Merge branch 'ob/imap-send-ssl-verify' into maint

Correctly connect to SSL/TLS sites that serve multiple hostnames on a single IP by including Server Name Indication in the client-hello. * ob/imap-send-ssl-verify: imap-send: support Server Name Indication (RFC4366)
author: Junio C Hamano <gitster@pobox.com> 2013-03-26 12:41:59 -0700
committer: Junio C Hamano <gitster@pobox.com> 2013-03-26 12:41:59 -0700
commit: 2a5964afa6f5f5224f45bdf867073fd5ad52a9dc (patch)
tree: bc852b17cbf1d5364b01a9adc56d162c949e1cb1 /imap-send.c
parent: Merge branch 'nd/index-pack-l10n-buf-overflow' into maint (diff)
parent: imap-send: support Server Name Indication (RFC4366) (diff)
download: tgif-2a5964afa6f5f5224f45bdf867073fd5ad52a9dc.tar.xz
1 files changed, 11 insertions, 0 deletions
diff --git a/imap-send.c b/imap-send.c
index 43ac4e0bdf..d9bcfb44dc 100644
--- a/imap-send.c
+++ b/imap-send.c
@@ -304,6 +304,17 @@ static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int ve
 		return -1;
 	}
 
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+	/*
+	 * SNI (RFC4366)
+	 * OpenSSL does not document this function, but the implementation
+	 * returns 1 on success, 0 on failure after calling SSLerr().
+	 */
+	ret = SSL_set_tlsext_host_name(sock->ssl, server.host);
+	if (ret != 1)
+		warning("SSL_set_tlsext_host_name(%s) failed.", server.host);
+#endif
+
 	ret = SSL_connect(sock->ssl);
 	if (ret <= 0) {
 		socket_perror("SSL_connect", sock, ret);
author	Junio C Hamano <gitster@pobox.com>	2013-03-26 12:41:59 -0700
committer	Junio C Hamano <gitster@pobox.com>	2013-03-26 12:41:59 -0700
commit	2a5964afa6f5f5224f45bdf867073fd5ad52a9dc (patch)
tree	bc852b17cbf1d5364b01a9adc56d162c949e1cb1 /imap-send.c
parent	Merge branch 'nd/index-pack-l10n-buf-overflow' into maint (diff)
parent	imap-send: support Server Name Indication (RFC4366) (diff)
download	tgif-2a5964afa6f5f5224f45bdf867073fd5ad52a9dc.tar.xz