diff options
author | Junio C Hamano <gitster@pobox.com> | 2013-03-26 12:41:59 -0700 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2013-03-26 12:41:59 -0700 |
commit | 2a5964afa6f5f5224f45bdf867073fd5ad52a9dc (patch) | |
tree | bc852b17cbf1d5364b01a9adc56d162c949e1cb1 /imap-send.c | |
parent | 4bb2121c17a2422985ae4c00bf43ee962200b071 (diff) | |
parent | 698a1ec4d52e90d611c233a12147daf261168bc6 (diff) | |
download | git-2a5964afa6f5f5224f45bdf867073fd5ad52a9dc.tar.gz |
Merge branch 'ob/imap-send-ssl-verify' into maint
Correctly connect to SSL/TLS sites that serve multiple hostnames on
a single IP by including Server Name Indication in the client-hello.
* ob/imap-send-ssl-verify:
imap-send: support Server Name Indication (RFC4366)
Diffstat (limited to 'imap-send.c')
-rw-r--r-- | imap-send.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/imap-send.c b/imap-send.c index 43ac4e0bdf..d9bcfb44dc 100644 --- a/imap-send.c +++ b/imap-send.c @@ -304,6 +304,17 @@ static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int ve return -1; } +#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME + /* + * SNI (RFC4366) + * OpenSSL does not document this function, but the implementation + * returns 1 on success, 0 on failure after calling SSLerr(). + */ + ret = SSL_set_tlsext_host_name(sock->ssl, server.host); + if (ret != 1) + warning("SSL_set_tlsext_host_name(%s) failed.", server.host); +#endif + ret = SSL_connect(sock->ssl); if (ret <= 0) { socket_perror("SSL_connect", sock, ret); |