Added client-side Server Name Indication (SNI) support in OpenSSL extension.

#
# [DOC]
#
# New SSL context options :
#
# - SNI_enabled : Set to FALSE to disable SNI support (enabled by default)
# - SNI_server_name : If not set, the server name will be guessed from the
# stream URL (e.g. https://example.com/ will use example.com as hostname.),
# else the given name will be used.
#
# SNI is to SSL/TLS what the Host header is for HTTP : it allows multiple
# certificates on the same IP address.
#
# As for HTTP virtual hosts, this should be totaly transparent in most cases.
#
# Context options allows more control, e.g. :
# 
# $context = stream_context_create(array(
#   'ssl' => array('SNI_server_name' => 'foo.example.com'),
#   'http' => array('header' => 'Host: foo.example.com'),
# ));
# file_get_contents('https://127.0.0.1/', false, $context);
#
# OpenSSL >= 0.9.8j supports SNI (by default since OpenSSL 0.9.8k).

1 files changed, 5 insertions, 0 deletions

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 764b6df594..b1306a99e9 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -1036,6 +1036,11 @@ PHP_MINIT_FUNCTION(openssl)
 	REGISTER_LONG_CONSTANT("OPENSSL_KEYTYPE_EC", OPENSSL_KEYTYPE_EC, CONST_CS|CONST_PERSISTENT);
 #endif
 
+#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
+	/* SNI support included in OpenSSL >= 0.9.8j */
+	REGISTER_LONG_CONSTANT("OPENSSL_TLSEXT_SERVER_NAME", 1, CONST_CS|CONST_PERSISTENT);
+#endif
+
 	/* Determine default SSL configuration file */
 	config_filename = getenv("OPENSSL_CONF");
 	if (config_filename == NULL) {