From 1992cdb292d1961d6b210a3c1d2532556d2c9195 Mon Sep 17 00:00:00 2001
From: Peter Hartmann <peter.hartmann@nokia.com>
Date: Mon, 14 Mar 2011 15:05:03 +0100
Subject: SSL backend: avoid setting SNI hostname for old SSL versions

With this patch, we only use SNI functionality when the SSL version
supports it (meaning when using TLS), otherwise the function call
would trigger a warning.

Reviewed-by: Markus Goetz
---
 src/network/ssl/qssl.h                 | 2 +-
 src/network/ssl/qsslsocket_openssl.cpp | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/network/ssl/qssl.h b/src/network/ssl/qssl.h
index 7c47361..1980659 100644
--- a/src/network/ssl/qssl.h
+++ b/src/network/ssl/qssl.h
@@ -75,7 +75,7 @@ namespace QSsl {
     enum SslProtocol {
         SslV3,
         SslV2,
-        TlsV1,
+        TlsV1, // ### Qt 5: rename to TlsV1_0 or so
         AnyProtocol,
         TlsV1SslV3,
         SecureProtocols = TlsV1SslV3,
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index 8da3bb7..664fce2 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -398,7 +398,10 @@ init_context:
     }
 
 #if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
-    if (client && q_SSLeay() >= 0x00090806fL) {
+    if ((configuration.protocol == QSsl::TlsV1SslV3 ||
+        configuration.protocol == QSsl::TlsV1 ||
+        configuration.protocol == QSsl::AnyProtocol) &&
+        client && q_SSLeay() >= 0x00090806fL) {
         // Set server hostname on TLS extension. RFC4366 section 3.1 requires it in ACE format.
         QString tlsHostName = verificationPeerName.isEmpty() ? q->peerName() : verificationPeerName;
         if (tlsHostName.isEmpty())
-- 
cgit v0.12