Add SSL_set_tlsext_host_name ssl option

4 files changed, 19 insertions, 14 deletions

diff --git a/library/cpp/actors/http/http_proxy.cpp b/library/cpp/actors/http/http_proxy.cpp
index 0fbdb6d4882..ea7792ef813 100644
--- a/library/cpp/actors/http/http_proxy.cpp
+++ b/library/cpp/actors/http/http_proxy.cpp
@@ -14,8 +14,8 @@ public:
         return listeningSocket;
     }
 
-    IActor* AddOutgoingConnection(const TString& address, bool secure, const NActors::TActorContext& ctx) {
-        IActor* connectionSocket = CreateOutgoingConnectionActor(ctx.SelfID, address, secure, Poller);
+    IActor* AddOutgoingConnection(bool secure, const NActors::TActorContext& ctx) {
+        IActor* connectionSocket = CreateOutgoingConnectionActor(ctx.SelfID, secure, Poller);
         TActorId connectionId = ctx.Register(connectionSocket);
         Connections.emplace(connectionId);
         return connectionSocket;
@@ -97,9 +97,8 @@ protected:
     }
 
     void Handle(TEvHttpProxy::TEvHttpOutgoingRequest::TPtr event, const NActors::TActorContext& ctx) {
-        TStringBuf host(event->Get()->Request->Host);
         bool secure(event->Get()->Request->Secure);
-        NActors::IActor* actor = AddOutgoingConnection(TString(host), secure, ctx);
+        NActors::IActor* actor = AddOutgoingConnection(secure, ctx);
         ctx.Send(event->Forward(actor->SelfId()));
     }
 
diff --git a/library/cpp/actors/http/http_proxy.h b/library/cpp/actors/http/http_proxy.h
index 0ed09119e43..d9a2c6a71c5 100644
--- a/library/cpp/actors/http/http_proxy.h
+++ b/library/cpp/actors/http/http_proxy.h
@@ -234,7 +234,7 @@ struct TPrivateEndpointInfo : THttpEndpointInfo {
 
 NActors::IActor* CreateHttpProxy(std::weak_ptr<NMonitoring::TMetricRegistry> registry = NMonitoring::TMetricRegistry::SharedInstance());
 NActors::IActor* CreateHttpAcceptorActor(const TActorId& owner, const TActorId& poller);
-NActors::IActor* CreateOutgoingConnectionActor(const TActorId& owner, const TString& host, bool secure, const TActorId& poller);
+NActors::IActor* CreateOutgoingConnectionActor(const TActorId& owner, bool secure, const TActorId& poller);
 NActors::IActor* CreateIncomingConnectionActor(
         std::shared_ptr<TPrivateEndpointInfo> endpoint,
         TIntrusivePtr<TSocketDescriptor> socket,
diff --git a/library/cpp/actors/http/http_proxy_outgoing.cpp b/library/cpp/actors/http/http_proxy_outgoing.cpp
index 0f1ecf34ea6..3bb23d6fae8 100644
--- a/library/cpp/actors/http/http_proxy_outgoing.cpp
+++ b/library/cpp/actors/http/http_proxy_outgoing.cpp
@@ -11,7 +11,6 @@ public:
     const TActorId Owner;
     const TActorId Poller;
     SocketAddressType Address;
-    TString Host;
     TActorId RequestOwner;
     THttpOutgoingRequestPtr Request;
     THttpIncomingResponsePtr Response;
@@ -19,11 +18,10 @@ public:
     TDuration ConnectionTimeout = CONNECTION_TIMEOUT;
     NActors::TPollerToken::TPtr PollerToken;
 
-    TOutgoingConnectionActor(const TActorId& owner, const TString& host, const TActorId& poller)
+    TOutgoingConnectionActor(const TActorId& owner, const TActorId& poller)
         : TBase(&TSelf::StateWaiting)
         , Owner(owner)
         , Poller(poller)
-        , Host(host)
     {
     }
 
@@ -240,11 +238,11 @@ protected:
     void HandleWaiting(TEvHttpProxy::TEvHttpOutgoingRequest::TPtr event, const NActors::TActorContext& ctx) {
         LastActivity = ctx.Now();
         Request = std::move(event->Get()->Request);
-        Host = Request->Host;
-        LOG_DEBUG_S(ctx, HttpLog, GetSocketName() << "resolving " << Host);
+        TSocketImpl::SetHost(TString(Request->Host));
+        LOG_DEBUG_S(ctx, HttpLog, GetSocketName() << "resolving " << TSocketImpl::Host);
         Request->Timer.Reset();
         RequestOwner = event->Sender;
-        ctx.Send(Owner, new TEvHttpProxy::TEvResolveHostRequest(Host));
+        ctx.Send(Owner, new TEvHttpProxy::TEvResolveHostRequest(TSocketImpl::Host));
         if (event->Get()->Timeout) {
             ConnectionTimeout = event->Get()->Timeout;
         }
@@ -322,11 +320,11 @@ protected:
     }
 };
 
-NActors::IActor* CreateOutgoingConnectionActor(const TActorId& owner, const TString& host, bool secure, const TActorId& poller) {
+NActors::IActor* CreateOutgoingConnectionActor(const TActorId& owner, bool secure, const TActorId& poller) {
     if (secure) {
-        return new TOutgoingConnectionActor<TSecureSocketImpl>(owner, host, poller);
+        return new TOutgoingConnectionActor<TSecureSocketImpl>(owner, poller);
     } else {
-        return new TOutgoingConnectionActor<TPlainSocketImpl>(owner, host, poller);
+        return new TOutgoingConnectionActor<TPlainSocketImpl>(owner, poller);
     }
 }
 
diff --git a/library/cpp/actors/http/http_proxy_sock_impl.h b/library/cpp/actors/http/http_proxy_sock_impl.h
index 83e5642d9dc..788c99d9b2c 100644
--- a/library/cpp/actors/http/http_proxy_sock_impl.h
+++ b/library/cpp/actors/http/http_proxy_sock_impl.h
@@ -7,6 +7,7 @@ namespace NHttp {
 
 struct TPlainSocketImpl : virtual public THttpConfig {
     TIntrusivePtr<TSocketDescriptor> Socket;
+    TString Host;
 
     TPlainSocketImpl() = default;
 
@@ -76,6 +77,10 @@ struct TPlainSocketImpl : virtual public THttpConfig {
     ssize_t Recv(void* data, size_t size, bool&, bool&) {
         return Socket->Socket.Recv(data, size);
     }
+
+    void SetHost(const TString& host) {
+        Host = host;
+    }
 };
 
 struct TSecureSocketImpl : TPlainSocketImpl, TSslHelpers {
@@ -171,6 +176,9 @@ struct TSecureSocketImpl : TPlainSocketImpl, TSslHelpers {
         BIO_set_nbio(Bio.Get(), 1);
         Ctx = CreateClientContext();
         Ssl = ConstructSsl(Ctx.Get(), Bio.Get());
+        if (!Host.Empty()) {
+            SSL_set_tlsext_host_name(Ssl.Get(), Host.c_str());
+        }
         SSL_set_connect_state(Ssl.Get());
     }