From: Michael R Sweet Date: Fri, 17 May 2024 15:57:29 +0000 (-0400) Subject: Set SNI extension with OpenSSL. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=27c24bc17074b6548b6aea98fff6759e66c62de6;p=thirdparty%2Fcups.git Set SNI extension with OpenSSL. --- diff --git a/CHANGES.md b/CHANGES.md index 16706112a5..40536a21e8 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -93,6 +93,8 @@ Changes in CUPS v2.5b1 (TBA) fields. - Fixed finishing support in ippeveps. - Fixed non-quick copy of collection values. +- Fixed TLS negotiation using OpenSSL with servers that require the TLS SNI + extension. - Removed hash support for SHA2-512-224 and SHA2-512-256. - Removed `mantohtml` script for generating html pages (use `https://www.msweet.org/mantohtml/`) diff --git a/cups/tls-openssl.c b/cups/tls-openssl.c index da7a0d67df..67493a19b6 100644 --- a/cups/tls-openssl.c +++ b/cups/tls-openssl.c @@ -3,7 +3,7 @@ // // Note: This file is included from tls.c // -// Copyright © 2020-2023 by OpenPrinting +// Copyright © 2020-2024 by OpenPrinting // Copyright © 2007-2019 by Apple Inc. // Copyright © 1997-2007 by Easy Software Products, all rights reserved. // @@ -1545,6 +1545,7 @@ _httpTLSStart(http_t *http) // I - Connection to server int i, // Looping var count; // Number of certificates + DEBUG_puts("4_httpTLSStart: Using client certificate."); SSL_CTX_use_certificate(context, sk_X509_value(http->tls_credentials->certs, 0)); SSL_CTX_use_PrivateKey(context, http->tls_credentials->key); @@ -1719,6 +1720,9 @@ _httpTLSStart(http_t *http) // I - Connection to server if (http->mode == _HTTP_MODE_CLIENT) { // Negotiate as a client... + DEBUG_printf("4_httpTLSStart: Setting server name TLS extension to '%s'...", http->hostname); + SSL_set_tlsext_host_name(http->tls, http->hostname); + DEBUG_puts("4_httpTLSStart: Calling SSL_connect..."); if (SSL_connect(http->tls) < 1) {