Set SNI extension with OpenSSL.

diff --git a/CHANGES.md b/CHANGES.md
index 1d08caab820a3bd8dbf277d36fdc123a758ccf21..908bf71f2d5b7886edac3d8bacb59e17a9672be9 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -5,6 +5,9 @@ Changes in CUPS v2.4.9 (TBA)
 ----------------------------
 
 - Fixed searching for destinations in web ui (Issue #954)
+- Fixed TLS negotiation using OpenSSL with servers that require the TLS SNI
+  extension.
+
 
 Changes in CUPS v2.4.8 (2024-04-26)
 -----------------------------------

diff --git a/cups/tls-openssl.c b/cups/tls-openssl.c
index 804e45fdd7ac6e7f8abbeb7dbf74797e59205057..9fcbe0af3b64d5c340ed1cb9b632390426eaaf97 100644 (file)
--- a/cups/tls-openssl.c
+++ b/cups/tls-openssl.c
@@ -1156,6 +1156,9 @@ _httpTLSStart(http_t *http)               // I - Connection to server
   if (http->mode == _HTTP_MODE_CLIENT)
   {
     // Negotiate as a client...
+    DEBUG_printf(("4_httpTLSStart: Setting server name TLS extension to '%s'...", http->hostname));
+    SSL_set_tlsext_host_name(http->tls, http->hostname);
+
     DEBUG_puts("4_httpTLSStart: Calling SSL_connect...");
     if (SSL_connect(http->tls) < 1)
     {