FROMLIST: Enable TLS SNI

Kevin Cernekee · Alex Kiernan · commit a08c4f3783ef · 2019-01-16T06:56:48.000Z
Upstream submission: ioerror#186 In environments where SSL interception is in place, the SNI field is often used to figure out whether to enable or disable interception for a new connection. Enable SNI on tlsdate requests. BUG=chromium:400429 TEST=sniff tlsdate's ClientHello message before/after the change, and verify that it contains "clients3.google.com" under "Extension: server_name" Change-Id: Ibe6383bd0b9b590a16a08ae8e1b74ee0f401b3f0 Signed-off-by: Kevin Cernekee <cernekee@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/339834 Reviewed-by: Thiemo Nagel <tnagel@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>
diff --git a/src/tlsdate-helper.c b/src/tlsdate-helper.c
@@ -1187,6 +1187,7 @@ run_ssl (uint32_t *time_map, int time_is_an_illusion, int http)
   }
 
   SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+  SSL_set_tlsext_host_name (ssl, host);
   verb("V: opening socket to %s:%s", host, port);
   if ( (1 != BIO_set_conn_hostname(s_bio, host)) ||
        (1 != BIO_set_conn_port(s_bio, port)) )

Original file line number	Diff line number	Diff line change
`@@ -1187,6 +1187,7 @@ run_ssl (uint32_t *time_map, int time_is_an_illusion, int http)`
`1187`	`1187`	`}`
`1188`	`1188`
`1189`	`1189`	`SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);`
	`1190`	`+ SSL_set_tlsext_host_name (ssl, host);`
`1190`	`1191`	`verb("V: opening socket to %s:%s", host, port);`
`1191`	`1192`	`if ( (1 != BIO_set_conn_hostname(s_bio, host)) \|\|`
`1192`	`1193`	`(1 != BIO_set_conn_port(s_bio, port)) )`