Support SNI in MS-KKDCP client

In the k5tls plugin module, call SSL_set_tlsext_host_name() to allow the server to use SNI support. SSL_set_tlsext_host_name() is a macro which uses SSL_CTRL_SET_TLSEXT_HOSTNAME and is not available in all versions of OpenSSL, so conditionalize on that constant. [ghudson@mit.edu: commit message] ticket: 8198 (new)
tiran · May 30, 2015 · 4b6045a · 4b6045a
1 parent 50a3c3c
commit 4b6045a
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/src/plugins/tls/k5tls/openssl.c b/src/plugins/tls/k5tls/openssl.c
@@ -463,6 +463,10 @@ setup(krb5_context context, SOCKET fd, const char *servername,
 
     if (!SSL_set_fd(ssl, fd))
         goto error;
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+    if (!SSL_set_tlsext_host_name(ssl, servername))
+        goto error;
+#endif
     SSL_set_connect_state(ssl);
 
     /* Create a handle and allow verify_callback to access it. */