diff -rU 4 a/ssl/Config.in b/ssl/Config.in --- a/ssl/Config.in 2014-10-27 13:30:33.000000000 +0300 +++ b/ssl/Config.in 2015-06-09 18:32:26.000000000 +0300 @@ -314,8 +314,15 @@ Note: not all the API is implemented, so parts may still break. And it's definitely not 100% compatible. +config CONFIG_SSL_SNI + bool "Enable SNI" + default y + help + An extension to the TLS. + See 3.1 Server Name Indication at RFC 3546. + config CONFIG_PERFORMANCE_TESTING bool "Build the bigint performance test tool" default n depends on CONFIG_SSL_CERT_VERIFICATION diff -rU 4 a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c --- a/ssl/tls1_clnt.c 2014-11-07 03:24:28.000000000 +0300 +++ b/ssl/tls1_clnt.c 2015-06-09 18:32:26.000000000 +0300 @@ -218,8 +218,30 @@ } buf[offset++] = 1; /* no compression */ buf[offset++] = 0; + +#ifdef CONFIG_SSL_SNI + if (ssl->host_name != NULL) { + unsigned int host_len = strlen(ssl->host_name); + + buf[offset++] = 0; + buf[offset++] = host_len+9; /* extensions length */ + + buf[offset++] = 0; + buf[offset++] = 0; /* server_name(0) (65535) */ + buf[offset++] = 0; + buf[offset++] = host_len+5; /* server_name length */ + buf[offset++] = 0; + buf[offset++] = host_len+3; /* server_list length */ + buf[offset++] = 0; /* host_name(0) (255) */ + buf[offset++] = 0; + buf[offset++] = host_len; /* host_name length */ + strncpy((char*) &buf[offset], ssl->host_name, host_len); + offset += host_len; + } +#endif + buf[3] = offset - 4; /* handshake size */ return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset); } diff -rU 4 a/ssl/tls1.h b/ssl/tls1.h --- a/ssl/tls1.h 2015-04-30 08:41:49.000000000 +0300 +++ b/ssl/tls1.h 2015-06-09 18:32:26.000000000 +0300 @@ -195,8 +195,12 @@ uint8_t server_mac[SHA1_SIZE]; /* for HMAC verification */ uint8_t read_sequence[8]; /* 64 bit sequence number */ uint8_t write_sequence[8]; /* 64 bit sequence number */ uint8_t hmac_header[SSL_RECORD_SIZE]; /* rx hmac */ + +#ifdef CONFIG_SSL_SNI + const char* host_name; +#endif }; typedef struct _SSL SSL;