diff options
| author | Bryan Drewery <bdrewery@FreeBSD.org> | 2013-11-19 15:35:26 +0000 |
|---|---|---|
| committer | Bryan Drewery <bdrewery@FreeBSD.org> | 2013-11-19 15:35:26 +0000 |
| commit | 4cb272a0796b9603c3347ee83fc8ddc1216e7ca0 (patch) | |
| tree | 1453367826081fcce367510ded040d87030fc276 /lib | |
| parent | 11dc1c2af3c002e72b7512f2bcf48d5bbde85198 (diff) | |
| download | src-4cb272a0796b9603c3347ee83fc8ddc1216e7ca0.tar.gz src-4cb272a0796b9603c3347ee83fc8ddc1216e7ca0.zip | |
Support SNI in libfetch
SNI is Server Name Indentification which is a protocol for TLS that
indicates the host that is being connected to at the start of the
handshake. It allows to use Virtual Hosts on HTTPS.
Submitted by: sbz
Submitted by: Michael Gmelin <freebsd@grem.de> [1]
PR: kern/183583 [1]
Reviewed by: des
Approved by: bapt
MFC after: 1 week
Notes
Notes:
svn path=/head/; revision=258347
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libfetch/common.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/libfetch/common.c b/lib/libfetch/common.c index 15d5a25de83b..b15ab9ac39e8 100644 --- a/lib/libfetch/common.c +++ b/lib/libfetch/common.c @@ -829,6 +829,15 @@ fetch_ssl(conn_t *conn, const struct url *URL, int verbose) return (-1); } SSL_set_fd(conn->ssl, conn->sd); + +#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) + if (!SSL_set_tlsext_host_name(conn->ssl, URL->host)) { + fprintf(stderr, + "TLS server name indication extension failed for host %s\n", + URL->host); + return (-1); + } +#endif while ((ret = SSL_connect(conn->ssl)) == -1) { ssl_err = SSL_get_error(conn->ssl, ret); if (ssl_err != SSL_ERROR_WANT_READ && |