From: Pierre Ossman <ossman@cendio.se>
Date: Fri, 8 Sep 2017 13:28:39 +0000 (+0200)
Subject: Include server name in TLS handshake for SNI
X-Git-Tag: v1.8.90~119
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=894f2c519717e23ee1dfa110a7d9226d49c6d2fa;p=tigervnc.git

Include server name in TLS handshake for SNI

In case the server is a front-end to multiple systems and needs to
know which system we're after.
---

diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index 8a053e3d..d60f62be 100644
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -254,6 +254,11 @@ void CSecurityTLS::setParam()
     if (gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cert_cred) != GNUTLS_E_SUCCESS)
       throw AuthFailureException("gnutls_credentials_set failed");
 
+    if (gnutls_server_name_set(session, GNUTLS_NAME_DNS,
+                               client->getServerName(),
+                               strlen(client->getServerName())) != GNUTLS_E_SUCCESS)
+      vlog.error("Failed to configure the server name for TLS handshake");
+
     vlog.debug("X509 session has been set");
   }
 }