Added support for server name indication (RFC 4366).

Patch submitted by Kaspar Brand.
author: Gunter Knauf <gk@gknw.de> 2008-02-26 10:30:13 +0000
committer: Gunter Knauf <gk@gknw.de> 2008-02-26 10:30:13 +0000
commit: 9682c2037e964cd64ba581ceff61a04bb6395a6b (patch)
tree: bfedb0ad466a257bf586ee4a505411d251365ac4 /lib
parent: 74241e7d852531bc8ee9301fd3e5ec0c5fabc7cf (diff)
2 files changed, 32 insertions, 0 deletions
diff --git a/lib/gtls.c b/lib/gtls.c
index 01e8e97a4..80100b4ed 100644
--- a/lib/gtls.c
+++ b/lib/gtls.c
@@ -43,6 +43,7 @@
 
 #include "urldata.h"
 #include "sendf.h"
+#include "inet_pton.h"
 #include "gtls.h"
 #include "sslgen.h"
 #include "parsedate.h"
@@ -229,6 +230,11 @@ Curl_gtls_connect(struct connectdata *conn,
   const char *ptr;
   void *ssl_sessionid;
   size_t ssl_idsize;
+#ifdef ENABLE_IPV6
+  struct in6_addr addr;
+#else
+  struct in_addr addr;
+#endif
 
   if(!gtls_inited)
     _Curl_gtls_init();
@@ -275,6 +281,15 @@ Curl_gtls_connect(struct connectdata *conn,
   /* convenient assign */
   session = conn->ssl[sockindex].session;
 
+  if ((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&
+#ifdef ENABLE_IPV6
+      (0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) &&
+#endif
+      (gnutls_server_name_set(session, GNUTLS_NAME_DNS, conn->host.name,
+                              strlen(conn->host.name)) < 0))
+    infof(data, "WARNING: failed to configure server name indication (SNI) "
+          "TLS extension\n");
+
   /* Use default priorities */
   rc = gnutls_set_default_priority(session);
   if(rc < 0)
diff --git a/lib/ssluse.c b/lib/ssluse.c
index 889cfc84f..503452db9 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1299,6 +1299,13 @@ ossl_connect_step1(struct connectdata *conn,
   void *ssl_sessionid=NULL;
   curl_socket_t sockfd = conn->sock[sockindex];
   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+#ifdef ENABLE_IPV6
+  struct in6_addr addr;
+#else
+  struct in_addr addr;
+#endif
+#endif
 
   DEBUGASSERT(ssl_connect_1 == connssl->connecting_state);
 
@@ -1456,6 +1463,16 @@ ossl_connect_step1(struct connectdata *conn,
 
   connssl->server_cert = 0x0;
 
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+  if ((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&
+#ifdef ENABLE_IPV6
+      (0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) &&
+#endif
+      !SSL_set_tlsext_host_name(connssl->handle, conn->host.name))
+    infof(data, "WARNING: failed to configure server name indication (SNI) "
+          "TLS extension\n");
+#endif
+
   /* Check if there's a cached ID we can/should use here! */
   if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL)) {
     /* we got a session id, use it! */
author	Gunter Knauf <gk@gknw.de>	2008-02-26 10:30:13 +0000
committer	Gunter Knauf <gk@gknw.de>	2008-02-26 10:30:13 +0000
commit	9682c2037e964cd64ba581ceff61a04bb6395a6b (patch)
tree	bfedb0ad466a257bf586ee4a505411d251365ac4 /lib
parent	74241e7d852531bc8ee9301fd3e5ec0c5fabc7cf (diff)