Author: bdrewery (ports committer) Date: Tue Nov 19 15:35:26 2013 New Revision: 258347 URL: http://svnweb.freebsd.org/changeset/base/258347
Log: Support SNI in libfetch SNI is Server Name Indentification which is a protocol for TLS that indicates the host that is being connected to at the start of the handshake. It allows to use Virtual Hosts on HTTPS. Submitted by: sbz Submitted by: Michael Gmelin <free...@grem.de> [1] PR: kern/183583 [1] Reviewed by: des Approved by: bapt MFC after: 1 week Modified: head/lib/libfetch/common.c Modified: head/lib/libfetch/common.c ============================================================================== --- head/lib/libfetch/common.c Tue Nov 19 14:24:25 2013 (r258346) +++ head/lib/libfetch/common.c Tue Nov 19 15:35:26 2013 (r258347) @@ -829,6 +829,15 @@ fetch_ssl(conn_t *conn, const struct url return (-1); } SSL_set_fd(conn->ssl, conn->sd); + +#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) + if (!SSL_set_tlsext_host_name(conn->ssl, URL->host)) { + fprintf(stderr, + "TLS server name indication extension failed for host %s\n", + URL->host); + return (-1); + } +#endif while ((ret = SSL_connect(conn->ssl)) == -1) { ssl_err = SSL_get_error(conn->ssl, ret); if (ssl_err != SSL_ERROR_WANT_READ && _______________________________________________ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"