From 5959b8243b73bbf8b41946fcac9f4544c4b0f017 Mon Sep 17 00:00:00 2001
From: Steve Kemp <steve@steve.org.uk>
Date: Thu, 3 Nov 2016 16:50:24 +0200
Subject: Send the server-name-indicator (SNI) when falling back to legacy.

If ruby-based SSL negotiation fails then we fallback to invoking
(horridly!) openssl directly.  Until now this didn't send the SNI
hostname to connect to, so it could only test the first/default SSL site
that was listening upon a given IP address.

This commit updates things such that we send the correct hostname,
from the URL under-test.
---
 lib/custodian/protocoltest/ssl.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/custodian/protocoltest/ssl.rb b/lib/custodian/protocoltest/ssl.rb
index 0989ba9..c58a083 100644
--- a/lib/custodian/protocoltest/ssl.rb
+++ b/lib/custodian/protocoltest/ssl.rb
@@ -164,7 +164,7 @@ class SSLCheck
     in_cert = false
 
     # Run the command.
-    out = `echo "" | openssl s_client -connect  #{uri.host}:#{uri.port} 2>/dev/null`
+    out = `echo "" | openssl s_client -servername #{uri.host} -connect #{uri.host}:#{uri.port} 2>/dev/null`
     # For each line of the output
     out.split( /[\r\n]/ ).each do |line|
 
-- 
cgit v1.2.1