SSL backend: avoid setting SNI hostname for old SSL versions

With this patch, we only use SNI functionality when the SSL version
supports it (meaning when using TLS), otherwise the function call
would trigger a warning.

Reviewed-by: Markus Goetz

2 files changed, 5 insertions, 2 deletions

diff --git a/src/network/ssl/qssl.h b/src/network/ssl/qssl.h
index 7c47361..1980659 100644
--- a/src/network/ssl/qssl.h
+++ b/src/network/ssl/qssl.h
@@ -75,7 +75,7 @@ namespace QSsl {
     enum SslProtocol {
         SslV3,
         SslV2,
-        TlsV1,
+        TlsV1, // ### Qt 5: rename to TlsV1_0 or so
         AnyProtocol,
         TlsV1SslV3,
         SecureProtocols = TlsV1SslV3,
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index 8da3bb7..664fce2 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -398,7 +398,10 @@ init_context:
     }
 
 #if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
-    if (client && q_SSLeay() >= 0x00090806fL) {
+    if ((configuration.protocol == QSsl::TlsV1SslV3 ||
+        configuration.protocol == QSsl::TlsV1 ||
+        configuration.protocol == QSsl::AnyProtocol) &&
+        client && q_SSLeay() >= 0x00090806fL) {
         // Set server hostname on TLS extension. RFC4366 section 3.1 requires it in ACE format.
         QString tlsHostName = verificationPeerName.isEmpty() ? q->peerName() : verificationPeerName;
         if (tlsHostName.isEmpty())