diff options
| author | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-02-24 22:21:01 +0000 |
|---|---|---|
| committer | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-02-24 22:21:01 +0000 |
| commit | bd876a48572f62b919bcc900b06a4187257d500f (patch) | |
| tree | 2d576c8525f225b9821054d3cac8e22d4186faa5 | |
| parent | a665d47914ca6ded9dab9ca1c11f8eebf4eccfeb (diff) | |
| download | chromium_src-bd876a48572f62b919bcc900b06a4187257d500f.zip chromium_src-bd876a48572f62b919bcc900b06a4187257d500f.tar.gz chromium_src-bd876a48572f62b919bcc900b06a4187257d500f.tar.bz2 | |
Add TLS server_name extension support for Mac Chrome.
This enables server name indication (SNI) support.
Patch written by Paul Kehrer <paul.l.kehrer@gmail.com>.
Original review URL: http://codereview.chromium.org/656024
R=wtc
BUG=30684
TEST=Go to https://carol.sni.velox.ch/ or https://xn--k4h.ws
(an IDN SNI site Paul Kehrer uses for testing). Without the
patch the latter will throw up a cert error, while the former
will have text stating that the server_name extension is not
present.
Review URL: http://codereview.chromium.org/660005
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@39934 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | AUTHORS | 1 | ||||
| -rw-r--r-- | net/socket/ssl_client_socket_mac.cc | 8 |
2 files changed, 9 insertions, 0 deletions
@@ -65,3 +65,4 @@ Philippe Beaudoin <philippe.beaudoin@gmail.com> Mark Hahnenberg <mhahnenb@gmail.com> Alex Gartrell <alexgartrell@gmail.com> James Choi <jchoi42@pha.jhu.edu> +Paul Kehrer <paul.l.kehrer@gmail.com> diff --git a/net/socket/ssl_client_socket_mac.cc b/net/socket/ssl_client_socket_mac.cc index b03ed7a..0720a40 100644 --- a/net/socket/ssl_client_socket_mac.cc +++ b/net/socket/ssl_client_socket_mac.cc @@ -764,6 +764,14 @@ int SSLClientSocketMac::InitializeSSLContext() { status = SSLSetPeerID(ssl_context_, peer_id.data(), peer_id.length()); if (status) return NetErrorFromOSStatus(status); + + // Although we disable OS level certificate verification above, + // passing the domain name enables the server_name TLS extension (SNI). + status = SSLSetPeerDomainName(ssl_context_, + hostname_.data(), + hostname_.length()); + if (status) + return NetErrorFromOSStatus(status); } else { // If I can't break on cert-requested, then set the cert up-front: status = SetClientCert(); |