Always call SSLSetPeerDomainName. The SSLSetPeerDomainName call was

put inside an if statement by mistake.

R=snej
BUG=30684
TEST=none
Review URL: http://codereview.chromium.org/669207

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40794 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 7 insertions, 8 deletions

diff --git a/net/socket/ssl_client_socket_mac.cc b/net/socket/ssl_client_socket_mac.cc
index 7b01409..b3cfc44 100644
--- a/net/socket/ssl_client_socket_mac.cc
+++ b/net/socket/ssl_client_socket_mac.cc
@@ -709,6 +709,13 @@ int SSLClientSocketMac::InitializeSSLContext() {
   if (status)
     return NetErrorFromOSStatus(status);
 
+  // Passing the domain name enables the server_name TLS extension (SNI).
+  status = SSLSetPeerDomainName(ssl_context_,
+                                hostname_.data(),
+                                hostname_.length());
+  if (status)
+    return NetErrorFromOSStatus(status);
+
   // Disable certificate verification within Secure Transport; we'll
   // be handling that ourselves.
   status = SSLSetEnableCertVerify(ssl_context_, false);
@@ -765,14 +772,6 @@ int SSLClientSocketMac::InitializeSSLContext() {
     status = SSLSetPeerID(ssl_context_, peer_id.data(), peer_id.length());
     if (status)
       return NetErrorFromOSStatus(status);
-
-    // Although we disable OS level certificate verification above,
-    // passing the domain name enables the server_name TLS extension (SNI).
-    status = SSLSetPeerDomainName(ssl_context_,
-                                  hostname_.data(),
-                                  hostname_.length());
-    if (status)
-      return NetErrorFromOSStatus(status);
   } else {
     // If I have a cert, set it up-front, otherwise the server may try to get
     // it later by renegotiating, which SecureTransport doesn't support well.