Remove X.400 address parsing

[nmh] / sbr / netsec.c

diff --git a/sbr/netsec.c b/sbr/netsec.c
index 75be76a3f183e6592d361121edb2f605c6e5dfa6..2d70b37947c2392541c2c38dcc0f23d4d4524989 100644 (file)
--- a/sbr/netsec.c
+++ b/sbr/netsec.c
@@ -837,7 +837,7 @@ retry:
             * At that point, just give up.
             */
            netsec_err(errstr, "Internal error: wanted to printf() a total of "
-                      "%d bytes, but our buffer size was only %d bytes",
+                      "%d bytes, but our buffer size was only %d bytes",
                       rc, nsc->ns_outbufsize);
            return NOTOK;
        }
@@ -926,7 +926,7 @@ netsec_flush(netsec_context *nsc, char **errstr)
                if (nsc->ns_snoop_savebuf) {
                    cb_len += strlen(nsc->ns_snoop_savebuf);
                    nsc->ns_snoop_savebuf = mh_xrealloc(nsc->ns_snoop_savebuf,
-                                               outlen);
+                                                       outlen);
                    ptr = nsc->ns_snoop_savebuf;
                } else {
                    ptr = snoopoutbuf;
@@ -1260,7 +1260,7 @@ netsec_negotiate_sasl(netsec_context *nsc, const char *mechlist, char **errstr)
                               &xoauth_client_res, &xoauth_client_res_len,
                               nsc->ns_snoop ? stderr : NULL) != OK) {
            netsec_err(errstr, "Internal error: Unable to get OAuth2 "
-                      "bearer token");
+                      "bearer token");
            return NOTOK;
        }
 
@@ -1359,7 +1359,7 @@ netsec_negotiate_sasl(netsec_context *nsc, const char *mechlist, char **errstr)
      */
 
     rc = sasl_client_start(nsc->sasl_conn,
-                          nsc->sasl_mech ? nsc->sasl_mech : mechlist, NULL,
+                          nsc->sasl_mech ? nsc->sasl_mech : mechlist, NULL,
                           (const char **) &saslbuf, &saslbuflen,
                           &chosen_mech);
 
@@ -1383,7 +1383,7 @@ netsec_negotiate_sasl(netsec_context *nsc, const char *mechlist, char **errstr)
      */
 
     while (rc == SASL_CONTINUE) {
-       /*
+       /*
         * Call our SASL callback, which will handle the details of
         * reading data from the network.
         */
@@ -1624,6 +1624,11 @@ netsec_set_tls(netsec_context *nsc, int tls, int noverify, char **errstr)
            return NOTOK;
        }
 
+       if (!nsc->ns_hostname) {
+           netsec_err(errstr, "Internal error: hostname not set");
+           return NOTOK;
+       }
+
        /*
         * Create the SSL structure which holds the data for a single
         * TLS connection.
@@ -1680,6 +1685,12 @@ netsec_set_tls(netsec_context *nsc, int tls, int noverify, char **errstr)
        SSL_set_bio(ssl, rbio, wbio);
        SSL_set_connect_state(ssl);
 
+       /*
+        * Use the hostname to set the Server Name Indicator extension
+        */
+
+       SSL_set_tlsext_host_name(ssl, nsc->ns_hostname);
+
        /*
         * If noverify is NOT set, then do certificate validation.
         * Turning on SSL_VERIFY_PEER will verify the certificate chain
@@ -1696,12 +1707,6 @@ netsec_set_tls(netsec_context *nsc, int tls, int noverify, char **errstr)
 #endif /* HAVE_X509_VERIFY_PARAM_SET1_HOST */
 
            SSL_set_verify(ssl, SSL_VERIFY_PEER, NULL);
-           if (! nsc->ns_hostname) {
-               netsec_err(errstr, "Internal error: hostname not set and "
-                          "certification verification enabled");
-               SSL_free(ssl);
-               return NOTOK;
-           }
 
 #ifdef HAVE_X509_VERIFY_PARAM_SET1_HOST
            param = SSL_get0_param(ssl);
@@ -1720,7 +1725,7 @@ netsec_set_tls(netsec_context *nsc, int tls, int noverify, char **errstr)
 
        if (! ssl_bio) {
            netsec_err(errstr, "Unable to create a SSL BIO: %s",
-                      ERR_error_string(ERR_get_error(), NULL));
+                      ERR_error_string(ERR_get_error(), NULL));
            SSL_free(ssl);
            return NOTOK;
        }
@@ -1845,7 +1850,7 @@ netsec_err(char **errstr, const char *fmt, ...)
     int rc = 127;
 
     if (! errstr)
-       return;
+       return;
 
     do {
        errbufsize = rc + 1;