summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--AUTHORS1
-rw-r--r--net/socket/ssl_client_socket_mac.cc8
2 files changed, 9 insertions, 0 deletions
diff --git a/AUTHORS b/AUTHORS
index c6d5ec4..cfd4cde 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -65,3 +65,4 @@ Philippe Beaudoin <philippe.beaudoin@gmail.com>
Mark Hahnenberg <mhahnenb@gmail.com>
Alex Gartrell <alexgartrell@gmail.com>
James Choi <jchoi42@pha.jhu.edu>
+Paul Kehrer <paul.l.kehrer@gmail.com>
diff --git a/net/socket/ssl_client_socket_mac.cc b/net/socket/ssl_client_socket_mac.cc
index b03ed7a..0720a40 100644
--- a/net/socket/ssl_client_socket_mac.cc
+++ b/net/socket/ssl_client_socket_mac.cc
@@ -764,6 +764,14 @@ int SSLClientSocketMac::InitializeSSLContext() {
status = SSLSetPeerID(ssl_context_, peer_id.data(), peer_id.length());
if (status)
return NetErrorFromOSStatus(status);
+
+ // Although we disable OS level certificate verification above,
+ // passing the domain name enables the server_name TLS extension (SNI).
+ status = SSLSetPeerDomainName(ssl_context_,
+ hostname_.data(),
+ hostname_.length());
+ if (status)
+ return NetErrorFromOSStatus(status);
} else {
// If I can't break on cert-requested, then set the cert up-front:
status = SetClientCert();
generated by cgit v1.1 at 2025-01-17 18:03:58 +0000