diff options
| -rw-r--r-- | lib/pure/net.nim | 17 | ||||
| -rw-r--r-- | tests/stdlib/tnetconnect.nim | 22 |
2 files changed, 34 insertions, 5 deletions
diff --git a/lib/pure/net.nim b/lib/pure/net.nim index decf97777..594512439 100644 --- a/lib/pure/net.nim +++ b/lib/pure/net.nim @@ -1986,10 +1986,6 @@ proc connect*(socket: Socket, address: string, port = Port(0), ## ## The ``timeout`` parameter specifies the time in milliseconds to allow for ## the connection to the server to be made. - ## - ## **Warning:** This procedure appears to be broken for SSL connections as of - ## Nim v1.0.2. Consider using the other `connect` procedure. See - ## https://github.com/nim-lang/Nim/issues/15215 for more info. socket.fd.setBlocking(false) socket.connectAsync(address, port, socket.domain) @@ -2003,7 +1999,18 @@ proc connect*(socket: Socket, address: string, port = Port(0), when defineSsl and not defined(nimdoc): if socket.isSsl: socket.fd.setBlocking(true) - doAssert socket.gotHandshake() + # RFC3546 for SNI specifies that IP addresses are not allowed. + if not isIpAddress(address): + # Discard result in case OpenSSL version doesn't support SNI, or we're + # not using TLSv1+ + discard SSL_set_tlsext_host_name(socket.sslHandle, address) + + ErrClearError() + let ret = SSL_connect(socket.sslHandle) + socketError(socket, ret) + when not defined(nimDisableCertificateValidation): + if not isIpAddress(address): + socket.checkCertName(address) socket.fd.setBlocking(true) proc getPrimaryIPAddr*(dest = parseIpAddress("8.8.8.8")): IpAddress = diff --git a/tests/stdlib/tnetconnect.nim b/tests/stdlib/tnetconnect.nim new file mode 100644 index 000000000..e27499651 --- /dev/null +++ b/tests/stdlib/tnetconnect.nim @@ -0,0 +1,22 @@ +discard """ + cmd: "nim c -r -d:ssl $file" + exitcode: 0 +""" + +import std/net + +# Issue 15215 - https://github.com/nim-lang/Nim/issues/15215 +proc test() = + var + ctx = newContext() + socket = newSocket() + + wrapSocket(ctx, socket) + + connect(socket, "www.nim-lang.org", Port(443), 5000) + + send(socket, "GET / HTTP/1.0\nHost: www.nim-lang.org\nConnection: close\n\n") + + close(socket) + +test() |