Add support for SNI connecting trough TLS

This will pass hostname. This fixes https://gitlab.freedesktop.org/spice/spice-gtk/-/issues/137. You can easily verify the change with a network capture program running something like remote-viewer spice+tls://www.spice-space.org:443 you will see the hostname in the initial exchange. Signed-off-by: Frediano Ziglio <freddy77@gmail.com> Acked-by: Victor Toso <victortoso@redhat.com>
author: Frediano Ziglio <freddy77@gmail.com> 2021-08-20 06:59:19 +0100
committer: Frediano Ziglio <freddy77@gmail.com> 2021-08-23 09:45:39 +0100
commit: 0031c57fccaa1514bea7dcef450207faba77af34 (patch)
tree: f8e28c6efab3e363af041f85cce6c71531b187aa
parent: 151d9204189a375c0fb823d86f07ce65e3948963 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/src/spice-channel.c b/src/spice-channel.c
index ab38571..d6199a5 100644
--- a/src/spice-channel.c
+++ b/src/spice-channel.c
@@ -2633,6 +2633,19 @@ reconnect:
                 spice_session_get_cert_subject(c->session));
         }
 
+#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
+        {
+            const char *hostname = spice_session_get_host(c->session);
+            // check is not an ip address
+            GInetAddress * ip = g_inet_address_new_from_string(hostname);
+            if (ip == NULL) {
+                SSL_set_tlsext_host_name(c->ssl, hostname);
+            } else {
+                g_object_unref(ip);
+            }
+        }
+#endif
+
 ssl_reconnect:
         rc = SSL_connect(c->ssl);
         if (rc <= 0) {
author	Frediano Ziglio <freddy77@gmail.com>	2021-08-20 06:59:19 +0100
committer	Frediano Ziglio <freddy77@gmail.com>	2021-08-23 09:45:39 +0100
commit	0031c57fccaa1514bea7dcef450207faba77af34 (patch)
tree	f8e28c6efab3e363af041f85cce6c71531b187aa
parent	151d9204189a375c0fb823d86f07ce65e3948963 (diff)