Enable SNI in ssl adapter.
Bug: webrtc:6973
Change-Id: I13d28cf41c586880bd7fea523005233921794cdf
Reviewed-on: https://chromium-review.googlesource.com/523024
Reviewed-by: Zeke Chin <tkchin@webrtc.org>
Reviewed-by: Sami Kalliomäki <sakal@webrtc.org>
Reviewed-by: Justin Uberti <juberti@chromium.org>
Reviewed-by: Taylor Brandstetter <deadbeef@webrtc.org>
Commit-Queue: Emad Omara <emadomara@google.com>
Cr-Commit-Position: refs/heads/master@{#18640}diff --git a/webrtc/pc/iceserverparsing.cc b/webrtc/pc/iceserverparsing.cc
index 5769cee..7db3963 100644
--- a/webrtc/pc/iceserverparsing.cc
+++ b/webrtc/pc/iceserverparsing.cc
@@ -233,8 +233,25 @@
// or credential are ommitted; this is the native equivalent.
return RTCErrorType::INVALID_PARAMETER;
}
+ // If the hostname field is not empty, then the server address must be
+ // the resolved IP for that host, the hostname is needed later for TLS
+ // handshake (SNI and Certificate verification).
+ const std::string& hostname =
+ server.hostname.empty() ? address : server.hostname;
+ rtc::SocketAddress socket_address(hostname, port);
+ if (!server.hostname.empty()) {
+ rtc::IPAddress ip;
+ if (!IPFromString(address, &ip)) {
+ // When hostname is set, the server address must be a
+ // resolved ip address.
+ LOG(LS_ERROR) << "IceServer has hostname field set, but URI does not "
+ "contain an IP address.";
+ return RTCErrorType::INVALID_PARAMETER;
+ }
+ socket_address.SetResolvedIP(ip);
+ }
cricket::RelayServerConfig config = cricket::RelayServerConfig(
- address, port, username, server.password, turn_transport_type);
+ socket_address, username, server.password, turn_transport_type);
if (server.tls_cert_policy ==
PeerConnectionInterface::kTlsCertPolicyInsecureNoCheck) {
config.tls_cert_policy =