From 71560eafd14ef788f1c92ad3797e7bb9053a753f Mon Sep 17 00:00:00 2001
From: Jason Volk <jason@zemos.net>
Date: Wed, 13 Mar 2019 11:50:01 -0700
Subject: [PATCH] ircd::openssl: Include TLS1 header; start an SNI suite; minor
 reorg.

---
 configure.ac           |  1 +
 include/ircd/openssl.h |  6 +++++-
 ircd/openssl.cc        | 14 +++++++++++++-
 3 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index 64cb274fd..3e0f084af 100644
--- a/configure.ac
+++ b/configure.ac
@@ -976,6 +976,7 @@ RB_CHK_SYSHEADER(openssl/x509.h, [OPENSSL_X509_H])
 RB_CHK_SYSHEADER(openssl/evp.h, [OPENSSL_EVP_H])
 RB_CHK_SYSHEADER(openssl/ripemd.h, [OPENSSL_RIPEMD_H])
 RB_CHK_SYSHEADER(openssl/dh.h, [OPENSSL_DH_H])
+RB_CHK_SYSHEADER(openssl/tls1.h, [OPENSSL_TLS1_H])
 AC_CHECK_LIB(ssl, SSL_version,
 [
 	have_ssl="yes"
diff --git a/include/ircd/openssl.h b/include/ircd/openssl.h
index 5b6088c37..38de78af6 100644
--- a/include/ircd/openssl.h
+++ b/include/ircd/openssl.h
@@ -123,9 +123,10 @@ namespace ircd::openssl
 	const X509 &current_cert(const X509_STORE_CTX &);
 	X509 &current_cert(X509_STORE_CTX &);
 
-	// SSL suite
+	// Cipher suite
 	string_view name(const SSL_CIPHER &);
 	const SSL_CIPHER *current_cipher(const SSL &);
+
 	string_view shared_ciphers(const mutable_buffer &buf, const SSL &);
 	string_view cipher_list(const SSL &, const int &priority);
 	std::string cipher_list(const SSL_CTX &, const int &priority = 0);
@@ -136,6 +137,9 @@ namespace ircd::openssl
 	void set_tmp_ecdh(SSL_CTX &, EC_KEY &);
 	void set_curves(SSL_CTX &, std::string list);
 	void set_curves(SSL &, std::string list);
+
+	// SNI suite
+	string_view server_name(const SSL &); // provided by client
 }
 
 /// OpenSSL BIO convenience utils and wraps; also secure file IO closures
diff --git a/ircd/openssl.cc b/ircd/openssl.cc
index da848e5ea..64735b57f 100644
--- a/ircd/openssl.cc
+++ b/ircd/openssl.cc
@@ -19,6 +19,7 @@
 #include <RB_INC_OPENSSL_EVP_H
 #include <RB_INC_OPENSSL_RIPEMD_H
 #include <RB_INC_OPENSSL_DH_H
+#include <RB_INC_OPENSSL_TLS1_H
 
 #if defined(LIBRESSL_VERSION_NUMBER)
 static time_t ASN1_TIME_seconds(const ASN1_TIME *);
@@ -48,7 +49,18 @@ namespace ircd::openssl
 //
 
 //
-// SSL
+// SNI
+//
+
+ircd::string_view
+ircd::openssl::server_name(const SSL &ssl)
+{
+	const int type(::SSL_get_servername_type(&ssl));
+	return ::SSL_get_servername(&ssl, type);
+}
+
+//
+// Cipher suite
 //
 
 void