From 2492cdf6ce85963f2fe269b4d41fd09d92ccf277 Mon Sep 17 00:00:00 2001
From: Jeffrey Armstrong <jeffrey.armstrong@approximatrix.com>
Date: Tue, 19 May 2020 08:36:22 -0400
Subject: Requests should now include SNI over TLS

---
 jessl.f90   | 43 +++++++++++++++++++++++++++++++++++++++++++
 request.f90 |  7 ++++++-
 2 files changed, 49 insertions(+), 1 deletion(-)

diff --git a/jessl.f90 b/jessl.f90
index bd9d1fe..0df3180 100644
--- a/jessl.f90
+++ b/jessl.f90
@@ -23,8 +23,14 @@
 ! Just Enough SSL...
 
 module jessl
+use iso_c_binding
 implicit none
 
+    ! Constants needed for SNI
+    integer(kind=c_long), parameter::TLSEXT_NAMETYPE_host_name = 0
+    
+    integer(kind=c_int), parameter::SSL_CTRL_SET_TLSEXT_HOSTNAME = 55
+    
     interface 
     
         subroutine library_init() bind(c, name="OPENSSL_init_ssl")
@@ -90,6 +96,15 @@ implicit none
         type(c_ptr), value::ctx
         end function ctx_free
         
+        function ssl_ctrl_c(ctx, cmd, arg, vp) bind(c, name="SSL_ctrl")
+        use iso_c_binding
+        type(c_ptr), value::ctx
+        integer(kind=c_int), value::cmd
+        integer(kind=c_long), value::arg
+        type(c_ptr), value::vp
+        integer(kind=c_long)::ssl_ctrl_c
+        end function ssl_ctrl_c
+        
         ! Actually a macro...
         !function get_cipher_c(ssl) bind(c, name="SSL_get_cipher_name")
         !use iso_c_binding
@@ -207,5 +222,33 @@ contains
         end if
         
     end subroutine get_cipher
+    
+    function set_tlsext_host_name(ctx, hostname)
+    use iso_c_binding
+    implicit none
+    
+        type(c_ptr)::ctx
+        character(*), intent(in)::hostname
+        integer::set_tlsext_host_name
+        
+        character(kind=c_char), dimension(:), allocatable, target::chostname
+        
+        integer::i
+        
+        allocate(chostname(len_trim(hostname)+1))
+        
+        do i = 1, len_trim(hostname)
+            chostname(i) = hostname(i:i)
+        end do
+        chostname(len_trim(hostname)+1) = c_null_char
+
+        set_tlsext_host_name = ssl_ctrl_c(ctx, &
+                                          SSL_CTRL_SET_TLSEXT_HOSTNAME, &
+                                          TLSEXT_NAMETYPE_host_name, &
+                                          c_loc(chostname))
+        
+        deallocate(chostname)
+    
+    end function set_tlsext_host_name
 
 end module jessl
diff --git a/request.f90 b/request.f90
index ec35772..139b368 100644
--- a/request.f90
+++ b/request.f90
@@ -115,10 +115,15 @@ contains
         ! Set up ssl now
         ssl_method = tls_client_method()
         conn%ssl_ctx = ctx_new(ssl_method)
+        
         conn%ssl = ssl_new(conn%ssl_ctx)
-        if((.not. c_associated(conn%ssl)) .or. (set_fd(conn%ssl, conn%socket) /= 1)) then
+        if((.not. c_associated(conn%ssl)) .or. &
+           (set_tlsext_host_name(conn%ssl, server) == 0) .OR. &
+           (set_fd(conn%ssl, conn%socket) /= 1)) then
+           
             conn%code = CONNECTION_SSL_SETUP_FAILURE
             return
+            
         end if
         
         ! Connect via ssl
-- 
cgit v1.2.3