Using proxy_ssl_name instead ssl_sni, now ssl_sni is deprecated.

Jackarain · Jun 10, 2024 · 2284613 · 2284613
1 parent 4262dfd
commit 2284613
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 7 deletions.
diff --git a/proxy/include/proxy/proxy_server.hpp b/proxy/include/proxy/proxy_server.hpp
@@ -429,8 +429,8 @@ R"x*x*x(<html>
 		// 来生成此文件, 以增强密钥交换安全性.
 		std::string ssl_dhparam_;
 
-		// 用于多域名证书下指定具体域名.
-		std::string ssl_sni_;
+		// 用于上游代理服务器具有多域名证书下指定具体域名, 即通过此指定 SNI 参数.
+		std::string proxy_ssl_name_;
 
 		// 指定允许的加密算法.
 		std::string ssl_ciphers_;
@@ -3055,8 +3055,8 @@ R"x*x*x(<html>
 						}
 					}
 
-					std::string sni = m_option.ssl_sni_.empty()
-						? proxy_host : m_option.ssl_sni_;
+					std::string sni = m_option.proxy_ssl_name_.empty()
+						? proxy_host : m_option.proxy_ssl_name_;
 
 					// Set SNI Hostname.
 					if (!SSL_set_tlsext_host_name(

diff --git a/server/proxy_server/main.cpp b/server/proxy_server/main.cpp
@@ -61,7 +61,7 @@ std::string ssl_cert_key;
 std::string ssl_cert_pwd;
 std::string ssl_ciphers;
 std::string ssl_dhparam;
-std::string ssl_sni;
+std::string proxy_ssl_name;
 
 bool transparent = false;
 bool autoindex = false;
@@ -128,7 +128,7 @@ start_proxy_server(net::io_context& ioc, server_ptr& server)
 	opt.ssl_certificate_key_ = ssl_cert_key;
 	opt.ssl_certificate_passwd_ = ssl_cert_pwd;
 	opt.ssl_dhparam_ = ssl_dhparam;
-	opt.ssl_sni_ = ssl_sni;
+	opt.proxy_ssl_name_ = proxy_ssl_name;
 
 	opt.disable_http_ = disable_http;
 	opt.disable_socks_ = disable_socks;
@@ -288,7 +288,8 @@ int main(int argc, char** argv)
 		("ssl_certificate_key", po::value<std::string>(&ssl_cert_key)->value_name("path"), "Path to SSL certificate secret key file.")
 		("ssl_certificate_passwd", po::value<std::string>(&ssl_cert_pwd)->value_name("path/string"), "SSL certificate key passphrase.")
 		("ssl_dhparam", po::value<std::string>(&ssl_dhparam)->value_name("path"), "Specifies a file with DH parameters for DHE ciphers.")
-		("ssl_sni", po::value<std::string>(&ssl_sni)->value_name("sni"), "Specifies SNI for multiple SSL certificates on one IP.")
+		("ssl_sni", po::value<std::string>(&proxy_ssl_name)->value_name("sni"), "Specifies SNI for multiple SSL certificates on one IP (Deprecated, using proxy_ssl_name instead).")
+		("proxy_ssl_name", po::value<std::string>(&proxy_ssl_name)->value_name("sni"), "Specifies SNI for multiple SSL certificates on one IP.")
 
 		("ssl_ciphers", po::value<std::string>(&ssl_ciphers)->value_name("ssl_ciphers"), "Specify enabled SSL ciphers")
 		("ssl_prefer_server_ciphers", po::value<bool>(&ssl_prefer_server_ciphers)->default_value(false, "false")->value_name(""), "Prefer server ciphers over client ciphers for SSLv3 and TLS protocols.")