[fpc-devel] https support; call for testers
Dimitrios Chr. Ioannidis
d.ioannidis at nephelae.eu
Wed Apr 30 13:17:42 CEST 2014
Hi,
i had to add support for client side Server Name Indication (SNI) TLS
extension which is supported in OpenSSL from version 0.9.8 ( k ? ) (
http://en.wikipedia.org/wiki/Server_Name_Indication ) .
It's a trivial change ( doesn't break anything, i think ... ) so can
you review it for inclusion ?
Regarding the absense of a switch ( at least ) for the SSCtrl call i
read in the net that "... but looking at the OpenSSL code there is no
harm done calling SSL_ctrl using undefined cmd parameters. Support for
the SSL_CTRL_SET_TLSEXT_HOSTNAME can also be disabled when compiling
openssl which confirms the no harm done."
Index: fcl-net/src/sslsockets.pp
===================================================================
--- fcl-net/src/sslsockets.pp (revision 27686)
+++ fcl-net/src/sslsockets.pp (working copy)
@@ -226,6 +226,8 @@
Result:=CheckSSL(FSSL.SetFD(FSocket.Handle));
if Result then
begin
+ SSLCtrl(FSSL.SSL, SSL_CTRL_SET_TLSEXT_HOSTNAME,
TLSEXT_NAMETYPE_host_name,
+ PAnsiChar(AnsiString(TInetSocket(FSocket).Host)));
Result:=CheckSSL(FSSL.Connect);
if Result and VerifyPeerCert then
Result:=(FSSL.VerifyResult<>0) or (not DoVerifyCert);
Index: openssl/src/openssl.pas
===================================================================
--- openssl/src/openssl.pas (revision 27686)
+++ openssl/src/openssl.pas (working copy)
@@ -642,7 +642,10 @@
//DES modes
DES_ENCRYPT = 1;
DES_DECRYPT = 0;
-
+
+ SSL_CTRL_SET_TLSEXT_HOSTNAME = 55;
+ TLSEXT_NAMETYPE_host_name = 0;
+
var
SSLLibHandle: TLibHandle = 0;
SSLUtilHandle: TLibHandle = 0;
Regards,
--
Dimitrios Chr. Ioannidis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4261 bytes
Desc: ??????????????? ???????? S/MIME
URL: <http://lists.freepascal.org/pipermail/fpc-devel/attachments/20140430/0a2b0026/attachment.bin>
More information about the fpc-devel
mailing list