diff options
author | Daniel Stenberg <daniel@haxx.se> | 2022-01-22 23:57:59 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2022-01-23 11:59:54 +0100 |
commit | 40dd059a92625767c8c1865434069e55fccfbe8f (patch) | |
tree | def1592b098dc379b41fcd557f36a752b8681fbe | |
parent | dd4c8a0ab2be0c020b356edc569b7aedbfe7a474 (diff) | |
download | curl-40dd059a92625767c8c1865434069e55fccfbe8f.tar.gz |
mbedtls: set the right SNI name
-rw-r--r-- | lib/vtls/mbedtls.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c index 4dd7efa2b..c31dbd7d4 100644 --- a/lib/vtls/mbedtls.c +++ b/lib/vtls/mbedtls.c @@ -561,12 +561,15 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, mbedtls_ssl_conf_own_cert(&backend->config, &backend->clicert, &backend->pk); } - if(mbedtls_ssl_set_hostname(&backend->ssl, hostname)) { - /* mbedtls_ssl_set_hostname() sets the name to use in CN/SAN checks *and* - the name to set in the SNI extension. So even if curl connects to a - host specified as an IP address, this function must be used. */ - failf(data, "couldn't set hostname in mbedTLS"); - return CURLE_SSL_CONNECT_ERROR; + { + char *snihost = Curl_ssl_snihost(data, hostname, NULL); + if(!snihost || mbedtls_ssl_set_hostname(&backend->ssl, snihost)) { + /* mbedtls_ssl_set_hostname() sets the name to use in CN/SAN checks and + the name to set in the SNI extension. So even if curl connects to a + host specified as an IP address, this function must be used. */ + failf(data, "couldn't set hostname in mbedTLS"); + return CURLE_SSL_CONNECT_ERROR; + } } #ifdef HAS_ALPN |