Browse code

tls: if port is 0 in tls client profile cfg definition, ignore matching port

- tcp port can be randomly allocated by OS, making hard to guess it in
advance

Daniel-Constantin Mierla authored on 24/02/2015 11:29:51
Showing 2 changed files
... ...
@@ -1308,7 +1308,7 @@ tls_domain_t* tls_lookup_cfg(tls_domains_cfg_t* cfg, int type,
1308 1308
 				p->server_name.len, ZSW(p->server_name.s),
1309 1309
 				sname->len, ZSW(sname->s));
1310 1310
 		}
1311
-		if ((p->port == port) && ip_addr_cmp(&p->ip, ip)) {
1311
+		if ((p->port==0 || p->port == port) && ip_addr_cmp(&p->ip, ip)) {
1312 1312
 			if(sname && sname->len>0) {
1313 1313
 				if(p->server_name.len==sname->len
1314 1314
 					&& strncasecmp(p->server_name.s, sname->s, sname->len)==0) {
... ...
@@ -196,16 +196,8 @@ static int tls_complete_init(struct tcp_connection* c)
196 196
 	} else {
197 197
 		state=S_TLS_CONNECTING;
198 198
 		sname = tls_get_connect_server_name();
199
-		if(&c->rcv.bind_address!=NULL) {
200
-			/* if there is a bind_address, use it, because the src port
201
-			 * for connection can be randomly assigned by OS */
202
-			dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI,
203
-						&c->rcv.bind_address->address,
204
-						c->rcv.bind_address->port_no, sname);
205
-		} else {
206
-			dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI,
199
+		dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI,
207 200
 						&c->rcv.dst_ip, c->rcv.dst_port, sname);
208
-		}
209 201
 	}
210 202
 	if (unlikely(c->state<0)) {
211 203
 		BUG("Invalid connection (state %d)\n", c->state);