From f2756a6b81ebfadbd1ce318879c20b6519207c49 Mon Sep 17 00:00:00 2001
From: Steffen Ullrich <Steffen_Ullrich@genua.de>
Date: Sat, 29 Nov 2014 17:13:58 +0100
Subject: SSL support: use SNI only if supported by IO::Socket::SSL (i.e.
 openssl version>=1)

---
 lib/Net/FTP.pm  | 8 ++++++--
 lib/Net/NNTP.pm | 2 +-
 lib/Net/POP3.pm | 2 +-
 lib/Net/SMTP.pm | 2 +-
 4 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/lib/Net/FTP.pm b/lib/Net/FTP.pm
index e77178a..ea0d7ae 100644
--- a/lib/Net/FTP.pm
+++ b/lib/Net/FTP.pm
@@ -103,7 +103,8 @@ sub new {
     %tlsargs = (
       SSL_verifycn_scheme => 'ftp',
       SSL_verifycn_name => $hostname,
-      SSL_hostname => $hostname,
+      # use SNI if supported by IO::Socket::SSL
+      $pkg->can_client_sni ? (SSL_hostname => $hostname):(),
       # reuse SSL session of control connection in data connections
       SSL_session_cache => Net::FTP::_SSL_SingleSessionCache->new,
     );
@@ -1039,7 +1040,10 @@ sub _dataconn {
 	$ftp->is_SSL ? (
 	  SSL_reuse_ctx => $ftp,
 	  SSL_verifycn_name => ${*$ftp}{net_ftp_tlsargs}{SSL_verifycn_name},
-	  SSL_hostname => ${*$ftp}{net_ftp_tlsargs}{SSL_hostname},
+	  # This will cause the use of SNI if supported by IO::Socket::SSL.
+	  $ftp->can_client_sni ? (
+	    SSL_hostname  => ${*$ftp}{net_ftp_tlsargs}{SSL_hostname}
+	  ):(),
 	) :( %{${*$ftp}{net_ftp_tlsargs}} ),
       ):(),
     ) or return;
diff --git a/lib/Net/NNTP.pm b/lib/Net/NNTP.pm
index 7cc9936..ef838d2 100644
--- a/lib/Net/NNTP.pm
+++ b/lib/Net/NNTP.pm
@@ -758,7 +758,7 @@ sub DESTROY {
     ( $arg{SSL_verifycn_name} ||= $nntp->host )
 	=~s{(?<!:):[\w()]+$}{}; # strip port
     $arg{SSL_hostname} = $arg{SSL_verifycn_name}
-	if ! defined $arg{SSL_hostname};
+	if ! defined $arg{SSL_hostname} && $class->can_client_sni;
     my $ok = $class->SUPER::start_SSL($nntp,
       SSL_verifycn_scheme => 'nntp',
       %arg
diff --git a/lib/Net/POP3.pm b/lib/Net/POP3.pm
index 5be22f1..0c71e71 100644
--- a/lib/Net/POP3.pm
+++ b/lib/Net/POP3.pm
@@ -579,7 +579,7 @@ sub banner {
     ( $arg{SSL_verifycn_name} ||= $pop3->host )
 	=~s{(?<!:):[\w()]+$}{}; # strip port
     $arg{SSL_hostname} = $arg{SSL_verifycn_name}
-	if ! defined $arg{SSL_hostname};
+	if ! defined $arg{SSL_hostname} && $class->can_client_sni;
     $arg{SSL_verifycn_scheme} ||= 'pop3';
     my $ok = $class->SUPER::start_SSL($pop3,%arg);
     $@ = $ssl_class->errstr if !$ok;
diff --git a/lib/Net/SMTP.pm b/lib/Net/SMTP.pm
index c6c4940..3036b2a 100644
--- a/lib/Net/SMTP.pm
+++ b/lib/Net/SMTP.pm
@@ -616,7 +616,7 @@ sub _STARTTLS { shift->command("STARTTLS")->response() == CMD_OK }
     ( $arg{SSL_verifycn_name} ||= $smtp->host )
 	=~s{(?<!:):[\w()]+$}{}; # strip port
     $arg{SSL_hostname} = $arg{SSL_verifycn_name}
-	if ! defined $arg{SSL_hostname};
+	if ! defined $arg{SSL_hostname} && $class->can_client_sni;
     $arg{SSL_verifycn_scheme} ||= 'smtp';
     my $ok = $class->SUPER::start_SSL($smtp,%arg);
     $@ = $ssl_class->errstr if !$ok;
-- 
cgit v1.2.3-24-ge0c7