community/claws-mail: TLS server name indication support

Using patch included from
<https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4103>,
fixes issue with some mailservers such as Gmail refusing TLSv1.3 without
SNI.

2 files changed, 89 insertions, 3 deletions

diff --git a/community/claws-mail/APKBUILD b/community/claws-mail/APKBUILD
index 0da399078c..bdd797d110 100644
--- a/community/claws-mail/APKBUILD
+++ b/community/claws-mail/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=claws-mail
 pkgver=3.17.1
-pkgrel=0
+pkgrel=1
 pkgdesc="A GTK+ based e-mail client."
 url="http://www.claws-mail.org"
 arch="all"
@@ -36,7 +36,8 @@ makedepends="gtk+-dev libressl-dev startup-notification-dev enchant-dev
 	pinentry-gtk spamassassin libical-dev ytnef-dev
 	"
 depends="aspell-en"
-source="http://www.claws-mail.org/download.php?file=releases/claws-mail-$pkgver.tar.gz"
+source="http://www.claws-mail.org/download.php?file=releases/claws-mail-$pkgver.tar.gz
+        sni.patch"
 
 builddir="$srcdir"/$pkgname-$pkgver
 build() {
@@ -168,4 +169,5 @@ _vcalendar () {
 	_plugin "Handling of vCalendar messages in Claws Mail" "" vcalendar
 }
 
-sha512sums="4e461608ffb9978dcb0ed8aa1d29cf6065797f38bb98ceae3dbca4728adc5cf20a87f5bf5123a34ccc6a87b2646e2aac5f7f9c033c473e36e0420a6958200ba1  claws-mail-3.17.1.tar.gz"
+sha512sums="4e461608ffb9978dcb0ed8aa1d29cf6065797f38bb98ceae3dbca4728adc5cf20a87f5bf5123a34ccc6a87b2646e2aac5f7f9c033c473e36e0420a6958200ba1  claws-mail-3.17.1.tar.gz
+7862c04979e481634084f6cbb359b9cabdda2d7468e3c76512772a3ba3890b3eb6665c47e5bfee24387c4fa6fddc6f425110a6313a177eb12dc4ebd6aa2d3f6a  sni.patch"
diff --git a/community/claws-mail/sni.patch b/community/claws-mail/sni.patch
new file mode 100644
index 0000000000..14621ba76e
--- /dev/null
+++ b/community/claws-mail/sni.patch
@@ -0,0 +1,84 @@
+--- a/src/common/ssl.c	
++++ a/src/common/ssl.c	
+@@ -410,6 +410,17 @@ gboolean ssl_init_socket(SockInfo *sockinfo)
+ 
+ 	gnutls_record_disable_padding(session);
+ 
++	/* If we have a host name, rather than a numerical IP address, tell
++	 * gnutls to send it in the server name identification extension field,
++	 * to give the server a chance to select the correct certificate in the
++	 * virtual hosting case where multiple domain names are hosted on the
++	 * same IP address. */
++	if (NULL != sockinfo->canonical_name && !is_numeric_host_address(sockinfo->canonical_name)) {
++		r = gnutls_server_name_set(session, GNUTLS_NAME_DNS, sockinfo->canonical_name, strlen(sockinfo->canonical_name));
++		debug_print("Set GnuTLS session server name indication to %s, status = %d\n",
++			    sockinfo->canonical_name, r);
++	}
++
+ 	gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+ 
+ 	if (claws_ssl_get_cert_file()) {
+--- a/src/common/utils.c	
++++ a/src/common/utils.c	
+@@ -1924,6 +1924,29 @@ const gchar *get_domain_name(void)
+ #endif
+ }
+ 
++/* Tells whether the given host address string is a valid representation of a
++ * numerical IP (v4 or, if supported, v6) address.
++ */
++gboolean is_numeric_host_address(const gchar *hostaddress)
++{
++	struct addrinfo hints, *res;
++	int err;
++
++	/* See what getaddrinfo makes of the string when told that it is a
++	 * numeric IP address representation. */
++	memset(&hints, 0, sizeof(struct addrinfo));
++	hints.ai_family = AF_UNSPEC;
++	hints.ai_socktype = 0;
++	hints.ai_flags = AI_NUMERICHOST;
++	hints.ai_protocol = 0;
++
++	err = getaddrinfo(hostaddress, NULL, &hints, &res);
++	if (0 == err) {
++		freeaddrinfo(res);
++	}
++	return (0 == err);
++}
++
+ off_t get_file_size(const gchar *file)
+ {
+ #ifdef G_OS_WIN32
+--- a/src/common/utils.h	
++++ a/src/common/utils.h	
+@@ -396,6 +396,7 @@ const gchar *get_tmp_dir		(void);
+ const gchar *get_locale_dir		(void);
+ gchar *get_tmp_file			(void);
+ const gchar *get_domain_name		(void);
++gboolean is_numeric_host_address	(const gchar *hostaddress);
+ const gchar *get_desktop_file(void);
+ #ifdef G_OS_WIN32
+ const gchar *w32_get_themes_dir    (void);
+--- a/src/etpan/etpan-ssl.c	
++++ a/src/etpan/etpan-ssl.c	
+@@ -171,6 +171,19 @@ void etpan_connect_ssl_context_cb(struct mailstream_ssl_context * ssl_context, v
+ 		gnutls_x509_crt_deinit(x509);
+ 		gnutls_x509_privkey_deinit(pkey);
+ 	}
++
++	/* If we have a host name, rather than a numerical IP address, tell
++	 * gnutls to send it in the server name identification extension field,
++	 * to give the server a chance to select the correct certificate in the
++	 * virtual hosting case where multiple domain names are hosted on the
++	 * same IP address. */
++	if (!is_numeric_host_address(account->recv_server)) {
++		int r;
++
++		r = mailstream_ssl_set_server_name(ssl_context, account->recv_server);
++		debug_print("Set libetpan SSL mail stream server name indication to %s, status = %d\n",
++			    account->recv_server, r);
++	}
+ }
+ 
+ #endif /* USE_GNUTLS */