Author: bdrewery (ports committer)
Date: Tue Nov 19 15:35:26 2013
New Revision: 258347
URL: http://svnweb.freebsd.org/changeset/base/258347
Log:
Support SNI in libfetch
SNI is Server Name Indentification which is a protocol for TLS that
indicates the host that is being connected to at the start of the
handshake. It allows to use Virtual Hosts on HTTPS.
Submitted by: sbz
Submitted by: Michael Gmelin <free...@grem.de> [1]
PR: kern/183583 [1]
Reviewed by: des
Approved by: bapt
MFC after: 1 week
Modified:
head/lib/libfetch/common.c
Modified: head/lib/libfetch/common.c
==============================================================================
--- head/lib/libfetch/common.c Tue Nov 19 14:24:25 2013 (r258346)
+++ head/lib/libfetch/common.c Tue Nov 19 15:35:26 2013 (r258347)
@@ -829,6 +829,15 @@ fetch_ssl(conn_t *conn, const struct url
return (-1);
}
SSL_set_fd(conn->ssl, conn->sd);
+
+#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
+ if (!SSL_set_tlsext_host_name(conn->ssl, URL->host)) {
+ fprintf(stderr,
+ "TLS server name indication extension failed for host %s\n",
+ URL->host);
+ return (-1);
+ }
+#endif
while ((ret = SSL_connect(conn->ssl)) == -1) {
ssl_err = SSL_get_error(conn->ssl, ret);
if (ssl_err != SSL_ERROR_WANT_READ &&
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
