QSslSocket SNI: prefer verificationPeerName then peerName then hostName

As suggested by p--hartmann in a comment for MR 1574.

Task-number: QTBUG-1352

Merge-request: 1110
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>

1 files changed, 5 insertions, 2 deletions

diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index 11dc941..60d6cae 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -389,9 +389,12 @@ init_context:
 #if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
     if (client) {
         // Set server hostname on TLS extension. RFC4366 section 3.1 requires it in ACE format.
-        QByteArray ace = QUrl::toAce(hostName);
+        QString tlsHostName = verificationPeerName.isEmpty() ? q->peerName() : verificationPeerName;
+        if (tlsHostName.isEmpty())
+            tlsHostName = hostName;
+        QByteArray ace = QUrl::toAce(tlsHostName);
         if (!ace.isEmpty()) {
-            q_SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,ace.constData());
+            q_SSL_ctrl(ssl, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, ace.constData());
         }
     }
 #endif