On Wed, Feb 20, 2013 at 09:35:16PM -0800, Junio C Hamano wrote:
>> (2) I do not know if everybody has SSL_set_tslext_host_name() macro
>> defined, so this patch may be breaking build for people with
>> different versions of OpenSSL.
> [...]
>
> +#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
> + /*
> + * SNI (RFC4366)
> + * OpenSSL does not document this function, but the implementation
> + * returns 1 on success, 0 on failure after calling SSLerr().
> + */
> + ret = SSL_set_tlsext_host_name(sock->ssl, server.host);
> + if (ret != 1)
> + warning("SSL_set_tslext_host_name(%s) failed.\n", server.host);
> +#endif
Yes, I think this is the right macro to check. According to OpenSSL's
CHANGES file, it was introduced between 0.9.8n and 1.0.0 (Mar 2010). But
I note that the use of the same macro in libcurl dates to 2008. Curious.
Note that you have a typo in your warning text (tslext) and an
extra newline.
As far as testing goes, I don't have an SNI IMAP server handy, but I
think you can simulate one with "openssl s_server". It may be a good
long-term goal to test any ssl-specific code against that in our test
suite (on the other hand, most of the interesting stuff is https, where
the details are all handled by curl).
-Peff
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
