Hi,i had to add support for client side Server Name Indication (SNI) TLS extension which is supported in OpenSSL from version 0.9.8 ( k ? ) ( http://en.wikipedia.org/wiki/Server_Name_Indication ) .
It's a trivial change ( doesn't break anything, i think ... ) so can you review it for inclusion ?
Regarding the absense of a switch ( at least ) for the SSCtrl call i read in the net that "... but looking at the OpenSSL code there is no harm done calling SSL_ctrl using undefined cmd parameters. Support for the SSL_CTRL_SET_TLSEXT_HOSTNAME can also be disabled when compiling openssl which confirms the no harm done."
Index: fcl-net/src/sslsockets.pp
===================================================================
--- fcl-net/src/sslsockets.pp (revision 27686)
+++ fcl-net/src/sslsockets.pp (working copy)
@@ -226,6 +226,8 @@
Result:=CheckSSL(FSSL.SetFD(FSocket.Handle));
if Result then
begin
+ SSLCtrl(FSSL.SSL, SSL_CTRL_SET_TLSEXT_HOSTNAME,
TLSEXT_NAMETYPE_host_name,
+ PAnsiChar(AnsiString(TInetSocket(FSocket).Host)));
Result:=CheckSSL(FSSL.Connect);
if Result and VerifyPeerCert then
Result:=(FSSL.VerifyResult<>0) or (not DoVerifyCert);
Index: openssl/src/openssl.pas
===================================================================
--- openssl/src/openssl.pas (revision 27686)
+++ openssl/src/openssl.pas (working copy)
@@ -642,7 +642,10 @@
//DES modes
DES_ENCRYPT = 1;
DES_DECRYPT = 0;
-
+
+ SSL_CTRL_SET_TLSEXT_HOSTNAME = 55;
+ TLSEXT_NAMETYPE_host_name = 0;
+
var
SSLLibHandle: TLibHandle = 0;
SSLUtilHandle: TLibHandle = 0;
Regards,
--
Dimitrios Chr. Ioannidis
smime.p7s
Description: Κρυπτογραφημένη υπογραφή S/MIME
_______________________________________________ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-devel
