From: Junio C Hamano <gitster@pobox.com>
Date: Wed, 3 Apr 2013 15:35:33 +0000 (-0700)
Subject: Merge branch 'ob/imap-send-ssl-verify' into maint-1.8.1
X-Git-Tag: v1.8.1.6~12
X-Git-Url: https://git.lorimer.id.au/gitweb.git/diff_plain/d7df695d85c28cc21680947b822bcc3bcbddd48d?hp=f4254d1fb209b1955394ec4a74d1a8a5935ad7c3

Merge branch 'ob/imap-send-ssl-verify' into maint-1.8.1

* ob/imap-send-ssl-verify:
imap-send: support Server Name Indication (RFC4366)
---

diff --git a/imap-send.c b/imap-send.c
index ef500111ec..49ba841cba 100644
--- a/imap-send.c
+++ b/imap-send.c
@@ -370,6 +370,17 @@ static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int ve
 		return -1;
 	}
 
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+	/*
+	 * SNI (RFC4366)
+	 * OpenSSL does not document this function, but the implementation
+	 * returns 1 on success, 0 on failure after calling SSLerr().
+	 */
+	ret = SSL_set_tlsext_host_name(sock->ssl, server.host);
+	if (ret != 1)
+		warning("SSL_set_tlsext_host_name(%s) failed.", server.host);
+#endif
+
 	ret = SSL_connect(sock->ssl);
 	if (ret <= 0) {
 		socket_perror("SSL_connect", sock, ret);