Add TLS server_name extension support for Mac Chrome.

This enables server name indication (SNI) support. Patch written by Paul Kehrer <paul.l.kehrer@gmail.com>. Original review URL: http://codereview.chromium.org/656024 R=wtc BUG=30684 TEST=Go to https://carol.sni.velox.ch/ or https://xn--k4h.ws (an IDN SNI site Paul Kehrer uses for testing). Without the patch the latter will throw up a cert error, while the former will have text stating that the server_name extension is not present. Review URL: http://codereview.chromium.org/660005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@39934 0039d316-1c4b-4281-b951-d872f2087c98
SaschaDeWaal · Feb 24, 2010 · bd876a4 · bd876a4
1 parent a665d47
commit bd876a4
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/AUTHORS b/AUTHORS
@@ -65,3 +65,4 @@ Philippe Beaudoin <philippe.beaudoin@gmail.com>
 Mark Hahnenberg <mhahnenb@gmail.com>
 Alex Gartrell <alexgartrell@gmail.com>
 James Choi <jchoi42@pha.jhu.edu>
+Paul Kehrer <paul.l.kehrer@gmail.com>
diff --git a/net/socket/ssl_client_socket_mac.cc b/net/socket/ssl_client_socket_mac.cc
@@ -764,6 +764,14 @@ int SSLClientSocketMac::InitializeSSLContext() {
     status = SSLSetPeerID(ssl_context_, peer_id.data(), peer_id.length());
     if (status)
       return NetErrorFromOSStatus(status);
+
+    // Although we disable OS level certificate verification above,
+    // passing the domain name enables the server_name TLS extension (SNI).
+    status = SSLSetPeerDomainName(ssl_context_,
+                                  hostname_.data(),
+                                  hostname_.length());
+    if (status)
+      return NetErrorFromOSStatus(status);
   } else {
     // If I can't break on cert-requested, then set the cert up-front:
     status = SetClientCert();