Fossil: Changes On Branch dmitry-fixes

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Changes In Branch dmitry-fixes Excluding Merge-Ins

This is equivalent to a diff from 339a0f49d2 to 132dbcedbc

2011-12-17
15:18		Merge the SSL SNI fix from the dmitry-fixes branch. check-in: 074767b730 user: drh tags: trunk
13:19		Add the "test-date-format" command and the date_override option to tickets. check-in: 44f028c9f8 user: drh tags: trunk
2011-12-16
22:00		Add SSL SNI support (suggested by BohwaZ on mailing list). Simplify setting of port for SSL connection. Closed-Leaf check-in: 132dbcedbc user: dmitry tags: dmitry-fixes
15:10		Reorder some #includes for OpenBSD. check-in: 339a0f49d2 user: drh tags: trunk
2011-12-13
14:05		Update the release date on the change log. check-in: 489c67ae46 user: drh tags: trunk

Changes to src/http_ssl.c.

   191    191   **
   192    192   ** Return the number of errors.
   193    193   */
   194    194   int ssl_open(void){
   195    195     X509 *cert;
   196    196     int hasSavedCertificate = 0;
   197    197     int trusted = 0;
   198         -  char *connStr ;
   199    198     unsigned long e;
   200    199   
   201    200     ssl_global_init();
   202    201   
   203    202     /* Get certificate for current server from global config and
   204    203      * (if we have it in config) add it to certificate store.
   205    204      */
................................................................................
   208    207       X509_STORE_add_cert(SSL_CTX_get_cert_store(sslCtx), cert);
   209    208       X509_free(cert);
   210    209       hasSavedCertificate = 1;
   211    210     }
   212    211   
   213    212     iBio = BIO_new_ssl_connect(sslCtx);
   214    213     BIO_get_ssl(iBio, &ssl);
          214  +
          215  +  if( !SSL_set_tlsext_host_name(ssl, g.urlName) ){
          216  +    fossil_warning("WARNING: failed to set server name indication (SNI), "
          217  +                  "continuing without it.\n");
          218  +  }
          219  +
   215    220     SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
   216    221     if( iBio==NULL ) {
   217    222       ssl_set_errmsg("SSL: cannot open SSL (%s)", 
   218    223                       ERR_reason_error_string(ERR_get_error()));
   219         -    return 1;    
          224  +    return 1;
   220    225     }
   221         -  
   222         -  connStr = mprintf("%s:%d", g.urlName, g.urlPort);
   223         -  BIO_set_conn_hostname(iBio, connStr);
   224         -  free(connStr);
          226  +
          227  +  BIO_set_conn_hostname(iBio, g.urlName);
          228  +  BIO_set_conn_int_port(iBio, &g.urlPort);
   225    229     
   226    230     if( BIO_do_connect(iBio)<=0 ){
   227    231       ssl_set_errmsg("SSL: cannot connect to host %s:%d (%s)", 
   228    232           g.urlName, g.urlPort, ERR_reason_error_string(ERR_get_error()));
   229    233       ssl_close();
   230    234       return 1;
   231    235     }