Merge branch 'ob/imap-send-ssl-verify' into maint
Correctly connect to SSL/TLS sites that serve multiple hostnames on a single IP by including Server Name Indication in the client-hello. * ob/imap-send-ssl-verify: imap-send: support Server Name Indication (RFC4366)
This commit is contained in:
commit
2a5964afa6
11
imap-send.c
11
imap-send.c
@ -304,6 +304,17 @@ static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int ve
|
||||
return -1;
|
||||
}
|
||||
|
||||
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
||||
/*
|
||||
* SNI (RFC4366)
|
||||
* OpenSSL does not document this function, but the implementation
|
||||
* returns 1 on success, 0 on failure after calling SSLerr().
|
||||
*/
|
||||
ret = SSL_set_tlsext_host_name(sock->ssl, server.host);
|
||||
if (ret != 1)
|
||||
warning("SSL_set_tlsext_host_name(%s) failed.", server.host);
|
||||
#endif
|
||||
|
||||
ret = SSL_connect(sock->ssl);
|
||||
if (ret <= 0) {
|
||||
socket_perror("SSL_connect", sock, ret);
|
||||
|
Loading…
Reference in New Issue
Block a user