I'm a little surprised that this is called directly -- are you aware of whether there's something in Boost.Asio that allows you to do this as some sort of pass-through? Maybe through the context_?

Also, I don't think the const-cast is safe -- why does it actually need to be casted away? Will it be used as a buffer? If so I think this could totally screw up the string in sni_hostname_ in non-trivial ways. I do not have a good suggestion how else to do this, but this seems rife with peril.

Yeah, unfortunately there's no abstraction within ASIO. And you cannot applySSL_CTRL_SET_TLSEXT_HOSTNAME to the context, only theSSL object. I've tried just this! In#601 I used the expanded macro function from OpenSSL, modifying it to useSSL_CTX_ctrl and SNI fails. Theserver_name TLS extension is never applied/used.

See the following for the expansion ofSSL_set_tlsext_host_name:

./tls1.h:298:#define SSL_set_tlsext_host_name(s,name) \./tls1.h-299-SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)

As far as theconst_casting away the const, I definitely 100% agree it's scary-- but since we're working with the OpenSSL APIs I am bound to assumptions on thecmd provided to the underlying call (defined inssl.h) to:

longSSL_ctrl(SSL *ssl,int cmd,long larg,void *parg);

And the use of it'sparg in this case (froms3_lib.c):

case SSL_CTRL_SET_TLSEXT_HOSTNAME:if (larg == TLSEXT_NAMETYPE_host_name) {size_t len;OPENSSL_free(s->tlsext_hostname);        s->tlsext_hostname =NULL;        ret =1;if (parg ==NULL)break;        len =strlen((char *)parg);if (len ==0 || len > TLSEXT_MAXLEN_host_name) {SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);return0;        }if ((s->tlsext_hostname =OPENSSL_strdup((char *)parg)) ==NULL) {SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);return0;        }    }else {SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);return0;    }break;

Thanks for the explanation@theopolis -- I appreciate the detail.

One more question on the const_cast<...> -- have you tried without it? Does it error out? Because if I look closely i see that macro expanding and performing the cast itself (strlen((char*)parg)) so we strictly don't need that in the calling code. I suppose spelling out const_cast<...> explicitly gets my spider senses tingling, especially anything involving SSL and all the potential issues lurking around it.

You're right, I'd guess the explicit cast from the void* would not complain. I'll see what Travis/clang thinks in a few hours. :)

Travis seems to be happy here, so I'm happy to merge. :)

Thanks@theopolis!