From c3a196860a8605a3a7dddf39e6b0203dd85d7ec3 Mon Sep 17 00:00:00 2001 From: rdb Date: Sat, 28 Jan 2017 17:41:09 +0100 Subject: [PATCH] downloader: support TLS SNI when negotiating with SSL server --- panda/src/downloader/httpChannel.cxx | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/panda/src/downloader/httpChannel.cxx b/panda/src/downloader/httpChannel.cxx index 96980fdfaa..3c90d63c3c 100644 --- a/panda/src/downloader/httpChannel.cxx +++ b/panda/src/downloader/httpChannel.cxx @@ -1474,6 +1474,14 @@ run_setup_ssl() { return false; } + string hostname = _request.get_url().get_server(); + result = SSL_set_tlsext_host_name(ssl, hostname.c_str()); + if (result == 0) { + downloader_cat.error() + << _NOTIFY_HTTP_CHANNEL_ID + << "Could not set TLS SNI hostname to '" << hostname << "'\n"; + } + /* * It would be nice to use something like SSL_set_client_cert_cb() here to set * a callback to provide the certificate should it be requested, or even to