From 9aa7af2c7f5b582c94b8307023a15c88e38c9447 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Thu, 22 Nov 2012 21:51:11 +0900
Subject: [PATCH] shrpx: Use SNI TLS extension in client mode

---
 src/shrpx_spdy_session.cc | 8 ++++++++
 src/shrpx_ssl.cc          | 2 --
 src/shrpx_ssl.h           | 2 ++
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/shrpx_spdy_session.cc b/src/shrpx_spdy_session.cc
index 25bc85b..ed67ad8 100644
--- a/src/shrpx_spdy_session.cc
+++ b/src/shrpx_spdy_session.cc
@@ -254,6 +254,14 @@ int SpdySession::initiate_connection()
                << ERR_error_string(ERR_get_error(), NULL);
     return -1;
   }
+
+  if(!ssl::numeric_host(get_config()->downstream_host)) {
+    // TLS extensions: SNI. There is no documentation about the return
+    // code for this function (actually this is macro wrapping SSL_ctrl
+    // at the time of this writing).
+    SSL_set_tlsext_host_name(ssl_, get_config()->downstream_host);
+  }
+
   bev_ = bufferevent_openssl_socket_new(evbase_, -1, ssl_,
                                         BUFFEREVENT_SSL_CONNECTING,
                                         BEV_OPT_DEFER_CALLBACKS);
diff --git a/src/shrpx_ssl.cc b/src/shrpx_ssl.cc
index 6337544..d556d6d 100644
--- a/src/shrpx_ssl.cc
+++ b/src/shrpx_ssl.cc
@@ -250,7 +250,6 @@ ClientHandler* accept_ssl_connection(event_base *evbase, SSL_CTX *ssl_ctx,
   }
 }
 
-namespace {
 bool numeric_host(const char *hostname)
 {
   struct addrinfo hints;
@@ -264,7 +263,6 @@ bool numeric_host(const char *hostname)
   freeaddrinfo(res);
   return true;
 }
-} // namespace
 
 namespace {
 bool tls_hostname_match(const char *pattern, const char *hostname)
diff --git a/src/shrpx_ssl.h b/src/shrpx_ssl.h
index 87e476c..9f5cf87 100644
--- a/src/shrpx_ssl.h
+++ b/src/shrpx_ssl.h
@@ -46,6 +46,8 @@ ClientHandler* accept_ssl_connection(event_base *evbase, SSL_CTX *ssl_ctx,
                                      evutil_socket_t fd,
                                      sockaddr *addr, int addrlen);
 
+bool numeric_host(const char *hostname);
+
 int check_cert(SSL *ssl);
 
 void setup_ssl_lock();