From 1f3c10700548e474ad853a0cffd60a90be0937ba Mon Sep 17 00:00:00 2001
From: fanqibing <fanqibing@huawei.com>
Date: Thu, 5 Jun 2025 22:21:50 +0800
Subject: [PATCH] add SNI for tlssocket

Signed-off-by: fanqibing <fanqibing@huawei.com>
---
 frameworks/js/napi/tls/src/tls_socket.cpp | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/frameworks/js/napi/tls/src/tls_socket.cpp b/frameworks/js/napi/tls/src/tls_socket.cpp
index b6b14cc5d..ee2b0a5db 100644
--- a/frameworks/js/napi/tls/src/tls_socket.cpp
+++ b/frameworks/js/napi/tls/src/tls_socket.cpp
@@ -1731,11 +1731,14 @@ static void CacheCertificates(const std::string &hostName, SSL *ssl)
     }
 }
 
-static void LoadCachedCaCert(const std::string &hostName, SSL *ssl)
+static void SetSNIandLoadCachedCaCert(const std::string &hostName, SSL *ssl)
 {
     if (!ssl) {
         return;
     }
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+    SSL_set_tlsext_host_name(ssl, hostName.c_str());
+#endif
     auto cachedPem = CaCertCache::GetInstance().Get(hostName);
     auto sslCtx = SSL_get_SSL_CTX(ssl);
     if (!sslCtx) {
@@ -1762,7 +1765,7 @@ bool TLSSocket::TLSSocketInternal::StartShakingHands(const TLSConnectOptions &op
         auto hostName = options.GetHostName();
         // indicates hostName is not ip address
         if (hostName != options.GetNetAddress().GetAddress()) {
-            LoadCachedCaCert(hostName, ssl_);
+            SetSNIandLoadCachedCaCert(hostName, ssl_);
         }
 
         int result = SSL_connect(ssl_);
-- 
Gitee