[28927] in CVS-changelog-for-Kerberos-V5
krb5 commit: Support SNI in MS-KKDCP client
daemon@ATHENA.MIT.EDU (Greg Hudson)
Sat May 30 11:52:19 2015
Date: Sat, 30 May 2015 11:52:13 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201505301552.t4UFqDQw013557@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/4b6045adb7a044cd7ddc3987da2f26bf8a5281fe
commit 4b6045adb7a044cd7ddc3987da2f26bf8a5281fe
Author: Christian Heimes <cheimes@redhat.com>
Date: Fri May 15 09:37:31 2015 +0200
Support SNI in MS-KKDCP client
In the k5tls plugin module, call SSL_set_tlsext_host_name() to allow
the server to use SNI support. SSL_set_tlsext_host_name() is a macro
which uses SSL_CTRL_SET_TLSEXT_HOSTNAME and is not available in all
versions of OpenSSL, so conditionalize on that constant.
[ghudson@mit.edu: commit message]
ticket: 8198 (new)
src/plugins/tls/k5tls/openssl.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/src/plugins/tls/k5tls/openssl.c b/src/plugins/tls/k5tls/openssl.c
index 41917c4..c9d270b 100644
--- a/src/plugins/tls/k5tls/openssl.c
+++ b/src/plugins/tls/k5tls/openssl.c
@@ -463,6 +463,10 @@ setup(krb5_context context, SOCKET fd, const char *servername,
if (!SSL_set_fd(ssl, fd))
goto error;
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+ if (!SSL_set_tlsext_host_name(ssl, servername))
+ goto error;
+#endif
SSL_set_connect_state(ssl);
/* Create a handle and allow verify_callback to access it. */
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
