undef/git-commit-vandalism
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'ob/imap-send-ssl-verify'

Browse Source 
Correctly connect to SSL/TLS sites that serve multiple hostnames on
a single IP by including Server Name Indication in the client-hello.

* ob/imap-send-ssl-verify:
  imap-send: support Server Name Indication (RFC4366)
This commit is contained in:
Junio C Hamano 2013-03-21 14:02:39 -07:00
commit e3b3b73c6e
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
imap-send.c
View File

@ -304,6 +304,17 @@ static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int ve
return -1; return -1;
} }
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
/*
* SNI (RFC4366)
* OpenSSL does not document this function, but the implementation
* returns 1 on success, 0 on failure after calling SSLerr().
*/
ret = SSL_set_tlsext_host_name(sock->ssl, server.host);
if (ret != 1)
warning("SSL_set_tlsext_host_name(%s) failed.", server.host);
#endif
ret = SSL_connect(sock->ssl); ret = SSL_connect(sock->ssl);
if (ret <= 0) { if (ret <= 0) {
socket_perror("SSL_connect", sock, ret); socket_perror("SSL_connect", sock, ret);