home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Date: Sat, 30 May 2015 11:52:13 -0400 From: Greg Hudson <ghudson@mit.edu> Message-Id: <201505301552.t4UFqDQw013557@drugstore.mit.edu> To: cvs-krb5@mit.edu Reply-To: krbdev@mit.edu MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: cvs-krb5-bounces@mit.edu https://github.com/krb5/krb5/commit/4b6045adb7a044cd7ddc3987da2f26bf8a5281fe commit 4b6045adb7a044cd7ddc3987da2f26bf8a5281fe Author: Christian Heimes <cheimes@redhat.com> Date: Fri May 15 09:37:31 2015 +0200 Support SNI in MS-KKDCP client In the k5tls plugin module, call SSL_set_tlsext_host_name() to allow the server to use SNI support. SSL_set_tlsext_host_name() is a macro which uses SSL_CTRL_SET_TLSEXT_HOSTNAME and is not available in all versions of OpenSSL, so conditionalize on that constant. [ghudson@mit.edu: commit message] ticket: 8198 (new) src/plugins/tls/k5tls/openssl.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/src/plugins/tls/k5tls/openssl.c b/src/plugins/tls/k5tls/openssl.c index 41917c4..c9d270b 100644 --- a/src/plugins/tls/k5tls/openssl.c +++ b/src/plugins/tls/k5tls/openssl.c @@ -463,6 +463,10 @@ setup(krb5_context context, SOCKET fd, const char *servername, if (!SSL_set_fd(ssl, fd)) goto error; +#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME + if (!SSL_set_tlsext_host_name(ssl, servername)) + goto error; +#endif SSL_set_connect_state(ssl); /* Create a handle and allow verify_callback to access it. */ _______________________________________________ cvs-krb5 mailing list cvs-krb5@mit.edu https://mailman.mit.edu/mailman/listinfo/cvs-krb5
home | help | back | first | fref | pref | prev | next | nref | lref | last | post |