From 0966ab5bd4ad547c74e1032899c87f7214bc5b73 Mon Sep 17 00:00:00 2001
From: JDepooter <joel.depooter@safe.com>
Date: Thu, 2 Feb 2017 13:40:16 -0800
Subject: darwinssl: Warn that disabling host verify also disables SNI

In DarwinSSL the SSLSetPeerDomainName function is used to enable both
sending SNI and verifying the host. When host verification is disabled
the function cannot be called, therefore SNI is disabled as well.

Closes https://github.com/curl/curl/pull/1240
---
 lib/vtls/darwinssl.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'lib/vtls/darwinssl.c')

diff --git a/lib/vtls/darwinssl.c b/lib/vtls/darwinssl.c
index 050bf960b..25a8ab8b6 100644
--- a/lib/vtls/darwinssl.c
+++ b/lib/vtls/darwinssl.c
@@ -1425,6 +1425,9 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
             "the OS.\n");
     }
   }
+  else {
+    infof(data, "WARNING: disabling hostname validation also disables SNI.\n");
+  }
 
   /* Disable cipher suites that ST supports but are not safe. These ciphers
      are unlikely to be used in any case since ST gives other ciphers a much
-- 
cgit v1.2.3