Hi,i had to add support for client side Server Name Indication (SNI) TLS extension which is supported in OpenSSL from version 0.9.8 ( k ? ) ( http://en.wikipedia.org/wiki/Server_Name_Indication ) .
It's a trivial change ( doesn't break anything, i think ... ) so can you review it for inclusion ?
Regarding the absense of a switch ( at least ) for the SSCtrl call i read in the net that "... but looking at the OpenSSL code there is no harm done calling SSL_ctrl using undefined cmd parameters. Support for the SSL_CTRL_SET_TLSEXT_HOSTNAME can also be disabled when compiling openssl which confirms the no harm done."
Index: fcl-net/src/sslsockets.pp =================================================================== --- fcl-net/src/sslsockets.pp (revision 27686) +++ fcl-net/src/sslsockets.pp (working copy) @@ -226,6 +226,8 @@ Result:=CheckSSL(FSSL.SetFD(FSocket.Handle)); if Result then begin+ SSLCtrl(FSSL.SSL, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name,
+ PAnsiChar(AnsiString(TInetSocket(FSocket).Host))); Result:=CheckSSL(FSSL.Connect); if Result and VerifyPeerCert then Result:=(FSSL.VerifyResult<>0) or (not DoVerifyCert); Index: openssl/src/openssl.pas =================================================================== --- openssl/src/openssl.pas (revision 27686) +++ openssl/src/openssl.pas (working copy) @@ -642,7 +642,10 @@ //DES modes DES_ENCRYPT = 1; DES_DECRYPT = 0; - + + SSL_CTRL_SET_TLSEXT_HOSTNAME = 55; + TLSEXT_NAMETYPE_host_name = 0; + var SSLLibHandle: TLibHandle = 0; SSLUtilHandle: TLibHandle = 0; Regards, -- Dimitrios Chr. Ioannidis
smime.p7s
Description: Κρυπτογραφημένη υπογραφή S/MIME
_______________________________________________ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-devel