Support SNI in libfetch

SNI is Server Name Indentification which is a protocol for TLS that indicates the host that is being connected to at the start of the handshake. It allows to use Virtual Hosts on HTTPS. Submitted by: sbz Submitted by: Michael Gmelin <freebsd@grem.de> [1] PR: kern/183583 [1] Reviewed by: des Approved by: bapt MFC after: 1 week
2013-11-19 15:35:26 +00:00 · 2013-11-19 15:35:26 +00:00 · 4cb272a079
commit 4cb272a079
parent 11dc1c2af3
1 changed files with 9 additions and 0 deletions
--- a/lib/libfetch/common.c
+++ b/lib/libfetch/common.c
@ -829,6 +829,15 @@ fetch_ssl(conn_t *conn, const struct url *URL, int verbose)
 		return (-1);
 	}
 	SSL_set_fd(conn->ssl, conn->sd);
+
+#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
+	if (!SSL_set_tlsext_host_name(conn->ssl, URL->host)) {
+		fprintf(stderr,
+		    "TLS server name indication extension failed for host %s\n",
+		    URL->host);
+		return (-1);
+	}
+#endif
 	while ((ret = SSL_connect(conn->ssl)) == -1) {
 		ssl_err = SSL_get_error(conn->ssl, ret);
 		if (ssl_err != SSL_ERROR_WANT_READ &&