diff options
-rw-r--r-- | lib/vtls/openssl.c | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index f99b663aa..de4c33d96 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -3189,10 +3189,21 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, #ifdef ENABLE_IPV6 (0 == Curl_inet_pton(AF_INET6, hostname, &addr)) && #endif - sni && - !SSL_set_tlsext_host_name(backend->handle, hostname)) - infof(data, "WARNING: failed to configure server name indication (SNI) " - "TLS extension\n"); + sni) { + size_t nlen = strlen(hostname); + if((long)nlen >= data->set.buffer_size) + /* this is seriously messed up */ + return CURLE_SSL_CONNECT_ERROR; + + /* RFC 6066 section 3 says the SNI field is case insensitive, but browsers + send the data lowercase and subsequently there are now numerous servers + out there that don't work unless the name is lowercased */ + Curl_strntolower(data->state.buffer, hostname, nlen); + data->state.buffer[nlen] = 0; + if(!SSL_set_tlsext_host_name(backend->handle, data->state.buffer)) + infof(data, "WARNING: failed to configure server name indication (SNI) " + "TLS extension\n"); + } #endif /* Check if there's a cached ID we can/should use here! */ |