Add TLS server_name extension support for Mac Chrome.

This enables server name indication (SNI) support.

Patch written by Paul Kehrer <paul.l.kehrer@gmail.com>.
Original review URL: http://codereview.chromium.org/656024

R=wtc
BUG=30684
TEST=Go to https://carol.sni.velox.ch/ or https://xn--k4h.ws
(an IDN SNI site Paul Kehrer uses for testing). Without the
patch the latter will throw up a cert error, while the former
will have text stating that the server_name extension is not
present.
Review URL: http://codereview.chromium.org/660005

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@39934 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 8 insertions, 0 deletions

diff --git a/net/socket/ssl_client_socket_mac.cc b/net/socket/ssl_client_socket_mac.cc
index b03ed7a..0720a40 100644
--- a/net/socket/ssl_client_socket_mac.cc
+++ b/net/socket/ssl_client_socket_mac.cc
@@ -764,6 +764,14 @@ int SSLClientSocketMac::InitializeSSLContext() {
     status = SSLSetPeerID(ssl_context_, peer_id.data(), peer_id.length());
     if (status)
       return NetErrorFromOSStatus(status);
+
+    // Although we disable OS level certificate verification above,
+    // passing the domain name enables the server_name TLS extension (SNI).
+    status = SSLSetPeerDomainName(ssl_context_,
+                                  hostname_.data(),
+                                  hostname_.length());
+    if (status)
+      return NetErrorFromOSStatus(status);
   } else {
     // If I can't break on cert-requested, then set the cert up-front:
     status = SetClientCert();