MINOR: ssl: provide ia function to set the SNI extension on a connection

ssl_sock_set_servername() is used to set the SNI hostname on an
outgoing connection. This function comes from code originally
provided by Christopher Faulet of Qualys.

diff --git a/include/proto/ssl_sock.h b/include/proto/ssl_sock.h
index 61cf42005c604cf9e976616a6eca2f07d9f68c44..c2156bb04b1725f1f3c668cc31add7e9db89e3e6 100644 (file)
--- a/include/proto/ssl_sock.h
+++ b/include/proto/ssl_sock.h
@@ -52,6 +52,7 @@ void ssl_sock_free_ca(struct bind_conf *bind_conf);
 const char *ssl_sock_get_cipher_name(struct connection *conn);
 const char *ssl_sock_get_proto_version(struct connection *conn);
 char *ssl_sock_get_version(struct connection *conn);
+void ssl_sock_set_servername(struct connection *conn, const char *hostname);
 int ssl_sock_get_cert_used_sess(struct connection *conn);
 int ssl_sock_get_cert_used_conn(struct connection *conn);
 int ssl_sock_get_remote_common_name(struct connection *conn, struct chunk *out);

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index aeee8c3fd85604b3300e0a1da92cc7278e147b4d..7f5d2ae20f95088b62cb55577cd7ba17cf5bc1dd 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3292,6 +3292,16 @@ char *ssl_sock_get_version(struct connection *conn)
        return (char *)SSL_get_version(conn->xprt_ctx);
 }
 
+void ssl_sock_set_servername(struct connection *conn, const char *hostname)
+{
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+       if (!ssl_sock_is_ssl(conn))
+               return;
+
+       SSL_set_tlsext_host_name(conn->xprt_ctx, hostname);
+#endif
+}
+
 /* Extract peer certificate's common name into the chunk dest
  * Returns
  *  the len of the extracted common name