From d0443df4b849b951ca0e51d0f651bc8ef780c384 Mon Sep 17 00:00:00 2001
From: Guillem Jover <guillem@hadrons.org>
Date: Fri, 4 Sep 2015 04:16:11 +0200
Subject: [PATCH] Add support for TLS SNI

Set the server name to the URI HTTP host name.
---
 src/network/socket.c  | 5 +++++
 src/network/socket.h  | 3 +++
 src/network/ssl/ssl.c | 9 +++++----
 3 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/src/network/socket.c b/src/network/socket.c
index e0f6b40..9166943 100644
--- a/src/network/socket.c
+++ b/src/network/socket.c
@@ -445,6 +445,11 @@ check_if_local_address4(struct sockaddr_in *addr)
 	return local;
 }
 
+const unsigned char *
+get_socket_host_name(struct socket *socket)
+{
+	return get_uri_string(socket->connect_info->uri, URI_HTTP_HOST);
+}
 
 void
 complete_connect_socket(struct socket *socket, struct uri *uri,
diff --git a/src/network/socket.h b/src/network/socket.h
index 0f085a6..85260f6 100644
--- a/src/network/socket.h
+++ b/src/network/socket.h
@@ -121,6 +121,9 @@ void timeout_socket(struct socket *socket);
 
 /* Connection establishing: */
 
+/* Return the socket connection HTTP host name. */
+const unsigned char *get_socket_host_name(struct socket *socket);
+
 /* End successful connect() attempt to socket. */
 void complete_connect_socket(struct socket *socket, struct uri *uri,
 			     socket_connect_T done);
diff --git a/src/network/ssl/ssl.c b/src/network/ssl/ssl.c
index 363245d..80640f8 100644
--- a/src/network/ssl/ssl.c
+++ b/src/network/ssl/ssl.c
@@ -230,7 +230,7 @@ init_ssl_connection(struct socket *socket)
 	socket->ssl = SSL_new(context);
 	if (!socket->ssl) return S_SSL_ERROR;
 #elif defined(CONFIG_GNUTLS)
-	/* const unsigned char server_name[] = "localhost"; */
+	const unsigned char *server_name = get_socket_host_name(socket);
 	ssl_t *state = mem_alloc(sizeof(ssl_t));
 
 	if (!state) return S_SSL_ERROR;
@@ -241,6 +241,9 @@ init_ssl_connection(struct socket *socket)
 		return S_SSL_ERROR;
 	}
 
+	gnutls_server_name_set(*state, GNUTLS_NAME_DNS, server_name,
+	                       strlen(server_name));
+
 	if (gnutls_cred_set(*state, GNUTLS_CRD_ANON, anon_cred) < 0) {
 		/* DBG("sslanoncred %s", gnutls_strerror(ret)); */
 		gnutls_deinit(*state);
@@ -269,9 +272,7 @@ init_ssl_connection(struct socket *socket)
 	/* gnutls_handshake_set_private_extensions(*state, 1); */
 	gnutls_cipher_set_priority(*state, cipher_priority);
 	gnutls_kx_set_priority(*state, kx_priority);
-	/* gnutls_certificate_type_set_priority(*state, cert_type_priority);
-	gnutls_server_name_set(*state, GNUTLS_NAME_DNS, server_name,
-			       sizeof(server_name) - 1); */
+	/* gnutls_certificate_type_set_priority(*state, cert_type_priority); */
 #endif
 
 	socket->ssl = state;
-- 
2.5.1