Added server name extension, from draft-ietf-tls-extension-05.

10 files changed, 415 insertions, 68 deletions

diff --git a/NEWS b/NEWS
index 98ddaa646c..99574eb6ad 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,6 @@
 Version 0.5.10
 - Updated documentation.
+- Added server name extension.
 
 Version 0.5.9 (10/10/2002)
 - Corrected some code which worked fine in gcc 3.2, but not with any
diff --git a/lib/Makefile.am b/lib/Makefile.am
index 95ea9330c8..158ad621b1 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -18,7 +18,7 @@ EXTRA_DIST = debug.h gnutls_compress.h defines.h gnutls.asn pkix.asn \
 	gnutls_sig.h gnutls_mem.h x509_extensions.h gnutls_ui.h \
 	gnutls-api.tex io_debug.h ext_max_record.h gnutls_session_pack.h \
 	gnutls_alert.h gnutls_str.h gnutls_state.h gnutls_x509.h \
-	ext_cert_type.h gnutls_rsa_export.h 
+	ext_cert_type.h gnutls_rsa_export.h ext_server_name.h
 lib_LTLIBRARIES = libgnutls.la
 
 
@@ -35,7 +35,8 @@ COBJECTS = gnutls_record.c gnutls_compress.c debug.c \
 	x509_extensions.c auth_cert.c gnutls_ui.c gnutls_sig.c auth_dhe.c \
 	gnutls_dh_primes.c ext_max_record.c gnutls_alert.c gnutls_int_compat.c \
 	gnutls_str.c gnutls_state.c gnutls_x509.c ext_cert_type.c \
-	x509_xml.c gnutls_rsa_export.c auth_rsa_export.c rfc2818_hostname.c
+	x509_xml.c gnutls_rsa_export.c auth_rsa_export.c rfc2818_hostname.c \
+	ext_server_name.c
 
 # Separate so we can create the documentation
 
diff --git a/lib/ext_server_name.c b/lib/ext_server_name.c
new file mode 100644
index 0000000000..b6effe487d
--- /dev/null
+++ b/lib/ext_server_name.c
@@ -0,0 +1,275 @@
+/*
+ *      Copyright (C) 2002 Nikos Mavroyanopoulos
+ *
+ * This file is part of GNUTLS.
+ *
+ * GNUTLS is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GNUTLS is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#include "gnutls_int.h"
+#include "gnutls_auth_int.h"
+#include "gnutls_errors.h"
+#include "gnutls_num.h"
+
+/* 
+ * In case of a server: if a NAME_DNS extension type is received then it stores
+ * into the session the value of NAME_DNS. The server may use gnutls_ext_get_server_name(),
+ * in order to access it.
+ *
+ * In case of a client: If a proper NAME_DNS extension type is found in the session then
+ * it sends the extension to the peer.
+ *
+ */
+
+int _gnutls_server_name_recv_params(gnutls_session session,
+				    const opaque * data, int data_size)
+{
+   int i;
+   const char *p;
+   uint16 len;
+   int server_names = 0;
+
+   if (session->security_parameters.entity == GNUTLS_SERVER) {
+      DECR_LEN(data_size, 2);
+      len = _gnutls_read_uint16(data);
+
+      i = data_size;
+      p = data + 2;
+
+      /* Count all server_names in the packet. */
+      while (i > 0) {
+	 DECR_LEN(data_size, 2);
+	 len = _gnutls_read_uint16(p);
+	 p += 2;
+
+	 DECR_LEN(data_size, len);
+	 server_names++;
+
+	 p += len;
+	 i -= len + 2;
+
+      }
+
+      session->security_parameters.extensions.server_names_size =
+	  server_names;
+      if (server_names == 0)
+	 return 0;		/* no names found */
+
+      if (session->security_parameters.extensions.server_names)
+	 free(session->security_parameters.extensions.server_names);
+
+      session->security_parameters.extensions.server_names =
+	  gnutls_malloc(server_names * sizeof(server_name_st));
+
+      p = data + 2;
+      for (i = 0; i < server_names; i++) {
+	 len = _gnutls_read_uint16(p);
+	 p += 2;
+
+	 switch (*p) {
+	 case 0: /* NAME_DNS */
+	    if (len - 1 <= MAX_SERVER_NAME_SIZE) {
+	       memcpy(session->security_parameters.extensions.
+		      server_names[i].name, &p[1], len - 1);
+	       session->security_parameters.extensions.server_names[i].
+		   name_length = len - 1;
+	       session->security_parameters.extensions.server_names[i].
+		   type = GNUTLS_NAME_DNS;
+	       break;
+	    }
+	 }
+
+	 /* move to next record */
+	 p += len;
+      }
+   }
+   return 0;
+}
+
+/* returns data_size or a negative number on failure
+ * data is allocated localy
+ */
+int _gnutls_server_name_send_params(gnutls_session session, opaque * data,
+				    int data_size)
+{
+   uint16 len;
+   char *p;
+   int i;
+   int total_size = 0;
+
+   /* this function sends the client extension data (dnsname) */
+   if (session->security_parameters.entity == GNUTLS_CLIENT) {
+
+      for (i = 0;
+	   i < session->security_parameters.extensions.server_names_size;
+	   i++) {
+	 switch (session->security_parameters.extensions.server_names[i].
+		 type) {
+	 case GNUTLS_NAME_DNS:
+	    if (session->security_parameters.extensions.server_names != NULL && (len = session->security_parameters.extensions.server_names[0].name_length) > 0) {	/* send dnsname */
+
+	       /* UINT16: total size of all names
+	        * UINT16: size of the first name
+	        * UINT8: type of this extension
+	        * REST of the data ( we only send one name);
+	        */
+	       if (data_size < len + 5) {
+		  gnutls_assert();
+		  return GNUTLS_E_INVALID_REQUEST;
+	       }
+
+	       p = data;
+
+	       _gnutls_write_uint16(len + 3, p);
+	       p += 2;
+
+	       _gnutls_write_uint16(len + 1, p);
+	       p += 2;
+
+	       *p = 0;		/* NAME_DNS type */
+	       p++;
+
+	       memcpy(p,
+		      session->security_parameters.extensions.
+		      server_names[0].name, len);
+	       len = len + 5;
+	    }
+	    break;
+	 default:
+	    return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+	 }
+	 data += len;
+	 total_size += len;
+      }
+   }
+   if (total_size == 0)
+      return GNUTLS_E_INVALID_REQUEST;
+   return total_size;
+}
+
+/**
+  * gnutls_get_server_name - Used to get the server name indicator send by a client
+  * @session: is a &gnutls_session structure.
+  * @data: will hold the data
+  * @data_length: will hold the data length. Must hold the maximum size of data.
+  * @type: will hold the server name indicator type
+  * @index: is the index of the server_name
+  *
+  * This function will allow you to get the name indication (if any),
+  * a client has sent. The name indication may be any of the enumeration
+  * gnutls_server_name_type.
+  *
+  * If 'type' is GNUTLS_NAME_DNS, then this function is to be used by servers
+  * that support virtual hosting, and the data will be null terminated.
+  * The client may give the server the dnsname they connected to.
+  *
+  * If data has not enough size to hold the server name GNUTLS_E_INVALID_REQUEST
+  * is returned, and data_length will hold the required size.
+  *
+  * 'index' is used to retrieve more than one server names (if sent by the client).
+  * The first server name has an index of 0, the second 1 and so on. If no name with the given
+  * index exists GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
+  *
+  **/
+int gnutls_get_server_name(gnutls_session session, void *data,
+			   int *data_length,
+			   int * type, int index)
+{
+   char *_data = data;
+   
+   if (session->security_parameters.entity == GNUTLS_CLIENT)
+      return GNUTLS_E_INVALID_REQUEST;
+
+   if (index >
+       session->security_parameters.extensions.server_names_size - 1)
+      return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+
+   *type =
+       session->security_parameters.extensions.server_names[index].type;
+
+   if (*data_length > /* greater since we need one extra byte for the null */
+       session->security_parameters.extensions.server_names[index].
+       name_length) {
+      *data_length =
+	  session->security_parameters.extensions.server_names[index].
+	  name_length;
+      memcpy(data,
+	     session->security_parameters.extensions.server_names[index].
+	     name, *data_length);
+
+      if (*type == GNUTLS_NAME_DNS)	/* null terminate */
+	 _data[(*data_length)] = 0;
+
+   } else {
+      *data_length =
+	  session->security_parameters.extensions.server_names[index].
+	  name_length;
+      return GNUTLS_E_INVALID_REQUEST;
+   }
+
+   return 0;
+}
+
+/**
+  * gnutls_set_server_name - Used to set a name indicator to be sent as an extension
+  * @session: is a &gnutls_session structure.
+  * @name: is a string that contains the server name.
+  * @name_length: holds the length of name
+  * @type: specifies the indicator type
+  *
+  * This function is to be used by clients that want to inform 
+  * ( via a TLS extension mechanism) the server of the name they
+  * connected to. This should be used by clients that connect
+  * to servers that do virtual hosting.
+  *
+  * The value of 'name' depends on the 'ind' type. In case of GNUTLS_NAME_DNS,
+  * a null terminated string is expected. 
+  *
+  **/
+int gnutls_set_server_name(gnutls_session session,
+			   gnutls_server_name_type type,
+			   const void *name, int name_length)
+{
+   const char *dnsname;
+   int server_names;
+
+   if (session->security_parameters.entity == GNUTLS_SERVER)
+      return GNUTLS_E_INVALID_REQUEST;
+
+   if (name_length > MAX_SERVER_NAME_SIZE)
+      return GNUTLS_E_INVALID_REQUEST;
+
+   server_names =
+       session->security_parameters.extensions.server_names_size + 1;
+
+   session->security_parameters.extensions.server_names =
+       gnutls_realloc(session->security_parameters.extensions.server_names,
+		      server_names * sizeof(server_name_st));
+
+   if (session->security_parameters.extensions.server_names == NULL)
+      return GNUTLS_E_MEMORY_ERROR;
+
+   session->security_parameters.extensions.server_names[server_names -
+							1].type = type;
+   memcpy(session->security_parameters.extensions.
+	  server_names[server_names - 1].name, name, name_length);
+   session->security_parameters.extensions.server_names[server_names -
+							1].name_length =
+       name_length;
+
+   session->security_parameters.extensions.server_names_size++;
+
+   return 0;
+}
diff --git a/lib/ext_server_name.h b/lib/ext_server_name.h
new file mode 100644
index 0000000000..61ba1f3606
--- /dev/null
+++ b/lib/ext_server_name.h
@@ -0,0 +1,10 @@
+int _gnutls_server_name_recv_params( gnutls_session session, const opaque* data, int data_size);
+int _gnutls_server_name_send_params( gnutls_session session, opaque* data, int);
+
+int gnutls_get_server_name(gnutls_session session, void* data, int* data_length,
+				       int *type, int index);
+
+int gnutls_set_server_name(gnutls_session session,
+			       gnutls_server_name_type type,
+			       const void *name, int name_length);
+
diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in
index 41acad6035..99a133130f 100644
--- a/lib/gnutls.h.in.in
+++ b/lib/gnutls.h.in.in
@@ -184,6 +184,18 @@ ssize_t gnutls_record_set_max_size( gnutls_session session, size_t size);
 
 size_t gnutls_record_check_pending(gnutls_session session);
 
+/* TLS Extensions */
+
+typedef enum gnutls_server_name_type { GNUTLS_NAME_DNS=1 
+} gnutls_server_name_type;
+
+int gnutls_get_server_name(gnutls_session session, void* data, int* data_length,
+				       int *type, int index);
+
+int gnutls_set_server_name(gnutls_session session,
+			       gnutls_server_name_type type,
+			       const void *name, int name_length);
+
 /* functions to set priority of cipher suites 
  */
 int gnutls_cipher_set_priority( gnutls_session session, const int*);
diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c
index 534e81a0c1..e918c71e64 100644
--- a/lib/gnutls_extensions.c
+++ b/lib/gnutls_extensions.c
@@ -29,6 +29,7 @@
 #include "gnutls_errors.h"
 #include "ext_max_record.h"
 #include <ext_cert_type.h>
+#include <ext_server_name.h>
 #include "gnutls_num.h"
 
 /* Key Exchange Section */
@@ -42,6 +43,7 @@ const int _gnutls_extensions_size = MAX_EXT_SIZE;
 gnutls_extension_entry _gnutls_extensions[MAX_EXT_SIZE] = {
 	GNUTLS_EXTENSION_ENTRY( GNUTLS_EXTENSION_MAX_RECORD_SIZE, _gnutls_max_record_recv_params, _gnutls_max_record_send_params),
 	GNUTLS_EXTENSION_ENTRY( GNUTLS_EXTENSION_CERT_TYPE, _gnutls_cert_type_recv_params, _gnutls_cert_type_send_params),
+	GNUTLS_EXTENSION_ENTRY( GNUTLS_EXTENSION_SERVER_NAME, _gnutls_server_name_recv_params, _gnutls_server_name_send_params),
 	{0}
 };
 
@@ -192,7 +194,6 @@ int (*ext_func_send)( gnutls_session, opaque*, int);
 		ext_func_send = _gnutls_ext_func_send(next);
 		if (ext_func_send == NULL) continue;
 		size = ext_func_send( session, sdata, sdata_size);
-
 		if (size > 0) {
 			(*data) = gnutls_realloc_fast( (*data), pos+size+4);
 			if ((*data)==NULL) {
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index fe01c26710..9fc7d3db29 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -65,6 +65,7 @@ typedef int gnutls_transport_ptr;
 #define MAX_X509_CERT_SIZE 10*1024
 #define MAX_LOG_SIZE 1024 /* maximum number of log message */
 #define MAX_SRP_USERNAME 256
+#define MAX_SERVER_NAME_SIZE 256
 
 /* we can receive up to MAX_EXT_TYPES extensions.
  */
@@ -167,7 +168,9 @@ typedef enum gnutls_compression_method { GNUTLS_COMP_NULL=1, GNUTLS_COMP_ZLIB,
 
 typedef enum gnutls_connection_end { GNUTLS_SERVER=1, GNUTLS_CLIENT } gnutls_connection_end;
 
-typedef enum Extensions { GNUTLS_EXTENSION_MAX_RECORD_SIZE=1, GNUTLS_EXTENSION_SRP=6, GNUTLS_EXTENSION_CERT_TYPE=7 
+typedef enum Extensions { GNUTLS_EXTENSION_SERVER_NAME=0, 
+   GNUTLS_EXTENSION_MAX_RECORD_SIZE=1, GNUTLS_EXTENSION_SRP=6, 
+   GNUTLS_EXTENSION_CERT_TYPE=7 
 } Extensions;
 
 typedef enum gnutls_credentials_type { GNUTLS_CRD_CERTIFICATE=1, GNUTLS_CRD_ANON, GNUTLS_CRD_SRP } gnutls_credentials_type;
@@ -282,7 +285,18 @@ gnutls_protocol_version;
  * structures also - see SRP).
  */
 
+typedef enum gnutls_server_name_type { GNUTLS_NAME_DNS=1 
+} gnutls_server_name_type;
+
+typedef struct {
+   opaque name[MAX_SERVER_NAME_SIZE];
+   int name_length;
+   gnutls_server_name_type type;
+} server_name_st;
+
 typedef struct {
+	server_name_st* server_names;
+	int		server_names_size;
 	opaque 		srp_username[MAX_SRP_USERNAME];
 } TLSExtensions;
 
diff --git a/src/cli.c b/src/cli.c
index 0644764493..b7a60bcd9b 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -123,7 +123,7 @@ void init_global_tls_stuff(void);
 
 /* initializes a gnutls_session with some defaults.
  */
-static gnutls_session init_tls_session(void)
+static gnutls_session init_tls_session( const char* hostname)
 {
    gnutls_session session;
 
@@ -133,6 +133,8 @@ static gnutls_session init_tls_session(void)
     */
    gnutls_handshake_set_private_extensions(session, 1);
 
+   gnutls_set_server_name( session, GNUTLS_NAME_DNS, hostname, strlen(hostname));
+
    gnutls_cipher_set_priority(session, cipher_priority);
    gnutls_compression_set_priority(session, comp_priority);
    gnutls_kx_set_priority(session, kx_priority);
@@ -217,7 +219,7 @@ int main(int argc, char **argv)
    hd.secure = 0;
    hd.fd = sd;
 
-   hd.session = init_tls_session();
+   hd.session = init_tls_session(hostname);
    if (starttls)
       goto after_handshake;
 
@@ -225,7 +227,7 @@ int main(int argc, char **argv)
 
 
       if (i == 1) {
-	 hd.session = init_tls_session();
+	 hd.session = init_tls_session(hostname);
 	 gnutls_session_set_data(hd.session, session_data,
 				 session_data_size);
 	 free(session_data);
diff --git a/src/common.c b/src/common.c
index 6156131869..1dbea91476 100644
--- a/src/common.c
+++ b/src/common.c
@@ -19,14 +19,15 @@ void print_cert_info(gnutls_session session);
 #define PRINT_PGP_NAME(X) PRINTX( "NAME:", X.name); \
 	PRINTX( "EMAIL:", X.email)
 
-static const char* my_ctime( time_t* tv) {
-static char buf[256];
-struct tm* tp;
+static const char *my_ctime(time_t * tv)
+{
+	static char buf[256];
+	struct tm *tp;
 
-tp = localtime(tv);
-strftime(buf, sizeof buf, "%a %b %e %H:%M:%S %Z %Y\n", tp);
+	tp = localtime(tv);
+	strftime(buf, sizeof buf, "%a %b %e %H:%M:%S %Z %Y\n", tp);
 
-return buf;
+	return buf;
 
 }
 
@@ -53,22 +54,22 @@ void print_x509_info(gnutls_session session)
 		return;
 
 #ifdef XML
-		{
-			gnutls_datum res;
-	
-			gnutls_x509_certificate_to_xml( &cert_list[0], &res, 0);
-			printf( res.data);
-			
-			free(res.data);
-	
-			return;
+	{
+		gnutls_datum res;
+
+		gnutls_x509_certificate_to_xml(&cert_list[0], &res, 0);
+		printf(res.data);
+
+		free(res.data);
+
+		return;
 	}
 #endif
 
 	printf(" - Certificate info:\n");
 
-	printf(" # Certificate is valid since: %s", my_ctime( &activet));
-	printf(" # Certificate expires: %s", my_ctime( &expiret));
+	printf(" # Certificate is valid since: %s", my_ctime(&activet));
+	printf(" # Certificate expires: %s", my_ctime(&expiret));
 
 	/* Print the fingerprint of the certificate
 	 */
@@ -101,13 +102,15 @@ void print_x509_info(gnutls_session session)
 	printf(" # Certificate version: #%d\n",
 	       gnutls_x509_extract_certificate_version(&cert_list[0]));
 
-	algo = gnutls_x509_extract_certificate_pk_algorithm( &cert_list[0], &bits);
+	algo =
+	    gnutls_x509_extract_certificate_pk_algorithm(&cert_list[0],
+							 &bits);
 	printf(" # Certificate public key algorithm: ");
 
-	if (algo==GNUTLS_PK_RSA) {
+	if (algo == GNUTLS_PK_RSA) {
 		printf("RSA\n");
 		printf(" #   Modulus: %d bits\n", bits);
-	} else if (algo==GNUTLS_PK_DSA) {
+	} else if (algo == GNUTLS_PK_DSA) {
 		printf("DSA\n");
 		printf(" #   Exponent: %d bits\n", bits);
 	} else {
@@ -144,23 +147,23 @@ void print_openpgp_info(gnutls_session session)
 #ifdef XML
 		{
 			gnutls_datum res;
-	
-			gnutls_openpgp_key_to_xml( &cert_list[0], &res, 0);
-			printf( res.data);
-			
+
+			gnutls_openpgp_key_to_xml(&cert_list[0], &res, 0);
+			printf(res.data);
+
 			free(res.data);
-	
+
 			return;
-	}
+		}
 #endif
 
-		printf(" # Key was created at: %s", my_ctime( &activet));
+		printf(" # Key was created at: %s", my_ctime(&activet));
 		printf(" # Key expires: ");
 		if (expiret != 0)
-			printf("%s", my_ctime( &expiret));
+			printf("%s", my_ctime(&expiret));
 		else
 			printf("Never\n");
-		
+
 		if (gnutls_openpgp_fingerprint
 		    (&cert_list[0], digest, &digest_size) >= 0) {
 			print = printable;
@@ -170,28 +173,30 @@ void print_openpgp_info(gnutls_session session)
 				print += 3;
 			}
 
-			printf(" # PGP Key version: %d\n", 
-				gnutls_openpgp_extract_key_version(&cert_list[0]));
+			printf(" # PGP Key version: %d\n",
+			       gnutls_openpgp_extract_key_version
+			       (&cert_list[0]));
+
+			algo =
+			    gnutls_openpgp_extract_key_pk_algorithm
+			    (&cert_list[0], &bits);
 
-			algo = gnutls_openpgp_extract_key_pk_algorithm( &cert_list[0], &bits);
-		
 			printf(" # PGP Key public key algorithm: ");
 
-			if (algo==GNUTLS_PK_RSA) {
+			if (algo == GNUTLS_PK_RSA) {
 				printf("RSA\n");
 				printf(" #   Modulus: %d bits\n", bits);
-			} else if (algo==GNUTLS_PK_DSA) {
+			} else if (algo == GNUTLS_PK_DSA) {
 				printf("DSA\n");
 				printf(" #   Exponent: %d bits\n", bits);
 			} else {
 				printf("UNKNOWN\n");
 			}
 
-			printf(" # PGP Key fingerprint: %s\n",
-			       printable);
+			printf(" # PGP Key fingerprint: %s\n", printable);
 
 			gnutls_openpgp_extract_key_name(&cert_list
-							      [0], 0, &pgp_name);
+							[0], 0, &pgp_name);
 			PRINT_PGP_NAME(pgp_name);
 
 		}
@@ -211,7 +216,8 @@ void print_cert_vrfy(gnutls_session session)
 		return;
 	}
 	if (status < 0) {
-		printf("- Could not verify certificate (err %d)\n", status);
+		printf("- Could not verify certificate (err %d)\n",
+		       status);
 		return;
 	}
 
@@ -241,8 +247,9 @@ int print_info(gnutls_session session)
 	switch (cred) {
 	case GNUTLS_CRD_ANON:
 		printf("- Anonymous DH using prime of %d bits, secret key "
-			"of %d bits, and peer's public key is %d bits.\n",
-		       gnutls_dh_get_prime_bits(session), gnutls_dh_get_secret_bits(session),
+		       "of %d bits, and peer's public key is %d bits.\n",
+		       gnutls_dh_get_prime_bits(session),
+		       gnutls_dh_get_secret_bits(session),
 		       gnutls_dh_get_peers_public_bits(session));
 		break;
 	case GNUTLS_CRD_SRP:
@@ -254,21 +261,36 @@ int print_info(gnutls_session session)
 			       gnutls_srp_server_get_username(session));
 		break;
 	case GNUTLS_CRD_CERTIFICATE:
-		print_cert_info( session);
+		{
+			char dns[256];
+			int dns_size = sizeof(dns);
+			int type;
+
+			/* This fails in client side */
+			if (gnutls_get_server_name
+			    (session, dns, &dns_size, &type, 0) == 0) {
+				printf("- Given server name[%d]: %s\n", type, dns);
+			}
+		}
+
+		print_cert_info(session);
 
 		print_cert_vrfy(session);
 
 		/* Check if we have been using ephemeral Diffie Hellman.
 		 */
 		if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS) {
-			printf("- Ephemeral DH using prime of %d bits, secret key "
-				"of %d bits, and peer's public key is %d bits.\n",
-			       gnutls_dh_get_prime_bits(session), gnutls_dh_get_secret_bits(session),
-			       gnutls_dh_get_peers_public_bits(session));
+			printf
+			    ("- Ephemeral DH using prime of %d bits, secret key "
+			     "of %d bits, and peer's public key is %d bits.\n",
+			     gnutls_dh_get_prime_bits(session),
+			     gnutls_dh_get_secret_bits(session),
+			     gnutls_dh_get_peers_public_bits(session));
 		}
 	}
 
-	tmp = gnutls_protocol_get_name(gnutls_protocol_get_version(session));
+	tmp =
+	    gnutls_protocol_get_name(gnutls_protocol_get_version(session));
 	printf("- Version: %s\n", tmp);
 
 	tmp = gnutls_kx_get_name(kx);
@@ -289,7 +311,7 @@ int print_info(gnutls_session session)
 void print_cert_info(gnutls_session session)
 {
 
-	printf( "- Certificate type: ");
+	printf("- Certificate type: ");
 	switch (gnutls_certificate_type_get(session)) {
 	case GNUTLS_CRT_X509:
 		printf("X.509\n");
@@ -345,17 +367,17 @@ void print_list(void)
 
 void print_license(void)
 {
-   fprintf(stdout,
-	   "\nCopyright (C) 2001-2002 Nikos Mavroyanopoulos\n"
-	     "This program is free software; you can redistribute it and/or modify \n"
-	     "it under the terms of the GNU General Public License as published by \n"
-	     "the Free Software Foundation; either version 2 of the License, or \n"
-	     "(at your option) any later version. \n" "\n"
-	     "This program is distributed in the hope that it will be useful, \n"
-	     "but WITHOUT ANY WARRANTY; without even the implied warranty of \n"
-	     "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the \n"
-	     "GNU General Public License for more details. \n" "\n"
-	     "You should have received a copy of the GNU General Public License \n"
-	     "along with this program; if not, write to the Free Software \n"
-	     "Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.\n\n");
+	fprintf(stdout,
+		"\nCopyright (C) 2001-2002 Nikos Mavroyanopoulos\n"
+		"This program is free software; you can redistribute it and/or modify \n"
+		"it under the terms of the GNU General Public License as published by \n"
+		"the Free Software Foundation; either version 2 of the License, or \n"
+		"(at your option) any later version. \n" "\n"
+		"This program is distributed in the hope that it will be useful, \n"
+		"but WITHOUT ANY WARRANTY; without even the implied warranty of \n"
+		"MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the \n"
+		"GNU General Public License for more details. \n" "\n"
+		"You should have received a copy of the GNU General Public License \n"
+		"along with this program; if not, write to the Free Software \n"
+		"Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.\n\n");
 }
diff --git a/src/serv.c b/src/serv.c
index cea31ec658..dd94451a81 100644
--- a/src/serv.c
+++ b/src/serv.c
@@ -318,6 +318,15 @@ char* peer_print_info(gnutls_session session, int *ret_length, const char* heade
    /* Here unlike print_info() we use the kx algorithm to distinguish
     * the functions to call.
     */
+   { char dns[256];
+     int dns_size = sizeof(dns);
+     int type;
+
+     if (gnutls_get_server_name( session, dns, &dns_size, &type, 0) == 0) {
+        sprintf(tmp2, "\n<p>Server Name: %s</p>\n", dns);
+     }
+
+   }
 
    /* print srp specific data */
    if (gnutls_kx_get(session) == GNUTLS_KX_SRP) {