diff options
| author | bdrewery <bdrewery@FreeBSD.org> | 2013-11-19 15:35:26 +0000 |
|---|---|---|
| committer | bdrewery <bdrewery@FreeBSD.org> | 2013-11-19 15:35:26 +0000 |
| commit | 71362d24e8858b7474378abc08da1b6719cf5a96 (patch) | |
| tree | 1453367826081fcce367510ded040d87030fc276 /lib/libfetch | |
| parent | afc263f0f707cbd088b0c26fe21ff5a1beb72dce (diff) | |
| download | FreeBSD-src-71362d24e8858b7474378abc08da1b6719cf5a96.zip FreeBSD-src-71362d24e8858b7474378abc08da1b6719cf5a96.tar.gz | |
Support SNI in libfetch
SNI is Server Name Indentification which is a protocol for TLS that
indicates the host that is being connected to at the start of the
handshake. It allows to use Virtual Hosts on HTTPS.
Submitted by: sbz
Submitted by: Michael Gmelin <freebsd@grem.de> [1]
PR: kern/183583 [1]
Reviewed by: des
Approved by: bapt
MFC after: 1 week
Diffstat (limited to 'lib/libfetch')
| -rw-r--r-- | lib/libfetch/common.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/libfetch/common.c b/lib/libfetch/common.c index 15d5a25..b15ab9a 100644 --- a/lib/libfetch/common.c +++ b/lib/libfetch/common.c @@ -829,6 +829,15 @@ fetch_ssl(conn_t *conn, const struct url *URL, int verbose) return (-1); } SSL_set_fd(conn->ssl, conn->sd); + +#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) + if (!SSL_set_tlsext_host_name(conn->ssl, URL->host)) { + fprintf(stderr, + "TLS server name indication extension failed for host %s\n", + URL->host); + return (-1); + } +#endif while ((ret = SSL_connect(conn->ssl)) == -1) { ssl_err = SSL_get_error(conn->ssl, ret); if (ssl_err != SSL_ERROR_WANT_READ && |
