From 630764188b1dc1e2cf05820d53f0315c9b09bbca Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Fri, 10 Jul 2015 11:33:32 +0200 Subject: [PATCH] MINOR: ssl: provide ia function to set the SNI extension on a connection ssl_sock_set_servername() is used to set the SNI hostname on an outgoing connection. This function comes from code originally provided by Christopher Faulet of Qualys. --- include/proto/ssl_sock.h | 1 + src/ssl_sock.c | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/include/proto/ssl_sock.h b/include/proto/ssl_sock.h index 61cf42005c..c2156bb04b 100644 --- a/include/proto/ssl_sock.h +++ b/include/proto/ssl_sock.h @@ -52,6 +52,7 @@ void ssl_sock_free_ca(struct bind_conf *bind_conf); const char *ssl_sock_get_cipher_name(struct connection *conn); const char *ssl_sock_get_proto_version(struct connection *conn); char *ssl_sock_get_version(struct connection *conn); +void ssl_sock_set_servername(struct connection *conn, const char *hostname); int ssl_sock_get_cert_used_sess(struct connection *conn); int ssl_sock_get_cert_used_conn(struct connection *conn); int ssl_sock_get_remote_common_name(struct connection *conn, struct chunk *out); diff --git a/src/ssl_sock.c b/src/ssl_sock.c index aeee8c3fd8..7f5d2ae20f 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -3292,6 +3292,16 @@ char *ssl_sock_get_version(struct connection *conn) return (char *)SSL_get_version(conn->xprt_ctx); } +void ssl_sock_set_servername(struct connection *conn, const char *hostname) +{ +#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME + if (!ssl_sock_is_ssl(conn)) + return; + + SSL_set_tlsext_host_name(conn->xprt_ctx, hostname); +#endif +} + /* Extract peer certificate's common name into the chunk dest * Returns * the len of the extracted common name -- 2.47.3