Date: Fri, 29 Nov 2013 21:13:30 +0000 (UTC) From: Bryan Drewery <bdrewery@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r258756 - stable/10/lib/libfetch Message-ID: <201311292113.rATLDUEY014730@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bdrewery (ports committer) Date: Fri Nov 29 21:13:30 2013 New Revision: 258756 URL: http://svnweb.freebsd.org/changeset/base/258756 Log: MFC r258347,r258349: Support SNI in libfetch SNI is Server Name Indentification which is a protocol for TLS that indicates the host that is being connected to at the start of the handshake. It allows to use Virtual Hosts on HTTPS. PR: kern/183583 Approved by: bapt (implicit) Approved by: re (gjb) Modified: stable/10/lib/libfetch/common.c Directory Properties: stable/10/lib/libfetch/ (props changed) Modified: stable/10/lib/libfetch/common.c ============================================================================== --- stable/10/lib/libfetch/common.c Fri Nov 29 21:12:35 2013 (r258755) +++ stable/10/lib/libfetch/common.c Fri Nov 29 21:13:30 2013 (r258756) @@ -829,6 +829,16 @@ fetch_ssl(conn_t *conn, const struct url return (-1); } SSL_set_fd(conn->ssl, conn->sd); + +#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) + if (!SSL_set_tlsext_host_name(conn->ssl, + __DECONST(struct url *, URL)->host)) { + fprintf(stderr, + "TLS server name indication extension failed for host %s\n", + URL->host); + return (-1); + } +#endif while ((ret = SSL_connect(conn->ssl)) == -1) { ssl_err = SSL_get_error(conn->ssl, ret); if (ssl_err != SSL_ERROR_WANT_READ &&
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201311292113.rATLDUEY014730>