pidgin/pidgin

Implement SNI support for the gnutls SSL plugin.
release-2.x.y
16 months ago, Mihai Moldovan
6dba8046e1b1
Parents 7a975763d3b6
Children 0a7484792f62
Implement SNI support for the gnutls SSL plugin.

Note that gnutls is picky in regard to what it accepts as the server name - it
MUST be a domain name. IP addresses are not supported according to the
documentation.

Hence, filter out IP addresses and hope that whatever is not recognized as
such an address is actually a domain name. This will probably fail for more
exotic addresses (especially in IPv6 realm), but wiring up a full-blown parser
is too much effort and SSL plugins are not part of purple-3 anyway.

Fixes #17300
--- a/libpurple/plugins/ssl/ssl-gnutls.c Mon Nov 11 21:31:35 2019 -0600
+++ b/libpurple/plugins/ssl/ssl-gnutls.c Mon Dec 16 13:11:41 2019 +0100
@@ -403,6 +403,10 @@
gnutls_transport_set_ptr(gnutls_data->session, GINT_TO_POINTER(gsc->fd));
+ /* SNI support. */
+ if (gsc->host && !g_hostname_is_ip_address(gsc->host))
+ gnutls_server_name_set(gnutls_data->session, GNUTLS_NAME_DNS, gsc->host, strlen(gsc->host));
+
gnutls_data->handshake_handler = purple_input_add(gsc->fd,
PURPLE_INPUT_READ, ssl_gnutls_handshake_cb, gsc);