pidgin/pidgin

Implement SNI support for the gnutls SSL plugin.
release-2.x.y
2019-12-16, Mihai Moldovan
6dba8046e1b1
Parents 7a975763d3b6
Children 0a7484792f62
Implement SNI support for the gnutls SSL plugin.

Note that gnutls is picky in regard to what it accepts as the server name - it
MUST be a domain name. IP addresses are not supported according to the
documentation.

Hence, filter out IP addresses and hope that whatever is not recognized as
such an address is actually a domain name. This will probably fail for more
exotic addresses (especially in IPv6 realm), but wiring up a full-blown parser
is too much effort and SSL plugins are not part of purple-3 anyway.

Fixes #17300
1 files changed, 4 insertions(+), 0 deletions(-)
  • +4 -0
    libpurple/plugins/ssl/ssl-gnutls.c
    • --- a/libpurple/plugins/ssl/ssl-gnutls.c Mon Nov 11 21:31:35 2019 -0600
    +++ b/libpurple/plugins/ssl/ssl-gnutls.c Mon Dec 16 13:11:41 2019 +0100
    @@ -403,6 +403,10 @@
    gnutls_transport_set_ptr(gnutls_data->session, GINT_TO_POINTER(gsc->fd));
    + /* SNI support. */
    + if (gsc->host && !g_hostname_is_ip_address(gsc->host))
    + gnutls_server_name_set(gnutls_data->session, GNUTLS_NAME_DNS, gsc->host, strlen(gsc->host));
    +
    gnutls_data->handshake_handler = purple_input_add(gsc->fd,
    PURPLE_INPUT_READ, ssl_gnutls_handshake_cb, gsc);