Implement SNI support for the gnutls SSL plugin.
2019-12-16, Mihai Moldovan
Parents 7a975763d3b6
Children 0a7484792f62
Implement SNI support for the gnutls SSL plugin.

Note that gnutls is picky in regard to what it accepts as the server name - it
MUST be a domain name. IP addresses are not supported according to the

Hence, filter out IP addresses and hope that whatever is not recognized as
such an address is actually a domain name. This will probably fail for more
exotic addresses (especially in IPv6 realm), but wiring up a full-blown parser
is too much effort and SSL plugins are not part of purple-3 anyway.

Fixes #17300
--- a/libpurple/plugins/ssl/ssl-gnutls.c Mon Nov 11 21:31:35 2019 -0600
+++ b/libpurple/plugins/ssl/ssl-gnutls.c Mon Dec 16 13:11:41 2019 +0100
@@ -403,6 +403,10 @@
gnutls_transport_set_ptr(gnutls_data->session, GINT_TO_POINTER(gsc->fd));
+ /* SNI support. */
+ if (gsc->host && !g_hostname_is_ip_address(gsc->host))
+ gnutls_server_name_set(gnutls_data->session, GNUTLS_NAME_DNS, gsc->host, strlen(gsc->host));
gnutls_data->handshake_handler = purple_input_add(gsc->fd,
PURPLE_INPUT_READ, ssl_gnutls_handshake_cb, gsc);