[glib-networking: 29/129] OpenSSL Support SNI TLS Extension

[Michael Catanzaro <mcatanzaro src gnome org>]

commit 6e4f252f4a1b416f58f4bbc2d978f6a01a537cf0
Author: Athanasios Oikonomou <athoik gmail com>
Date:   Wed Mar 29 00:29:06 2017 +0300

    OpenSSL Support SNI TLS Extension
    
    Add missing SNI already supported by GnuTLS backend (gnutls_server_name_set).
    
    https://bugzilla.gnome.org/show_bug.cgi?id=780665
    
    Signed-off-by: Athanasios Oikonomou <athoik gmail com>

 tls/openssl/gtlsclientconnection-openssl.c | 30 ++++++++++++++++--------------
 1 file changed, 16 insertions(+), 14 deletions(-)
---
diff --git a/tls/openssl/gtlsclientconnection-openssl.c b/tls/openssl/gtlsclientconnection-openssl.c
index cb9e647..26f4449 100644
--- a/tls/openssl/gtlsclientconnection-openssl.c
+++ b/tls/openssl/gtlsclientconnection-openssl.c
@@ -422,6 +422,7 @@ g_tls_client_connection_openssl_initable_init (GInitable       *initable,
   GTlsClientConnectionOpenssl *client = G_TLS_CLIENT_CONNECTION_OPENSSL (initable);
   GTlsClientConnectionOpensslPrivate *priv;
   long options;
+  const char *hostname;
 
   priv = g_tls_client_connection_openssl_get_instance_private (client);
 
@@ -437,25 +438,21 @@ g_tls_client_connection_openssl_initable_init (GInitable       *initable,
     }
 
   options = SSL_OP_NO_TICKET;
+  hostname = get_server_identity (client);
 
   /* Only TLS 1.2 or higher */
   SSL_CTX_set_options (priv->ssl_ctx, options);
 
 #if OPENSSL_VERSION_NUMBER >= 0x10200000L
-  {
-    const char *hostname;
-
-    hostname = get_server_identity (client);
-    if (hostname)
-      {
-        X509_VERIFY_PARAM *param;
-
-        param = X509_VERIFY_PARAM_new ();
-        X509_VERIFY_PARAM_set1_host (param, hostname);
-        SSL_CTX_set1_param (priv->ssl_ctx, param);
-        X509_VERIFY_PARAM_free (param);
-      }
-  }
+  if (hostname)
+    {
+      X509_VERIFY_PARAM *param;
+
+      param = X509_VERIFY_PARAM_new ();
+      X509_VERIFY_PARAM_set1_host (param, hostname);
+      SSL_CTX_set1_param (priv->ssl_ctx, param);
+      X509_VERIFY_PARAM_free (param);
+    }
 #endif
 
   SSL_CTX_set_generate_session_id (priv->ssl_ctx, generate_session_id);
@@ -477,6 +474,11 @@ g_tls_client_connection_openssl_initable_init (GInitable       *initable,
   data_index = SSL_get_ex_new_index (0, "gtlsclientconnection", NULL, NULL, NULL);
   SSL_set_ex_data (priv->ssl, data_index, client);
 
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+  if (hostname)
+    SSL_set_tlsext_host_name (priv->ssl, hostname);
+#endif
+
   SSL_set_connect_state (priv->ssl);
 
   if (!g_tls_client_connection_openssl_parent_initable_iface->