From: Christian Heimes <cheimes@redhat.com>
Date: Fri, 15 May 2015 07:37:31 +0000 (+0200)
Subject: Support SNI in MS-KKDCP client
X-Git-Tag: krb5-1.14-alpha1~113
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4b6045adb7a044cd7ddc3987da2f26bf8a5281fe;p=thirdparty%2Fkrb5.git

Support SNI in MS-KKDCP client

In the k5tls plugin module, call SSL_set_tlsext_host_name() to allow
the server to use SNI support.  SSL_set_tlsext_host_name() is a macro
which uses SSL_CTRL_SET_TLSEXT_HOSTNAME and is not available in all
versions of OpenSSL, so conditionalize on that constant.

[ghudson@mit.edu: commit message]

ticket: 8198 (new)
---

diff --git a/src/plugins/tls/k5tls/openssl.c b/src/plugins/tls/k5tls/openssl.c
index 41917c4c6f..c9d270bea3 100644
--- a/src/plugins/tls/k5tls/openssl.c
+++ b/src/plugins/tls/k5tls/openssl.c
@@ -463,6 +463,10 @@ setup(krb5_context context, SOCKET fd, const char *servername,
 
     if (!SSL_set_fd(ssl, fd))
         goto error;
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+    if (!SSL_set_tlsext_host_name(ssl, servername))
+        goto error;
+#endif
     SSL_set_connect_state(ssl);
 
     /* Create a handle and allow verify_callback to access it. */