From 0088d70a0abdba41fac1b526066f9a289e49e842 Mon Sep 17 00:00:00 2001 From: bdrewery Date: Mon, 2 Dec 2013 10:59:41 +0000 Subject: [PATCH] MFC r258347,r258349: Support SNI in libfetch SNI is Server Name Indentification which is a protocol for TLS that indicates the host that is being connected to at the start of the handshake. It allows to use Virtual Hosts on HTTPS. PR: kern/183583 Approved by: bapt (implicit) git-svn-id: svn://svn.freebsd.org/base/stable/9@258844 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f --- lib/libfetch/common.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lib/libfetch/common.c b/lib/libfetch/common.c index 15d5a25de..49d268ce3 100644 --- a/lib/libfetch/common.c +++ b/lib/libfetch/common.c @@ -829,6 +829,16 @@ fetch_ssl(conn_t *conn, const struct url *URL, int verbose) return (-1); } SSL_set_fd(conn->ssl, conn->sd); + +#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) + if (!SSL_set_tlsext_host_name(conn->ssl, + __DECONST(struct url *, URL)->host)) { + fprintf(stderr, + "TLS server name indication extension failed for host %s\n", + URL->host); + return (-1); + } +#endif while ((ret = SSL_connect(conn->ssl)) == -1) { ssl_err = SSL_get_error(conn->ssl, ret); if (ssl_err != SSL_ERROR_WANT_READ && -- 2.45.0