diff options
| author |   jca <jca@openbsd.org> | 2014-03-30 22:40:38 +0000 |
|---|---|---|
| committer | jca <jca@openbsd.org> | 2014-03-30 22:40:38 +0000 |
| commit | 65a8a2a098e58b067d20792d555fb376e50c34bd (patch) | |
| tree | 6f9d233d485b5cfda8ec4684e0a9042f1a319850 | |
| parent | Check the return value from SSL_CTX_set_cipher_list(), for consistency. (diff) | |
| download | wireguard-openbsd-65a8a2a098e58b067d20792d555fb376e50c34bd.tar.xz wireguard-openbsd-65a8a2a098e58b067d20792d555fb376e50c34bd.zip | |
SNI support. ok guenther@ sthen@
| -rw-r--r-- | usr.bin/ftp/fetch.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/usr.bin/ftp/fetch.c b/usr.bin/ftp/fetch.c index fc2e68db2f4..048d7d79c40 100644 --- a/usr.bin/ftp/fetch.c +++ b/usr.bin/ftp/fetch.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fetch.c,v 1.116 2014/03/30 22:39:42 jca Exp $ */ +/* $OpenBSD: fetch.c,v 1.117 2014/03/30 22:40:38 jca Exp $ */ /* $NetBSD: fetch.c,v 1.14 1997/08/18 10:20:20 lukem Exp $ */ /*- @@ -598,6 +598,8 @@ again: #ifndef SMALL if (ishttpsurl) { + union { struct in_addr ip4; struct in6_addr ip6; } addrbuf; + if (proxyenv && sslpath) { ishttpsurl = 0; proxyurl = NULL; @@ -637,6 +639,17 @@ again: ERR_print_errors_fp(ttyout); goto cleanup_url_get; } + /* + * RFC4366 (SNI): Literal IPv4 and IPv6 addresses are not + * permitted in "HostName". + */ + if (inet_pton(AF_INET, host, &addrbuf) != 1 && + inet_pton(AF_INET6, host, &addrbuf) != 1) { + if (SSL_set_tlsext_host_name(ssl, host) == 0) { + ERR_print_errors_fp(ttyout); + goto cleanup_url_get; + } + } if (SSL_connect(ssl) <= 0) { ERR_print_errors_fp(ttyout); goto cleanup_url_get; |