From ecefce41d9f9fd10a8f564b011cd565cff2eb3ef Mon Sep 17 00:00:00 2001
From: Rodger Combs <rodger.combs@gmail.com>
Date: Mon, 8 Jun 2015 16:59:32 -0500
Subject: lavf/tls_securetransport: fix SNI support when not verifying

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavformat/tls_securetransport.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'libavformat/tls_securetransport.c')

diff --git a/libavformat/tls_securetransport.c b/libavformat/tls_securetransport.c
index 9951b90..73662d7 100644
--- a/libavformat/tls_securetransport.c
+++ b/libavformat/tls_securetransport.c
@@ -273,13 +273,13 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op
     if (s->ca_file) {
         if ((ret = load_ca(h)) < 0)
             goto fail;
-        CHECK_ERROR(SSLSetSessionOption, c->ssl_context, kSSLSessionOptionBreakOnServerAuth, true);
     }
+    if (s->ca_file || !s->verify)
+        CHECK_ERROR(SSLSetSessionOption, c->ssl_context, kSSLSessionOptionBreakOnServerAuth, true);
     if (s->cert_file)
         if ((ret = load_cert(h)) < 0)
             goto fail;
-    if (s->verify)
-        CHECK_ERROR(SSLSetPeerDomainName, c->ssl_context, s->host, strlen(s->host));
+    CHECK_ERROR(SSLSetPeerDomainName, c->ssl_context, s->host, strlen(s->host));
     CHECK_ERROR(SSLSetIOFuncs, c->ssl_context, tls_read_cb, tls_write_cb);
     CHECK_ERROR(SSLSetConnection, c->ssl_context, h);
     while (1) {
-- 
cgit v1.1