From: Willy Tarreau <w@1wt.eu>
Date: Fri, 10 Jul 2015 09:33:32 +0000 (+0200)
Subject: MINOR: ssl: provide ia function to set the SNI extension on a connection
X-Git-Tag: v1.6-dev3~24
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=630764188b1dc1e2cf05820d53f0315c9b09bbca;p=thirdparty%2Fhaproxy.git

MINOR: ssl: provide ia function to set the SNI extension on a connection

ssl_sock_set_servername() is used to set the SNI hostname on an
outgoing connection. This function comes from code originally
provided by Christopher Faulet of Qualys.
---

diff --git a/include/proto/ssl_sock.h b/include/proto/ssl_sock.h
index 61cf42005c..c2156bb04b 100644
--- a/include/proto/ssl_sock.h
+++ b/include/proto/ssl_sock.h
@@ -52,6 +52,7 @@ void ssl_sock_free_ca(struct bind_conf *bind_conf);
 const char *ssl_sock_get_cipher_name(struct connection *conn);
 const char *ssl_sock_get_proto_version(struct connection *conn);
 char *ssl_sock_get_version(struct connection *conn);
+void ssl_sock_set_servername(struct connection *conn, const char *hostname);
 int ssl_sock_get_cert_used_sess(struct connection *conn);
 int ssl_sock_get_cert_used_conn(struct connection *conn);
 int ssl_sock_get_remote_common_name(struct connection *conn, struct chunk *out);
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index aeee8c3fd8..7f5d2ae20f 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3292,6 +3292,16 @@ char *ssl_sock_get_version(struct connection *conn)
 	return (char *)SSL_get_version(conn->xprt_ctx);
 }
 
+void ssl_sock_set_servername(struct connection *conn, const char *hostname)
+{
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+	if (!ssl_sock_is_ssl(conn))
+		return;
+
+	SSL_set_tlsext_host_name(conn->xprt_ctx, hostname);
+#endif
+}
+
 /* Extract peer certificate's common name into the chunk dest
  * Returns
  *  the len of the extracted common name