summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'net-im/pidgin/files/pidgin-2.13.0-gnutls_sni_support.patch')
-rw-r--r--net-im/pidgin/files/pidgin-2.13.0-gnutls_sni_support.patch33
1 files changed, 33 insertions, 0 deletions
diff --git a/net-im/pidgin/files/pidgin-2.13.0-gnutls_sni_support.patch b/net-im/pidgin/files/pidgin-2.13.0-gnutls_sni_support.patch
new file mode 100644
index 000000000000..df6b8e5cd030
--- /dev/null
+++ b/net-im/pidgin/files/pidgin-2.13.0-gnutls_sni_support.patch
@@ -0,0 +1,33 @@
+# HG changeset patch
+# User Mihai Moldovan <ionic@ionic.de>
+# Date 1576498301 -3600
+# Branch release-2.x.y
+# Node ID 6dba8046e1b120c506e1d911c6aa8757d7774c57
+# Parent 7a975763d3b64bdd8dd5371d711a4add647ed726
+Implement SNI support for the gnutls SSL plugin.
+
+Note that gnutls is picky in regard to what it accepts as the server name - it
+MUST be a domain name. IP addresses are not supported according to the
+documentation.
+
+Hence, filter out IP addresses and hope that whatever is not recognized as
+such an address is actually a domain name. This will probably fail for more
+exotic addresses (especially in IPv6 realm), but wiring up a full-blown parser
+is too much effort and SSL plugins are not part of purple-3 anyway.
+
+Fixes #17300
+
+diff --git a/libpurple/plugins/ssl/ssl-gnutls.c b/libpurple/plugins/ssl/ssl-gnutls.c
+--- a/libpurple/plugins/ssl/ssl-gnutls.c
++++ b/libpurple/plugins/ssl/ssl-gnutls.c
+@@ -403,6 +403,10 @@
+
+ gnutls_transport_set_ptr(gnutls_data->session, GINT_TO_POINTER(gsc->fd));
+
++ /* SNI support. */
++ if (gsc->host && !g_hostname_is_ip_address(gsc->host))
++ gnutls_server_name_set(gnutls_data->session, GNUTLS_NAME_DNS, gsc->host, strlen(gsc->host));
++
+ gnutls_data->handshake_handler = purple_input_add(gsc->fd,
+ PURPLE_INPUT_READ, ssl_gnutls_handshake_cb, gsc);
+