NetSSL_Win32: SNI might not be sent to the server during handshake

[slabko]

When connecting to a server over HTTP using NetSSL_Win32 and HTTPSClientSession, there are several issues that may prevent the client from sending SNI to the server:

1. The peer hostname is replaced with the peer IP address during the handshake, preventing the hostname from being included in the Client Hello message. This has been fixed in Prevent hostname being replaced with IP during handshake #5038.
2. SNI can only be set when the hostname is passed to the constructor of HTTPSClientSession or HTTPClientSession. If the host is set via HTTPClientSession::setHost(), it will not be used for SNI. This is not a blocker, but it is inconvenient.
3. If a socket is reused, the hostname is reset and never restored to its expected value. This breaks SNI after socket reuse. This happens here: https://github.com/pocoproject/poco/blob/main/NetSSL_Win/src/SecureSocketImpl.cpp#L145. As described in (2), the peer hostname never gets updated, so after call to SecureSocketImpl::cleanup the peer hostname remain empty, making it impossible to send SNI.

The last two issues are harder to fix than the first. I’m documenting them here so they remain known issues.

There problems are found in version 1.14.2 of the library on Windows 11 Pro build 26100.6725.

When possible, I’ll try to propose fixes for these problems.

[matejk]

Thank you for your support.