[m2crypto] Add minimal SNI support

Wed Dec 18 02:15:06 UTC 2013

commit 61093d89c29c1bbc4e76a52deda8bb0956da6528
Author: Miloslav Trmač <mitr at redhat.com>
Date:   Tue Dec 17 02:45:32 2013 +0100

    Add minimal SNI support

 m2crypto-0.21.1-sni.patch |   43 +++++++++++++++++++++++++++++++++++++++++++
 m2crypto.spec             |    8 ++++++++
 2 files changed, 51 insertions(+), 0 deletions(-)
---

diff --git a/m2crypto-0.21.1-sni.patch b/m2crypto-0.21.1-sni.patch
new file mode 100644
index 0000000..cfc40d7
--- /dev/null
+++ b/m2crypto-0.21.1-sni.patch
@@ -0,0 +1,43 @@
+Based on https://bugzilla.osafoundation.org/attachment.cgi?id=5760
+by Sander Steffann <sander at steffann.nl>.
+
+diff -ur M2Crypto/M2Crypto/SSL/Connection.py M2Crypto-0.21.1/M2Crypto/SSL/Connection.py
+--- M2Crypto/M2Crypto/SSL/Connection.py	2013-12-17 02:01:49.843287273 +0100
++++ M2Crypto-0.21.1/M2Crypto/SSL/Connection.py	2013-12-17 02:28:28.357633159 +0100
+@@ -368,3 +368,7 @@
+ 
+     def set_post_connection_check_callback(self, postConnectionCheck):
+         self.postConnectionCheck = postConnectionCheck
++
++    def set_tlsext_host_name(self, name):
++        "Set the requested hostname for the SNI (Server Name Indication) extension"
++        m2.ssl_set_tlsext_host_name(self.ssl, name)
+diff -ur M2Crypto/SWIG/_ssl.i M2Crypto-0.21.1/SWIG/_ssl.i
+--- M2Crypto/SWIG/_ssl.i	2013-12-17 02:01:49.863287264 +0100
++++ M2Crypto-0.21.1/SWIG/_ssl.i	2013-12-17 02:39:28.138364398 +0100
+@@ -15,6 +15,7 @@
+ #include <openssl/bio.h>
+ #include <openssl/dh.h>
+ #include <openssl/ssl.h>
++#include <openssl/tls1.h>
+ #include <openssl/x509.h>
+ #include <poll.h>
+ #include <sys/time.h>
+@@ -398,6 +399,17 @@
+     return SSL_get_mode(ssl);
+ }
+ 
++int ssl_set_tlsext_host_name(SSL *ssl, const char *name) {
++    long l;
++
++    if (!(l = SSL_set_tlsext_host_name(ssl, name))) {
++        PyErr_SetString(_ssl_err, ERR_reason_error_string(ERR_get_error()));
++        return -1;
++    }
++    /* Return an "int" to match the 'typemap(out) int' in _lib.i */
++    return 1;
++}
++
+ void ssl_set_client_CA_list_from_file(SSL *ssl, const char *ca_file) {
+     SSL_set_client_CA_list(ssl, SSL_load_client_CA_file(ca_file));
+ }
diff --git a/m2crypto.spec b/m2crypto.spec
index f789851..56635db 100644
--- a/m2crypto.spec
+++ b/m2crypto.spec
@@ -32,6 +32,8 @@ Patch9: m2crypto-0.21.1-certs.patch
 Patch10: m2crypto-0.21.1-ssl23.patch
 # https://bugzilla.osafoundation.org/show_bug.cgi?id=13098
 Patch11: m2crypto-0.21.1-SSL_CTX_new.patch
+# https://bugzilla.osafoundation.org/show_bug.cgi?id=13073
+Patch12: m2crypto-0.21.1-sni.patch
 License: MIT
 Group: System Environment/Libraries
 URL: http://wiki.osafoundation.org/bin/view/Projects/MeTooCrypto
@@ -59,6 +61,7 @@ This package allows you to call OpenSSL functions from python scripts.
 openssl x509 -in tests/x509.pem -out tests/x509.der -outform DER
 %patch10 -p0 -b .ssl23
 %patch11 -p1 -b .SSL_CTX_new
+%patch12 -p1 -b .sni
 
 # Red Hat opensslconf.h #includes an architecture-specific file, but SWIG
 # doesn't follow the #include.
@@ -120,6 +123,11 @@ rm tests/*.{pem,py}.* # Patch backup files
 %{python_sitearch}/M2Crypto-*.egg-info
 
 %changelog
+* Tue Dec 17 2013 Miloslav Trmač <mitr at redhat.com> - 0.21.1-13
+- Add minimal SNI support, based on a patch by Sander Steffann
+  <sander at steffann.nl>
+  Resolves: #1029246
+
 * Sat Dec  7 2013 Miloslav Trmač <mitr at redhat.com> - 0.21.1-13
 - Fix incorrect exception handling of SSL_CTX_new (manifesting in FIPS mode)
   Resolves: #879043
