diff options
author | Daniel Stenberg <daniel@haxx.se> | 2022-01-22 23:56:31 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2022-01-23 11:59:54 +0100 |
commit | dd4c8a0ab2be0c020b356edc569b7aedbfe7a474 (patch) | |
tree | c107e9e2ad1764ef5203e3083da614cfd8ffbc36 | |
parent | 9cdce61df91ec98cabcc5afc157713777d1f2f66 (diff) | |
download | curl-dd4c8a0ab2be0c020b356edc569b7aedbfe7a474.tar.gz |
nss: set the right SNI host name
-rw-r--r-- | lib/vtls/nss.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c index 2b44f0512..1526b709d 100644 --- a/lib/vtls/nss.c +++ b/lib/vtls/nss.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -1865,7 +1865,6 @@ static CURLcode nss_setup_connect(struct Curl_easy *data, CURLcode result; bool second_layer = FALSE; SSLVersionRange sslver_supported; - SSLVersionRange sslver = { SSL_LIBRARY_VERSION_TLS_1_0, /* min */ #ifdef SSL_LIBRARY_VERSION_TLS_1_3 @@ -1878,9 +1877,13 @@ static CURLcode nss_setup_connect(struct Curl_easy *data, SSL_LIBRARY_VERSION_TLS_1_0 #endif }; + char *snihost = Curl_ssl_snihost(data, SSL_HOST_NAME(), NULL); + if(!snihost) + return CURLE_SSL_CONNECT_ERROR; backend->data = data; + /* list of all NSS objects we need to destroy in nss_do_close() */ Curl_llist_init(&backend->obj_list, nss_destroy_object); @@ -2140,11 +2143,11 @@ static CURLcode nss_setup_connect(struct Curl_easy *data, goto error; /* propagate hostname to the TLS layer */ - if(SSL_SetURL(backend->handle, SSL_HOST_NAME()) != SECSuccess) + if(SSL_SetURL(backend->handle, snihost) != SECSuccess) goto error; /* prevent NSS from re-using the session for a different hostname */ - if(SSL_SetSockPeerID(backend->handle, SSL_HOST_NAME()) != SECSuccess) + if(SSL_SetSockPeerID(backend->handle, snihost) != SECSuccess) goto error; return CURLE_OK; |