Add possibility to set the SNI host for the connections #74
Conversation
Sometimes the URI and the exact host which we want to connect have different domains. And we need to have a way to set the domain for the TLS connection which will be used to verify the TLS cert. The domain from the URI will still be used to create a underlying TCP connection. For example: Target host: example.com Target host's TLS: example.net with setting the SNI host to `example.net` we can still easily connect to `example.com` and get the correct resources as for `example.net`
|
I don't think the failing CI job is related to my changes. |
| /// Set the host which should be used for Server Name Indication (SNI). | ||
| /// | ||
| /// if the `sni_host` is not set the default host from URI will be used | ||
| pub fn sni_host(&mut self, host: &str) { |
There was a problem hiding this comment.
The SNI host is already sent normally, just extracted from the Uri hostname. So this would really be more an override, right?
There was a problem hiding this comment.
Another concern that can be had is that this would force all requests to always use the same SNI value. It seems simple to accidentally configure this option and then use the connector for several different domains.
There was a problem hiding this comment.
The SNI host is already sent normally, just extracted from the
Urihostname. So this would really be more an override, right?
Yes, this is correct. In some cases we need to override the hostname with different value.
Another concern that can be had is that this would force all requests to always use the same SNI value. It seems simple to accidentally configure this option and then use the connector for several different domains.
yeah, this is the valid concern, but I haven't found a better way how I could provide the different hostname for the TLS connection. Maybe I missed something here, but if I could have access to the underlying Request I could tell http connector to extract the domain from the Host header instead if provided (in this case it might be need to have such an option exposes to configure http connecter before building the client), which might be a bit better way to set this up.
| /// Set the host which should be used for Server Name Indication (SNI). | ||
| /// | ||
| /// if the `sni_host` is not set the default host from URI will be used | ||
| pub fn sni_host(&mut self, host: &str) { |
There was a problem hiding this comment.
Another concern that can be had is that this would force all requests to always use the same SNI value. It seems simple to accidentally configure this option and then use the connector for several different domains.
|
hey @seanmonstar , thanks for the review!
Yes, this is very typical for proxies/gateways. For example:
Very good check for this: So, this PR adds the possibility to configure same behavior as you can see inthe This is very important feature which I would like to see supported. What do you think? |
|
Hi @seanmonstar, did you have time to consider and think about proposed changes? |
|
This would be useful, as I want to manually resolve a host's IP myself using DNS, then connect to that and set the HOST header. |
|
I agree, this is an important feature for http proxies. And now I guess I'll just have to copy the crate... @seanmonstar Is this project alive at all? No commits since 2020... |
Sometimes the URI and the exact host which we want to connect have different domains. And we need to have a way to set the domain for the TLS connection which will be used to verify the TLS cert.
The domain from the URI will still be used to create a underlying TCP connection.
For example:
Target host: example.com
Target host's TLS: example.net
with setting the SNI host to
example.netwe can still easily connect toexample.comand get the correct resources as forexample.net