From dc10d466bff53821f23d2cb4814c259d40c5d9c5 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 19 Mar 2015 15:37:05 +0100
Subject: hkps: Fix host name verification when using pools.

* common/http.c (send_request): Set the requested for SNI.
* dirmngr/ks-engine-hkp.c (map_host): Return the poolname and not
the selecting a host.
--

GnuPG-bug-id: 1792

Thanks to davidw for figuring out the problem.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 common/http.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'common')

diff --git a/common/http.c b/common/http.c
index 50c0692d2..12e3fcb89 100644
--- a/common/http.c
+++ b/common/http.c
@@ -1443,7 +1443,8 @@ send_request (http_t hd, const char *httphost, const char *auth,
         }
 
 # if HTTP_USE_NTBTLS
-      err = ntbtls_set_hostname (hd->session->tls_session, server);
+      err = ntbtls_set_hostname (hd->session->tls_session,
+                                 hd->session->servername);
       if (err)
         {
           log_info ("ntbtls_set_hostname failed: %s\n", gpg_strerror (err));
@@ -1452,7 +1453,8 @@ send_request (http_t hd, const char *httphost, const char *auth,
 # elif HTTP_USE_GNUTLS
       rc = gnutls_server_name_set (hd->session->tls_session,
                                    GNUTLS_NAME_DNS,
-                                   server, strlen (server));
+                                   hd->session->servername
+                                   strlen (hd->session->servername));
       if (rc < 0)
         log_info ("gnutls_server_name_set failed: %s\n", gnutls_strerror (rc));
 # endif /*HTTP_USE_GNUTLS*/
-- 
cgit v1.2.3