Support SNI in MS-KKDCP client

In the k5tls plugin module, call SSL_set_tlsext_host_name() to allow
the server to use SNI support.  SSL_set_tlsext_host_name() is a macro
which uses SSL_CTRL_SET_TLSEXT_HOSTNAME and is not available in all
versions of OpenSSL, so conditionalize on that constant.

[ghudson@mit.edu: commit message]

ticket: 8198 (new)

diff --git a/src/plugins/tls/k5tls/openssl.c b/src/plugins/tls/k5tls/openssl.c
index 41917c4c6fb2d6e863fc4f67d4f7ba5f66da934d..c9d270bea3cf7f4717d68834a74d1a1deb20fc08 100644 (file)
--- a/src/plugins/tls/k5tls/openssl.c
+++ b/src/plugins/tls/k5tls/openssl.c
@@ -463,6 +463,10 @@ setup(krb5_context context, SOCKET fd, const char *servername,
 
     if (!SSL_set_fd(ssl, fd))
         goto error;
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+    if (!SSL_set_tlsext_host_name(ssl, servername))
+        goto error;
+#endif
     SSL_set_connect_state(ssl);
 
     /* Create a handle and allow verify_callback to access it. */