Include server name in TLS handshake for SNI

In case the server is a front-end to multiple systems and needs to
know which system we're after.

diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index 8a053e3db7fb7b98e9785baed5d3a60a14793b62..d60f62be5c57806986dcbacf3b30f45e3ecc3ff6 100644 (file)
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -254,6 +254,11 @@ void CSecurityTLS::setParam()
     if (gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cert_cred) != GNUTLS_E_SUCCESS)
       throw AuthFailureException("gnutls_credentials_set failed");
 
+    if (gnutls_server_name_set(session, GNUTLS_NAME_DNS,
+                               client->getServerName(),
+                               strlen(client->getServerName())) != GNUTLS_E_SUCCESS)
+      vlog.error("Failed to configure the server name for TLS handshake");
+
     vlog.debug("X509 session has been set");
   }
 }