From: Harry Sintonen <sintonen@iki.fi>
Date: Fri, 6 May 2022 14:25:19 +0000 (+0200)
Subject: sectransp: bail out if SSLSetPeerDomainName fails
X-Git-Tag: curl-7_83_1~20
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4fc35c829c300f978743a9bc56aa07fa47dc4337;p=thirdparty%2Fcurl.git

sectransp: bail out if SSLSetPeerDomainName fails

Before the code would just warn about SSLSetPeerDomainName() errors.

Closes #8798
---

diff --git a/lib/vtls/sectransp.c b/lib/vtls/sectransp.c
index 8ee8fe997f..2e57d83785 100644
--- a/lib/vtls/sectransp.c
+++ b/lib/vtls/sectransp.c
@@ -2045,8 +2045,9 @@ static CURLcode sectransp_connect_step1(struct Curl_easy *data,
     err = SSLSetPeerDomainName(backend->ssl_ctx, snihost, snilen);
 
     if(err != noErr) {
-      infof(data, "WARNING: SSL: SSLSetPeerDomainName() failed: OSStatus %d",
+      failf(data, "SSL: SSLSetPeerDomainName() failed: OSStatus %d",
             err);
+      return CURLE_SSL_CONNECT_ERROR;
     }
 
     if((Curl_inet_pton(AF_INET, hostname, &addr))