diff options
author | Daniel Stenberg <daniel@haxx.se> | 2009-08-01 22:11:58 +0000 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2009-08-01 22:11:58 +0000 |
commit | 6d891d2a3b907f12e5c9b335a806fcb7e77b877b (patch) | |
tree | 350f759b5ab637e84dcbc727b3e3ce4306fc31d1 /lib/gtls.c | |
parent | c0e8bed5bf7a7e56897e492a4dcc399621939995 (diff) |
- Curt Bogmine reported a problem with SNI enabled on a particular server. We
should introduce an option to disable SNI, but as we're in feature freeze
now I've addressed the obvious bug here (pointed out by Peter Sylvester): we
shouldn't try to enable SNI when SSLv2 or SSLv3 is explicitly selected.
Code for OpenSSL and GnuTLS was fixed. NSS doesn't seem to have a particular
option for SNI, or are we simply not using it?
Diffstat (limited to 'lib/gtls.c')
-rw-r--r-- | lib/gtls.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/gtls.c b/lib/gtls.c index d5c8f1a79..81748306e 100644 --- a/lib/gtls.c +++ b/lib/gtls.c @@ -260,6 +260,7 @@ Curl_gtls_connect(struct connectdata *conn, const char *ptr; void *ssl_sessionid; size_t ssl_idsize; + bool sni = TRUE; /* default is SNI enabled */ #ifdef ENABLE_IPV6 struct in6_addr addr; #else @@ -279,6 +280,8 @@ Curl_gtls_connect(struct connectdata *conn, failf(data, "GnuTLS does not support SSLv2"); return CURLE_SSL_CONNECT_ERROR; } + else if(data->set.ssl.version == CURL_SSLVERSION_SSLv3) + sni = FALSE; /* SSLv3 has no SNI */ /* allocate a cred struct */ rc = gnutls_certificate_allocate_credentials(&conn->ssl[sockindex].cred); @@ -335,6 +338,7 @@ Curl_gtls_connect(struct connectdata *conn, #ifdef ENABLE_IPV6 (0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) && #endif + sni && (gnutls_server_name_set(session, GNUTLS_NAME_DNS, conn->host.name, strlen(conn->host.name)) < 0)) infof(data, "WARNING: failed to configure server name indication (SNI) " |