Fossil SCM

Merge the SSL SNI fix from the dmitry-fixes branch.

drh 2011-12-17 15:18 trunk merge

Commit 074767b73099280f795e3d050548e503bed30b29

Parent 44f028c9f83bb19…

1 file changed +10 -6

M src/http_ssl.c

+10 -6

		--- src/http_ssl.c
		+++ src/http_ssl.c
		@@ -193,11 +193,10 @@
193	193	*/
194	194	int ssl_open(void){
195	195	X509 *cert;
196	196	int hasSavedCertificate = 0;
197	197	int trusted = 0;
198		- char *connStr ;
199	198	unsigned long e;
200	199
201	200	ssl_global_init();
202	201
203	202	/* Get certificate for current server from global config and
		@@ -210,20 +209,25 @@
210	209	hasSavedCertificate = 1;
211	210	}
212	211
213	212	iBio = BIO_new_ssl_connect(sslCtx);
214	213	BIO_get_ssl(iBio, &ssl);
	214	+
	215	+ if( !SSL_set_tlsext_host_name(ssl, g.urlName) ){
	216	+ fossil_warning("WARNING: failed to set server name indication (SNI), "
	217	+ "continuing without it.\n");
	218	+ }
	219	+
215	220	SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
216	221	if( iBio==NULL ) {
217	222	ssl_set_errmsg("SSL: cannot open SSL (%s)",
218	223	ERR_reason_error_string(ERR_get_error()));
219		- return 1;
	224	+ return 1;
220	225	}
221		-
222		- connStr = mprintf("%s:%d", g.urlName, g.urlPort);
223		- BIO_set_conn_hostname(iBio, connStr);
224		- free(connStr);
	226	+
	227	+ BIO_set_conn_hostname(iBio, g.urlName);
	228	+ BIO_set_conn_int_port(iBio, &g.urlPort);
225	229
226	230	if( BIO_do_connect(iBio)<=0 ){
227	231	ssl_set_errmsg("SSL: cannot connect to host %s:%d (%s)",
228	232	g.urlName, g.urlPort, ERR_reason_error_string(ERR_get_error()));
229	233	ssl_close();
230	234

	--- src/http_ssl.c
	+++ src/http_ssl.c
	@@ -193,11 +193,10 @@
193	*/
194	int ssl_open(void){
195	X509 *cert;
196	int hasSavedCertificate = 0;
197	int trusted = 0;
198	char *connStr ;
199	unsigned long e;
200
201	ssl_global_init();
202
203	/* Get certificate for current server from global config and
	@@ -210,20 +209,25 @@
210	hasSavedCertificate = 1;
211	}
212
213	iBio = BIO_new_ssl_connect(sslCtx);
214	BIO_get_ssl(iBio, &ssl);






215	SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
216	if( iBio==NULL ) {
217	ssl_set_errmsg("SSL: cannot open SSL (%s)",
218	ERR_reason_error_string(ERR_get_error()));
219	return 1;
220	}
221
222	connStr = mprintf("%s:%d", g.urlName, g.urlPort);
223	BIO_set_conn_hostname(iBio, connStr);
224	free(connStr);
225
226	if( BIO_do_connect(iBio)<=0 ){
227	ssl_set_errmsg("SSL: cannot connect to host %s:%d (%s)",
228	g.urlName, g.urlPort, ERR_reason_error_string(ERR_get_error()));
229	ssl_close();
230

	--- src/http_ssl.c
	+++ src/http_ssl.c
	@@ -193,11 +193,10 @@
193	*/
194	int ssl_open(void){
195	X509 *cert;
196	int hasSavedCertificate = 0;
197	int trusted = 0;

198	unsigned long e;
199
200	ssl_global_init();
201
202	/* Get certificate for current server from global config and
	@@ -210,20 +209,25 @@
209	hasSavedCertificate = 1;
210	}
211
212	iBio = BIO_new_ssl_connect(sslCtx);
213	BIO_get_ssl(iBio, &ssl);
214
215	if( !SSL_set_tlsext_host_name(ssl, g.urlName) ){
216	fossil_warning("WARNING: failed to set server name indication (SNI), "
217	"continuing without it.\n");
218	}
219
220	SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
221	if( iBio==NULL ) {
222	ssl_set_errmsg("SSL: cannot open SSL (%s)",
223	ERR_reason_error_string(ERR_get_error()));
224	return 1;
225	}
226
227	BIO_set_conn_hostname(iBio, g.urlName);
228	BIO_set_conn_int_port(iBio, &g.urlPort);

229
230	if( BIO_do_connect(iBio)<=0 ){
231	ssl_set_errmsg("SSL: cannot connect to host %s:%d (%s)",
232	g.urlName, g.urlPort, ERR_reason_error_string(ERR_get_error()));
233	ssl_close();
234