handshake.yaml 4 additions, 0 deletionsDocumentation/netlink/specs/handshake.yaml
- Documentation/networking/tls-handshake.rst 5 additions, 0 deletionsDocumentation/networking/tls-handshake.rst
- include/net/handshake.h 1 addition, 0 deletionsinclude/net/handshake.h
- include/uapi/linux/handshake.h 1 addition, 0 deletionsinclude/uapi/linux/handshake.h
- net/handshake/tlshd.c 8 additions, 0 deletionsnet/handshake/tlshd.c
Loading
Please register or sign in to comment