TLS: Now uses SNI

src/CMakeLists.txt

@@ -41,8 +41,9 @@ add_library (libshared libshared/src/Color.cpp         libshared/src/Color.h
                        libshared/src/RX.cpp            libshared/src/RX.h
                        libshared/src/Table.cpp         libshared/src/Table.h
                        libshared/src/Timer.cpp         libshared/src/Timer.h
-                       libshared/src/shared.cpp        libshared/src/shared.h
                        libshared/src/format.cpp        libshared/src/format.h
+                       libshared/src/ip.cpp
+                       libshared/src/shared.cpp        libshared/src/shared.h
                        libshared/src/unicode.cpp       libshared/src/unicode.h
                        libshared/src/utf8.cpp          libshared/src/utf8.h
                        libshared/src/wcwidth6.cpp)

src/TLSClient.cpp

@@ -46,6 +46,7 @@
 #include <sys/socket.h>
 #include <netdb.h>
 #include <gnutls/x509.h>
+#include <shared.h>
 #include <format.h>
 
 #define MAX_BUF 16384
@@ -210,6 +211,17 @@ void TLSClient::connect (const std::string& host, const std::string& port)
   gnutls_session_set_verify_cert (_session, _host.c_str (), 0); // 3.4.6
 #endif
 
+  // SNI.  Only permitted when _host is a DNS name, not an IPv4/6 address.
+  std::string dummyAddress;
+  int dummyPort;
+  if (! isIPv4Address (_host, dummyAddress, dummyPort) &&
+      ! isIPv6Address (_host, dummyAddress, dummyPort))
+  {
+    ret = gnutls_server_name_set (_session, GNUTLS_NAME_DNS, _host.c_str (), _host.length ()); // All
+    if (ret < 0)
+      throw format ("TLS SNI error. {1}", gnutls_strerror (ret)); // All
+  }
+
   // Store the TLSClient instance, so that the verification callback can access
   // it during the handshake below and call the verification method.
   gnutls_session_set_ptr (_session, (void*) this); // All