svn commit: r258756 - stable/10/lib/libfetch
Bryan Drewery
bdrewery at FreeBSD.org
Fri Nov 29 21:13:31 UTC 2013
Author: bdrewery (ports committer)
Date: Fri Nov 29 21:13:30 2013
New Revision: 258756
URL: http://svnweb.freebsd.org/changeset/base/258756
Log:
MFC r258347,r258349:
Support SNI in libfetch
SNI is Server Name Indentification which is a protocol for TLS that
indicates the host that is being connected to at the start of the
handshake. It allows to use Virtual Hosts on HTTPS.
PR: kern/183583
Approved by: bapt (implicit)
Approved by: re (gjb)
Modified:
stable/10/lib/libfetch/common.c
Directory Properties:
stable/10/lib/libfetch/ (props changed)
Modified: stable/10/lib/libfetch/common.c
==============================================================================
--- stable/10/lib/libfetch/common.c Fri Nov 29 21:12:35 2013 (r258755)
+++ stable/10/lib/libfetch/common.c Fri Nov 29 21:13:30 2013 (r258756)
@@ -829,6 +829,16 @@ fetch_ssl(conn_t *conn, const struct url
return (-1);
}
SSL_set_fd(conn->ssl, conn->sd);
+
+#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
+ if (!SSL_set_tlsext_host_name(conn->ssl,
+ __DECONST(struct url *, URL)->host)) {
+ fprintf(stderr,
+ "TLS server name indication extension failed for host %s\n",
+ URL->host);
+ return (-1);
+ }
+#endif
while ((ret = SSL_connect(conn->ssl)) == -1) {
ssl_err = SSL_get_error(conn->ssl, ret);
if (ssl_err != SSL_ERROR_WANT_READ &&
More information about the svn-src-stable
mailing list