Send TLS Server Name Indication as peer if server identity is a FQDN

diff --git a/src/libtls/tls.h b/src/libtls/tls.h
index 74c418f331fcee65c87cd453b6266a477110d052..54b0621b580ac761993998e577e23a35eacb90ce 100644 (file)
--- a/src/libtls/tls.h
+++ b/src/libtls/tls.h
@@ -130,6 +130,10 @@ enum tls_extension_t {
        TLS_EXT_RENEGOTIATION_INFO = 65281,
 };
 
+enum tls_name_type_t {
+       TLS_NAME_TYPE_HOST_NAME = 0,
+};
+
 /**
  * Enum names for tls_extension_t
  */

diff --git a/src/libtls/tls_peer.c b/src/libtls/tls_peer.c
index c1fd33eeaa3099397cc4775972792e231acbcbe5..ae89153be0fd6315e6e0d53c2b47be99629a864d 100644 (file)
--- a/src/libtls/tls_peer.c
+++ b/src/libtls/tls_peer.c
@@ -738,6 +738,20 @@ static status_t send_client_hello(private_tls_peer_t *this,
                extensions->write_uint8(extensions, 1);
                extensions->write_uint8(extensions, TLS_EC_POINT_UNCOMPRESSED);
        }
+       if (this->server->get_type(this->server) == ID_FQDN)
+       {
+               tls_writer_t *names;
+
+               DBG2(DBG_TLS, "sending Server Name Indication for '%Y'", this->server);
+
+               names = tls_writer_create(8);
+               names->write_uint8(names, TLS_NAME_TYPE_HOST_NAME);
+               names->write_data16(names, this->server->get_encoding(this->server));
+               names->wrap16(names);
+               extensions->write_uint16(extensions, TLS_EXT_SERVER_NAME);
+               extensions->write_data16(extensions, names->get_buf(names));
+               names->destroy(names);
+       }
 
        writer->write_data16(writer, extensions->get_buf(extensions));
        extensions->destroy(extensions);