aboutsummaryrefslogtreecommitdiff
path: root/lib/vtls
diff options
context:
space:
mode:
authorJay Satiro <raysatiro@yahoo.com>2015-04-13 01:07:28 -0400
committerJay Satiro <raysatiro@yahoo.com>2015-04-14 02:05:25 -0400
commit9430dd583ed55cfe16e9c76c45c3930998791828 (patch)
tree8d56bb3a011f5cae3feb5698591fd3f89fb218b7 /lib/vtls
parent8df4b5af3f788e54d7d4b63f141d7856d56932d9 (diff)
cyassl: Add support for TLS extension SNI
Diffstat (limited to 'lib/vtls')
-rw-r--r--lib/vtls/cyassl.c31
1 files changed, 31 insertions, 0 deletions
diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c
index 9ea7a88f6..24eca9070 100644
--- a/lib/vtls/cyassl.c
+++ b/lib/vtls/cyassl.c
@@ -95,6 +95,12 @@ cyassl_connect_step1(struct connectdata *conn,
SSL_METHOD* req_method = NULL;
void* ssl_sessionid = NULL;
curl_socket_t sockfd = conn->sock[sockindex];
+#ifdef HAVE_SNI
+ bool sni = FALSE;
+#define use_sni(x) sni = (x)
+#else
+#define use_sni(x) Curl_nop_stmt
+#endif
if(conssl->state == ssl_connection_complete)
return CURLE_OK;
@@ -111,18 +117,23 @@ cyassl_connect_step1(struct connectdata *conn,
"TLS 1.0 is used exclusively\n");
req_method = TLSv1_client_method();
#endif
+ use_sni(TRUE);
break;
case CURL_SSLVERSION_TLSv1_0:
req_method = TLSv1_client_method();
+ use_sni(TRUE);
break;
case CURL_SSLVERSION_TLSv1_1:
req_method = TLSv1_1_client_method();
+ use_sni(TRUE);
break;
case CURL_SSLVERSION_TLSv1_2:
req_method = TLSv1_2_client_method();
+ use_sni(TRUE);
break;
case CURL_SSLVERSION_SSLv3:
req_method = SSLv3_client_method();
+ use_sni(FALSE);
break;
case CURL_SSLVERSION_SSLv2:
failf(data, "CyaSSL does not support SSLv2");
@@ -231,6 +242,26 @@ cyassl_connect_step1(struct connectdata *conn,
data->set.ssl.verifypeer?SSL_VERIFY_PEER:SSL_VERIFY_NONE,
NULL);
+#ifdef HAVE_SNI
+ if(sni) {
+ struct in_addr addr4;
+#ifdef ENABLE_IPV6
+ struct in6_addr addr6;
+#endif
+ size_t hostname_len = strlen(conn->host.name);
+ if((hostname_len < USHRT_MAX) &&
+ (0 == Curl_inet_pton(AF_INET, conn->host.name, &addr4)) &&
+#ifdef ENABLE_IPV6
+ (0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr6)) &&
+#endif
+ (CyaSSL_CTX_UseSNI(conssl->ctx, CYASSL_SNI_HOST_NAME, conn->host.name,
+ (unsigned short)hostname_len) != 1)) {
+ infof(data, "WARNING: failed to configure server name indication (SNI) "
+ "TLS extension\n");
+ }
+ }
+#endif
+
/* give application a chance to interfere with SSL set up. */
if(data->set.ssl.fsslctx) {
CURLcode result = CURLE_OK;