Commit 5c0efb9c authored by Howard Chu's avatar Howard Chu
Browse files

ITS#9176 Add TLS SNI support to libldap

Implemented for OpenSSL, GnuTLS just stubbed
parent df46c07a
......@@ -34,7 +34,7 @@ typedef void (TI_ctx_free)(tls_ctx *ctx);
typedef int (TI_ctx_init)(struct ldapoptions *lo, struct ldaptls *lt, int is_server);
typedef tls_session *(TI_session_new)(tls_ctx *ctx, int is_server);
typedef int (TI_session_connect)(LDAP *ld, tls_session *s);
typedef int (TI_session_connect)(LDAP *ld, tls_session *s, const char *name_in);
typedef int (TI_session_accept)(tls_session *s);
typedef int (TI_session_upflags)(Sockbuf *sb, tls_session *s, int rc);
typedef char *(TI_session_errmsg)(tls_session *s, int rc, char *buf, size_t len );
......
......@@ -376,7 +376,7 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn, const char *host )
lo->ldo_tls_connect_cb( ld, ssl, ctx, lo->ldo_tls_connect_arg );
}
err = tls_imp->ti_session_connect( ld, ssl );
err = tls_imp->ti_session_connect( ld, ssl, host );
#ifdef HAVE_WINSOCK
errno = WSAGetLastError();
......
......@@ -420,7 +420,7 @@ tlsg_session_accept( tls_session *session )
}
static int
tlsg_session_connect( LDAP *ld, tls_session *session )
tlsg_session_connect( LDAP *ld, tls_session *session, const char *name_in )
{
return tlsg_session_accept( session);
}
......
......@@ -524,12 +524,16 @@ tlso_session_new( tls_ctx *ctx, int is_server )
}
static int
tlso_session_connect( LDAP *ld, tls_session *sess )
tlso_session_connect( LDAP *ld, tls_session *sess, const char *name_in )
{
tlso_session *s = (tlso_session *)sess;
int rc;
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
SSL_set_tlsext_host_name( s, name_in );
#endif
/* Caller expects 0 = success, OpenSSL returns 1 = success */
int rc = SSL_connect( s ) - 1;
rc = SSL_connect( s ) - 1;
return rc;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment