From fa016c1697332ea83216654d02e52e2cf582f95e Mon Sep 17 00:00:00 2001 From: Wolfgang Bumiller Date: Wed, 3 Feb 2021 15:09:19 +0100 Subject: [PATCH] HttpsConnector: use hostname instead of URL again fixes connecting to hosts with valid certificates without a pinned fingerprint this was accidentally changed in the tokio-1.0 updates apparently Signed-off-by: Wolfgang Bumiller Fixes: 0f860f712f86 ("tokio 1.0: update to new tokio-openssl interface") --- src/tools/http.rs | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/tools/http.rs b/src/tools/http.rs index 0fbc85fb..d08ce451 100644 --- a/src/tools/http.rs +++ b/src/tools/http.rs @@ -124,6 +124,11 @@ impl hyper::service::Service for HttpsConnector { .ok_or_else(|| format_err!("missing URL scheme"))? == "https"; + let host = dst + .host() + .ok_or_else(|| format_err!("missing hostname in destination url?"))? + .to_string(); + let config = this.ssl_connector.configure(); let dst_str = dst.to_string(); // for error messages let conn = this @@ -135,7 +140,7 @@ impl hyper::service::Service for HttpsConnector { let _ = set_tcp_keepalive(conn.as_raw_fd(), PROXMOX_BACKUP_TCP_KEEPALIVE_TIME); if is_https { - let conn: tokio_openssl::SslStream = tokio_openssl::SslStream::new(config?.into_ssl(&dst_str)?, conn)?; + let conn: tokio_openssl::SslStream = tokio_openssl::SslStream::new(config?.into_ssl(&host)?, conn)?; let mut conn = Box::pin(conn); conn.as_mut().connect().await?; Ok(MaybeTlsStream::Right(conn))