问题
I'm using WinHttpConnect in order to establish an https connection between my windows app and a remote server. However, my server doesn't necessarily have DNS address so the connection is made with setting pswzServerName to raw IPV4 address.
WINHTTPAPI
HINTERNET
WINAPI
WinHttpConnect
(
IN HINTERNET hSession,
IN LPCWSTR pswzServerName,
IN INTERNET_PORT nServerPort,
IN DWORD dwReserved
);
Since there are several services on that remote server, I also need to specify the SNI (Server Name Indication) so that the TLS handshake will pass.
How can I pass the SNI separately from the IP address?
currently, the client hello packet contain SNI (see below) only if I open the connection with Url and the SNI matches that of the URL
In OpenSSL, there's a way to separate between SNI and URL, and I'm looking how to do so in windows API :
OpenSSL s_client -servername appliance1 -connect 192.0.2.4:443
EDIT:
Following the comments below, it seems like the method InitializeSecurityContextA should be called prior to WinHttpConnect with pszTargetName set as the requested server name.
However, what should I do with the other parameters if I wish to get their default value?
Here's my current implementation, How should I add the InitializeSecurityContextA in order to change the server name.
void connectFunction(std::string server/* can be ip address as well*/ , HINTERNET connectionHandle)
{
sessionHandle = WinHttpOpen(
NULL,
WINHTTP_ACCESS_TYPE_DEFAULT_PROXY,
WINHTTP_NO_PROXY_NAME,
WINHTTP_NO_PROXY_BYPASS,
0
);
connectionHandle = WinHttpConnect(sessionHandle, server.c_str(), port, 0);
// this will trigger the TLS handshake, and I want to add SNI different than `server` param
来源:https://stackoverflow.com/questions/57479973/starting-https-connection-with-ip-address-and-sni