File patch-sni.diff of Package curl
--- lib/gtls.c.orig 7 Nov 2007 09:21:35 -0000 1.35
+++ lib/gtls.c 30 Jan 2008 07:54:18 -0000
@@ -43,6 +43,7 @@
#include "urldata.h"
#include "sendf.h"
+#include "inet_pton.h"
#include "gtls.h"
#include "sslgen.h"
#include "parsedate.h"
@@ -243,6 +244,11 @@ Curl_gtls_connect(struct connectdata *co
const char *ptr;
void *ssl_sessionid;
size_t ssl_idsize;
+#ifdef ENABLE_IPV6
+ struct in6_addr addr;
+#else
+ struct in_addr addr;
+#endif
if(!gtls_inited) _Curl_gtls_init();
/* GnuTLS only supports TLSv1 (and SSLv3?) */
@@ -287,6 +293,15 @@ Curl_gtls_connect(struct connectdata *co
/* convenient assign */
session = conn->ssl[sockindex].session;
+ if ((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&
+#ifdef ENABLE_IPV6
+ (0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) &&
+#endif
+ (gnutls_server_name_set(session, GNUTLS_NAME_DNS, conn->host.name,
+ strlen(conn->host.name)) < 0))
+ infof(data, "WARNING: failed to configure server name indication (SNI) "
+ "TLS extension\n");
+
/* Use default priorities */
rc = gnutls_set_default_priority(session);
if(rc < 0)
--- lib/nss.c.orig 15 Jan 2008 23:19:02 -0000 1.15
+++ lib/nss.c 30 Jan 2008 07:54:18 -0000
@@ -873,7 +873,7 @@ CURLcode Curl_nss_connect(struct connect
switch (data->set.ssl.version) {
default:
case CURL_SSLVERSION_DEFAULT:
- ssl2 = ssl3 = tlsv1 = PR_TRUE;
+ ssl3 = tlsv1 = PR_TRUE;
break;
case CURL_SSLVERSION_TLSv1:
tlsv1 = PR_TRUE;
@@ -893,6 +893,9 @@ CURLcode Curl_nss_connect(struct connect
if(SSL_OptionSet(model, SSL_ENABLE_TLS, tlsv1) != SECSuccess)
goto error;
+ if(SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, ssl2) != SECSuccess)
+ goto error;
+
if(data->set.ssl.cipher_list) {
if(set_ciphers(data, model, data->set.ssl.cipher_list) != SECSuccess) {
curlerr = CURLE_SSL_CIPHER;
--- lib/ssluse.c.orig 15 Jan 2008 23:19:02 -0000 1.191
+++ lib/ssluse.c 30 Jan 2008 07:54:18 -0000
@@ -1266,6 +1266,13 @@ ossl_connect_step1(struct connectdata *c
void *ssl_sessionid=NULL;
curl_socket_t sockfd = conn->sock[sockindex];
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+#ifdef ENABLE_IPV6
+ struct in6_addr addr;
+#else
+ struct in_addr addr;
+#endif
+#endif
DEBUGASSERT(ssl_connect_1 == connssl->connecting_state);
@@ -1419,6 +1426,16 @@ ossl_connect_step1(struct connectdata *c
connssl->server_cert = 0x0;
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+ if ((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&
+#ifdef ENABLE_IPV6
+ (0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) &&
+#endif
+ !SSL_set_tlsext_host_name(connssl->handle, conn->host.name))
+ infof(data, "WARNING: failed to configure server name indication (SNI) "
+ "TLS extension\n");
+#endif
+
/* Check if there's a cached ID we can/should use here! */
if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL)) {
/* we got a session id, use it! */
--- lib/version.c.orig Wed Nov 07 10:21:36 2007
+++ lib/version.c Tue Feb 12 02:04:40 2008
@@ -144,6 +144,9 @@
#ifndef CURL_DISABLE_FTP
"ftps",
#endif
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+ "sni",
+#endif
#endif
#ifdef USE_LIBSSH2
