summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--net/socket/ssl_client_socket_mac.cc15
1 files changed, 7 insertions, 8 deletions
diff --git a/net/socket/ssl_client_socket_mac.cc b/net/socket/ssl_client_socket_mac.cc
index 7b01409..b3cfc44 100644
--- a/net/socket/ssl_client_socket_mac.cc
+++ b/net/socket/ssl_client_socket_mac.cc
@@ -709,6 +709,13 @@ int SSLClientSocketMac::InitializeSSLContext() {
if (status)
return NetErrorFromOSStatus(status);
+ // Passing the domain name enables the server_name TLS extension (SNI).
+ status = SSLSetPeerDomainName(ssl_context_,
+ hostname_.data(),
+ hostname_.length());
+ if (status)
+ return NetErrorFromOSStatus(status);
+
// Disable certificate verification within Secure Transport; we'll
// be handling that ourselves.
status = SSLSetEnableCertVerify(ssl_context_, false);
@@ -765,14 +772,6 @@ int SSLClientSocketMac::InitializeSSLContext() {
status = SSLSetPeerID(ssl_context_, peer_id.data(), peer_id.length());
if (status)
return NetErrorFromOSStatus(status);
-
- // Although we disable OS level certificate verification above,
- // passing the domain name enables the server_name TLS extension (SNI).
- status = SSLSetPeerDomainName(ssl_context_,
- hostname_.data(),
- hostname_.length());
- if (status)
- return NetErrorFromOSStatus(status);
} else {
// If I have a cert, set it up-front, otherwise the server may try to get
// it later by renegotiating, which SecureTransport doesn't support well.
generated by cgit v1.1 at 2025-04-04 10:14:28 +0000