From 1e8ac0bb014036c07bb3c679b0292ef20a6a0bb5 Mon Sep 17 00:00:00 2001
From: Kenny Root <kenny@the-b.org>
Date: Fri, 5 Jan 2024 19:12:13 -0800
Subject: [PATCH] TLS: use Server Name Indication

This allows sites that require a hostname to work correctly.
---
 src/socket.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/socket.c b/src/socket.c
index ac58639..7e6a727 100644
--- a/src/socket.c
+++ b/src/socket.c
@@ -1961,7 +1961,12 @@ static int establish(Sock *sock)
 #if HAVE_SSL
     if (xsock->ssl) {
 	int sslret;
-	sslret = SSL_connect(xsock->ssl);
+	if (xsock->host != NULL)
+	    sslret = SSL_set_tlsext_host_name(xsock->ssl, xsock->host);
+
+	if (sslret == 1)
+	    sslret = SSL_connect(xsock->ssl);
+
 	if (sslret <= 0) {
 	    setupnextconn(xsock);
 	    ssl_io_err(xsock, sslret, xsock->addr ? H_ICONFAIL : H_CONFAIL);