blob: df6b8e5cd030b7ab381d600e7b7cfb90e2011411 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
# HG changeset patch
# User Mihai Moldovan <ionic@ionic.de>
# Date 1576498301 -3600
# Branch release-2.x.y
# Node ID 6dba8046e1b120c506e1d911c6aa8757d7774c57
# Parent 7a975763d3b64bdd8dd5371d711a4add647ed726
Implement SNI support for the gnutls SSL plugin.
Note that gnutls is picky in regard to what it accepts as the server name - it
MUST be a domain name. IP addresses are not supported according to the
documentation.
Hence, filter out IP addresses and hope that whatever is not recognized as
such an address is actually a domain name. This will probably fail for more
exotic addresses (especially in IPv6 realm), but wiring up a full-blown parser
is too much effort and SSL plugins are not part of purple-3 anyway.
Fixes #17300
diff --git a/libpurple/plugins/ssl/ssl-gnutls.c b/libpurple/plugins/ssl/ssl-gnutls.c
--- a/libpurple/plugins/ssl/ssl-gnutls.c
+++ b/libpurple/plugins/ssl/ssl-gnutls.c
@@ -403,6 +403,10 @@
gnutls_transport_set_ptr(gnutls_data->session, GINT_TO_POINTER(gsc->fd));
+ /* SNI support. */
+ if (gsc->host && !g_hostname_is_ip_address(gsc->host))
+ gnutls_server_name_set(gnutls_data->session, GNUTLS_NAME_DNS, gsc->host, strlen(gsc->host));
+
gnutls_data->handshake_handler = purple_input_add(gsc->fd,
PURPLE_INPUT_READ, ssl_gnutls_handshake_cb, gsc);
|
GitWeb
