aboutsummaryrefslogtreecommitdiffstats
path: root/main/imap/sni.patch
blob: 2247f65f988c97b0d883add106f4f4bfc01cb46e (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Description: Google IMAP servers require SNI if client supports TLS 1.3.
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/php-imap/+bug/1834340

--- a/src/osdep/unix/ssl_unix.c
+++ b/src/osdep/unix/ssl_unix.c
@@ -273,6 +273,18 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
 				/* create connection */
   if (!(stream->con = (SSL *) SSL_new (stream->context)))
     return "SSL connection failed";
+#if OPENSSL_VERSION_NUMBER >= 0x10200000L
+  ASN1_OCTET_STRING *ip;
+  /* support SNI if host is not an IP address */
+  /* per RFC 6066: */
+  /* Literal IPv4 and IPv6 addresses are not permitted in "HostName". */
+  /* a2i_IPADDRESS is available since OpenSSL 1.0.2 */
+  ip = a2i_IPADDRESS(host);
+  if (ip == NULL) {
+    ERR_clear_error();
+    SSL_set_tlsext_host_name(stream->con,host);
+  }
+#endif
   bio = BIO_new_socket (stream->tcpstream->tcpsi,BIO_NOCLOSE);
   SSL_set_bio (stream->con,bio,bio);
   SSL_set_connect_state (stream->con);