Added support for server name indication (RFC 4366).
Patch submitted by Kaspar Brand.
This commit is contained in:
parent
74241e7d85
commit
9682c2037e
7
CHANGES
7
CHANGES
@ -6,6 +6,9 @@
|
||||
|
||||
Changelog
|
||||
|
||||
Guenter Knauf (26 Feb 2008)
|
||||
- Kaspar Brand provided a patch to support server name indication (RFC 4366).
|
||||
|
||||
Daniel S (25 Feb 2008)
|
||||
- Kaspar Brand made GnuTLS-built libcurl properly acknowledge the option that
|
||||
forces it to prefer SSLv3.
|
||||
@ -45,11 +48,11 @@ Daniel S (20 Feb 2008)
|
||||
correctly for a long time and nobody has even noticed, I consider it a very
|
||||
suitable subject for plain removal. And so it was done.
|
||||
|
||||
Guenter Knauf (19 Feb 2007)
|
||||
Guenter Knauf (19 Feb 2008)
|
||||
- We do no longer support SSLv2 by default since it has known flaws.
|
||||
Kaspar Brand provided a patch for all supported SSL toolkits.
|
||||
|
||||
Daniel Fandrich (19 Feb 2007)
|
||||
Daniel Fandrich (19 Feb 2008)
|
||||
- Added test309 to test HTTP redirect to HTTPS URL
|
||||
|
||||
Daniel S (18 Feb 2008)
|
||||
|
15
lib/gtls.c
15
lib/gtls.c
@ -43,6 +43,7 @@
|
||||
|
||||
#include "urldata.h"
|
||||
#include "sendf.h"
|
||||
#include "inet_pton.h"
|
||||
#include "gtls.h"
|
||||
#include "sslgen.h"
|
||||
#include "parsedate.h"
|
||||
@ -229,6 +230,11 @@ Curl_gtls_connect(struct connectdata *conn,
|
||||
const char *ptr;
|
||||
void *ssl_sessionid;
|
||||
size_t ssl_idsize;
|
||||
#ifdef ENABLE_IPV6
|
||||
struct in6_addr addr;
|
||||
#else
|
||||
struct in_addr addr;
|
||||
#endif
|
||||
|
||||
if(!gtls_inited)
|
||||
_Curl_gtls_init();
|
||||
@ -275,6 +281,15 @@ Curl_gtls_connect(struct connectdata *conn,
|
||||
/* convenient assign */
|
||||
session = conn->ssl[sockindex].session;
|
||||
|
||||
if ((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&
|
||||
#ifdef ENABLE_IPV6
|
||||
(0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) &&
|
||||
#endif
|
||||
(gnutls_server_name_set(session, GNUTLS_NAME_DNS, conn->host.name,
|
||||
strlen(conn->host.name)) < 0))
|
||||
infof(data, "WARNING: failed to configure server name indication (SNI) "
|
||||
"TLS extension\n");
|
||||
|
||||
/* Use default priorities */
|
||||
rc = gnutls_set_default_priority(session);
|
||||
if(rc < 0)
|
||||
|
17
lib/ssluse.c
17
lib/ssluse.c
@ -1299,6 +1299,13 @@ ossl_connect_step1(struct connectdata *conn,
|
||||
void *ssl_sessionid=NULL;
|
||||
curl_socket_t sockfd = conn->sock[sockindex];
|
||||
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
||||
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
||||
#ifdef ENABLE_IPV6
|
||||
struct in6_addr addr;
|
||||
#else
|
||||
struct in_addr addr;
|
||||
#endif
|
||||
#endif
|
||||
|
||||
DEBUGASSERT(ssl_connect_1 == connssl->connecting_state);
|
||||
|
||||
@ -1456,6 +1463,16 @@ ossl_connect_step1(struct connectdata *conn,
|
||||
|
||||
connssl->server_cert = 0x0;
|
||||
|
||||
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
||||
if ((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&
|
||||
#ifdef ENABLE_IPV6
|
||||
(0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) &&
|
||||
#endif
|
||||
!SSL_set_tlsext_host_name(connssl->handle, conn->host.name))
|
||||
infof(data, "WARNING: failed to configure server name indication (SNI) "
|
||||
"TLS extension\n");
|
||||
#endif
|
||||
|
||||
/* Check if there's a cached ID we can/should use here! */
|
||||
if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL)) {
|
||||
/* we got a session id, use it! */
|
||||
|
Loading…
Reference in New Issue
Block a user