From 894f2c519717e23ee1dfa110a7d9226d49c6d2fa Mon Sep 17 00:00:00 2001
From: Pierre Ossman <ossman@cendio.se>
Date: Fri, 8 Sep 2017 15:28:39 +0200
Subject: [PATCH] Include server name in TLS handshake for SNI

In case the server is a front-end to multiple systems and needs to
know which system we're after.
---
 common/rfb/CSecurityTLS.cxx | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index 8a053e3d..d60f62be 100644
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -254,6 +254,11 @@ void CSecurityTLS::setParam()
     if (gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cert_cred) != GNUTLS_E_SUCCESS)
       throw AuthFailureException("gnutls_credentials_set failed");
 
+    if (gnutls_server_name_set(session, GNUTLS_NAME_DNS,
+                               client->getServerName(),
+                               strlen(client->getServerName())) != GNUTLS_E_SUCCESS)
+      vlog.error("Failed to configure the server name for TLS handshake");
+
     vlog.debug("X509 session has been set");
   }
 }
-- 
2.39.5