krb5 commit: Support SNI in MS-KKDCP client
Greg Hudson
ghudson at mit.edu
Sat May 30 11:52:13 EDT 2015
https://github.com/krb5/krb5/commit/4b6045adb7a044cd7ddc3987da2f26bf8a5281fe
commit 4b6045adb7a044cd7ddc3987da2f26bf8a5281fe
Author: Christian Heimes <cheimes at redhat.com>
Date: Fri May 15 09:37:31 2015 +0200
Support SNI in MS-KKDCP client
In the k5tls plugin module, call SSL_set_tlsext_host_name() to allow
the server to use SNI support. SSL_set_tlsext_host_name() is a macro
which uses SSL_CTRL_SET_TLSEXT_HOSTNAME and is not available in all
versions of OpenSSL, so conditionalize on that constant.
[ghudson at mit.edu: commit message]
ticket: 8198 (new)
src/plugins/tls/k5tls/openssl.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/src/plugins/tls/k5tls/openssl.c b/src/plugins/tls/k5tls/openssl.c
index 41917c4..c9d270b 100644
--- a/src/plugins/tls/k5tls/openssl.c
+++ b/src/plugins/tls/k5tls/openssl.c
@@ -463,6 +463,10 @@ setup(krb5_context context, SOCKET fd, const char *servername,
if (!SSL_set_fd(ssl, fd))
goto error;
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+ if (!SSL_set_tlsext_host_name(ssl, servername))
+ goto error;
+#endif
SSL_set_connect_state(ssl);
/* Create a handle and allow verify_callback to access it. */
More information about the cvs-krb5
mailing list