From c1c9fcca4a7bf401e99058a0006ce1f4e84f41f3 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Tue, 2 Apr 2024 21:32:22 +0000
Subject: [PATCH] Avoid checking for SSL_set_tlsext_host_name, present in all
 supported OpenSSL versions

---
 ncat/config_win.h               |  1 -
 nmap_winconfig.h                |  1 -
 nping/nping_winconfig.h         |  1 -
 nsock/include/nsock_config.h.in |  1 -
 nsock/include/nsock_winconfig.h |  1 -
 nsock/src/configure             | 24 ------------------------
 nsock/src/configure.ac          |  4 ----
 nsock/src/nsock_core.c          |  2 --
 8 files changed, 35 deletions(-)

diff --git a/ncat/config_win.h b/ncat/config_win.h
index 398787b99..8b39c6fb3 100644
--- a/ncat/config_win.h
+++ b/ncat/config_win.h
@@ -61,7 +61,6 @@
    isn't available to create config.h. */
 
 #define HAVE_OPENSSL 1
-#define HAVE_SSL_SET_TLSEXT_HOST_NAME 1
 #define HAVE_HTTP_DIGEST 1
 #define LUA_INCLUDED 1
 #define HAVE_LUA 1
diff --git a/nmap_winconfig.h b/nmap_winconfig.h
index 6c9a81286..b9c35fa67 100644
--- a/nmap_winconfig.h
+++ b/nmap_winconfig.h
@@ -71,7 +71,6 @@
 #define NMAP_PLATFORM "i686-pc-windows-windows"
 
 #define HAVE_OPENSSL 1
-#define HAVE_SSL_SET_TLSEXT_HOST_NAME 1
 #define HAVE_LIBSSH2 1
 #define HAVE_LIBZ 1
 /* Since MSVC 2010, stdint.h is included as part of C99 compatibility */
diff --git a/nping/nping_winconfig.h b/nping/nping_winconfig.h
index f6de97829..d2669f882 100644
--- a/nping/nping_winconfig.h
+++ b/nping/nping_winconfig.h
@@ -81,7 +81,6 @@
 #define NPING_PLATFORM "i686-pc-windows-windows"
 
 #define HAVE_OPENSSL 1
-#define HAVE_SSL_SET_TLSEXT_HOST_NAME 1
 /* Apparently __func__ isn't yet supported */
 #define __func__ __FUNCTION__
 typedef unsigned __int32 u_int32_t;
diff --git a/nsock/include/nsock_config.h.in b/nsock/include/nsock_config.h.in
index b062734f2..2bc64c8d8 100644
--- a/nsock/include/nsock_config.h.in
+++ b/nsock/include/nsock_config.h.in
@@ -79,7 +79,6 @@
 #undef HAVE_NETDB_H
 
 #undef HAVE_OPENSSL
-#undef HAVE_SSL_SET_TLSEXT_HOST_NAME
 #undef HAVE_DTLS_CLIENT_METHOD
 #undef HAVE_ALPN_SUPPORT
 
diff --git a/nsock/include/nsock_winconfig.h b/nsock/include/nsock_winconfig.h
index ba05e879b..337db2196 100644
--- a/nsock/include/nsock_winconfig.h
+++ b/nsock/include/nsock_winconfig.h
@@ -69,5 +69,4 @@
 
 #define HAVE_OPENSSL 1
 #define HAVE_DTLS_CLIENT_METHOD 1
-#define HAVE_SSL_SET_TLSEXT_HOST_NAME 1
 #endif /* NSOCK_WINCONFIG_H */
diff --git a/nsock/src/configure b/nsock/src/configure
index 2bf719424..9cf78ca26 100755
--- a/nsock/src/configure
+++ b/nsock/src/configure
@@ -4916,30 +4916,6 @@ $as_echo "#define HAVE_OPENSSL 1" >>confdefs.h
   OPENSSL_LIBS="-lssl -lcrypto"
   LIBS_TMP="$LIBS"
   LIBS="$OPENSSL_LIBS $LIBS"
-  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_set_tlsext_host_name" >&5
-$as_echo_n "checking for SSL_set_tlsext_host_name... " >&6; }
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-#include <openssl/ssl.h>
-int
-main ()
-{
-SSL_set_tlsext_host_name(NULL, NULL)
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; };
-$as_echo "#define HAVE_SSL_SET_TLSEXT_HOST_NAME 1" >>confdefs.h
-
-else
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext conftest.$ac_ext
   { $as_echo "$as_me:${as_lineno-$LINENO}: checking for DTLS_client_method" >&5
 $as_echo_n "checking for DTLS_client_method... " >&6; }
   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
diff --git a/nsock/src/configure.ac b/nsock/src/configure.ac
index 1f035cff7..970b1f4bc 100644
--- a/nsock/src/configure.ac
+++ b/nsock/src/configure.ac
@@ -270,10 +270,6 @@ if test "$use_openssl" = "yes"; then
   OPENSSL_LIBS="-lssl -lcrypto"
   LIBS_TMP="$LIBS"
   LIBS="$OPENSSL_LIBS $LIBS"
-  AC_MSG_CHECKING([for SSL_set_tlsext_host_name])
-  AC_TRY_LINK([#include <openssl/ssl.h>], [SSL_set_tlsext_host_name(NULL, NULL)],
-    [AC_MSG_RESULT([yes]); AC_DEFINE(HAVE_SSL_SET_TLSEXT_HOST_NAME, 1, [SSL_set_tlsext_host_name available])],
-    [AC_MSG_RESULT([no])])
   AC_MSG_CHECKING([for DTLS_client_method])
   AC_TRY_LINK([#include <openssl/ssl.h>], [DTLS_client_method()],
     [AC_MSG_RESULT([yes]); AC_DEFINE(HAVE_DTLS_CLIENT_METHOD, 1, [DTLS_client_method available])],
diff --git a/nsock/src/nsock_core.c b/nsock/src/nsock_core.c
index 8ded8ae97..9778009e5 100644
--- a/nsock/src/nsock_core.c
+++ b/nsock/src/nsock_core.c
@@ -374,14 +374,12 @@ void handle_connect_result(struct npool *ms, struct nevent *nse, enum nse_status
           fatal("SSL_new failed: %s", ERR_error_string(ERR_get_error(), NULL));
       }
 
-#if HAVE_SSL_SET_TLSEXT_HOST_NAME
       /* Avoid sending SNI extension with DTLS because many servers don't allow
        * fragmented ClientHello messages. */
       if (iod->hostname != NULL && iod->lastproto != IPPROTO_UDP) {
         if (SSL_set_tlsext_host_name(iod->ssl, iod->hostname) != 1)
           fatal("SSL_set_tlsext_host_name failed: %s", ERR_error_string(ERR_get_error(), NULL));
       }
-#endif
 
       /* Associate our new SSL with the connected socket.  It will inherit the
        * non-blocking nature of the sd */