On Wed, Feb 20, 2013 at 09:35:16PM -0800, Junio C Hamano wrote:

>>  (2) I do not know if everybody has SSL_set_tslext_host_name() macro
>>      defined, so this patch may be breaking build for people with
>>      different versions of OpenSSL.
> [...]
> +     /*
> +      * SNI (RFC4366)
> +      * OpenSSL does not document this function, but the implementation
> +      * returns 1 on success, 0 on failure after calling SSLerr().
> +      */
> +     ret = SSL_set_tlsext_host_name(sock->ssl, server.host);
> +     if (ret != 1)
> +             warning("SSL_set_tslext_host_name(%s) failed.\n", server.host);
> +#endif

Yes, I think this is the right macro to check. According to OpenSSL's
CHANGES file, it was introduced between 0.9.8n and 1.0.0 (Mar 2010). But
I note that the use of the same macro in libcurl dates to 2008. Curious.

Note that you have a typo in your warning text (tslext) and an
extra newline.

As far as testing goes, I don't have an SNI IMAP server handy, but I
think you can simulate one with "openssl s_server". It may be a good
long-term goal to test any ssl-specific code against that in our test
suite (on the other hand, most of the interesting stuff is https, where
the details are all handled by curl).

To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to