imap-send: support Server Name Indication (RFC4366)

To talk with some sites that serve multiple names on a single IP
address, the client needs to ask for the specific host that it wants
to talk to.

Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/imap-send.c b/imap-send.c
index 171c887076b115f8f53707c2c5845c8f6d3e69bd..91671d6f41895dbb8c93fc2d8c0ca5d449fefc53 100644 (file)
--- a/imap-send.c
+++ b/imap-send.c
@@ -370,6 +370,17 @@ static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int ve
                return -1;
        }
 
                return -1;
        }
 

+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+       /*
+        * SNI (RFC4366)
+        * OpenSSL does not document this function, but the implementation
+        * returns 1 on success, 0 on failure after calling SSLerr().
+        */
+       ret = SSL_set_tlsext_host_name(sock->ssl, server.host);
+       if (ret != 1)
+               warning("SSL_set_tlsext_host_name(%s) failed.", server.host);
+#endif
+

        ret = SSL_connect(sock->ssl);
        if (ret <= 0) {
                socket_perror("SSL_connect", sock, ret);
        ret = SSL_connect(sock->ssl);
        if (ret <= 0) {
                socket_perror("SSL_connect", sock, ret);