aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CHANGES7
-rw-r--r--lib/gtls.c15
-rw-r--r--lib/ssluse.c17
3 files changed, 37 insertions, 2 deletions
diff --git a/CHANGES b/CHANGES
index 886e4c613..aeebf4231 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,9 @@
Changelog
+Guenter Knauf (26 Feb 2008)
+- Kaspar Brand provided a patch to support server name indication (RFC 4366).
+
Daniel S (25 Feb 2008)
- Kaspar Brand made GnuTLS-built libcurl properly acknowledge the option that
forces it to prefer SSLv3.
@@ -45,11 +48,11 @@ Daniel S (20 Feb 2008)
correctly for a long time and nobody has even noticed, I consider it a very
suitable subject for plain removal. And so it was done.
-Guenter Knauf (19 Feb 2007)
+Guenter Knauf (19 Feb 2008)
- We do no longer support SSLv2 by default since it has known flaws.
Kaspar Brand provided a patch for all supported SSL toolkits.
-Daniel Fandrich (19 Feb 2007)
+Daniel Fandrich (19 Feb 2008)
- Added test309 to test HTTP redirect to HTTPS URL
Daniel S (18 Feb 2008)
diff --git a/lib/gtls.c b/lib/gtls.c
index 01e8e97a4..80100b4ed 100644
--- a/lib/gtls.c
+++ b/lib/gtls.c
@@ -43,6 +43,7 @@
#include "urldata.h"
#include "sendf.h"
+#include "inet_pton.h"
#include "gtls.h"
#include "sslgen.h"
#include "parsedate.h"
@@ -229,6 +230,11 @@ Curl_gtls_connect(struct connectdata *conn,
const char *ptr;
void *ssl_sessionid;
size_t ssl_idsize;
+#ifdef ENABLE_IPV6
+ struct in6_addr addr;
+#else
+ struct in_addr addr;
+#endif
if(!gtls_inited)
_Curl_gtls_init();
@@ -275,6 +281,15 @@ Curl_gtls_connect(struct connectdata *conn,
/* convenient assign */
session = conn->ssl[sockindex].session;
+ if ((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&
+#ifdef ENABLE_IPV6
+ (0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) &&
+#endif
+ (gnutls_server_name_set(session, GNUTLS_NAME_DNS, conn->host.name,
+ strlen(conn->host.name)) < 0))
+ infof(data, "WARNING: failed to configure server name indication (SNI) "
+ "TLS extension\n");
+
/* Use default priorities */
rc = gnutls_set_default_priority(session);
if(rc < 0)
diff --git a/lib/ssluse.c b/lib/ssluse.c
index 889cfc84f..503452db9 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1299,6 +1299,13 @@ ossl_connect_step1(struct connectdata *conn,
void *ssl_sessionid=NULL;
curl_socket_t sockfd = conn->sock[sockindex];
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+#ifdef ENABLE_IPV6
+ struct in6_addr addr;
+#else
+ struct in_addr addr;
+#endif
+#endif
DEBUGASSERT(ssl_connect_1 == connssl->connecting_state);
@@ -1456,6 +1463,16 @@ ossl_connect_step1(struct connectdata *conn,
connssl->server_cert = 0x0;
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+ if ((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&
+#ifdef ENABLE_IPV6
+ (0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) &&
+#endif
+ !SSL_set_tlsext_host_name(connssl->handle, conn->host.name))
+ infof(data, "WARNING: failed to configure server name indication (SNI) "
+ "TLS extension\n");
+#endif
+
/* Check if there's a cached ID we can/should use here! */
if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL)) {
/* we got a session id, use it! */