mbedtls/polarssl: set "hostname" unconditionally (6efd2fa5) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

lib/vtls/mbedtls.c

+6 −7

Original line number	Diff line number	Diff line
		@@ -391,13 +391,12 @@ mbed_connect_step1(struct connectdata *conn,
		mbedtls_ssl_conf_own_cert(&connssl->config,
		&connssl->clicert, &connssl->pk);
		}
		if(!Curl_inet_pton(AF_INET, conn->host.name, &addr) &&
		#ifdef ENABLE_IPV6
		!Curl_inet_pton(AF_INET6, conn->host.name, &addr) &&
		#endif
		sni && mbedtls_ssl_set_hostname(&connssl->ssl, conn->host.name)) {
		infof(data, "WARNING: failed to configure "
		"server name indication (SNI) TLS extension\n");
		if(mbedtls_ssl_set_hostname(&connssl->ssl, conn->host.name)) {
		/* mbedtls_ssl_set_hostname() sets the name to use in CN/SAN checks and
		the name to set in the SNI extension. So even if curl connects to a
		host specified as an IP address, this function must be used. */
		failf(data, "couldn't set hostname in mbedTLS");
		return CURLE_SSL_CONNECT_ERROR;
		}

		#ifdef HAS_ALPN

+6 −7

Original line number	Diff line number	Diff line
		@@ -354,13 +354,12 @@ polarssl_connect_step1(struct connectdata *conn,
		ssl_set_own_cert_rsa(&connssl->ssl,
		&connssl->clicert, &connssl->rsa);

		if(!Curl_inet_pton(AF_INET, conn->host.name, &addr) &&
		#ifdef ENABLE_IPV6
		!Curl_inet_pton(AF_INET6, conn->host.name, &addr) &&
		#endif
		sni && ssl_set_hostname(&connssl->ssl, conn->host.name)) {
		infof(data, "WARNING: failed to configure "
		"server name indication (SNI) TLS extension\n");
		if(ssl_set_hostname(&connssl->ssl, conn->host.name)) {
		/* ssl_set_hostname() sets the name to use in CN/SAN checks and the name
		to set in the SNI extension. So even if curl connects to a host
		specified as an IP address, this function must be used. */
		failf(data, "couldn't set hostname in PolarSSL");
		return CURLE_SSL_CONNECT_ERROR;
		}

		#ifdef HAS_ALPN