curl-users
How to disable SNI?
Date: Wed, 29 Jul 2009 16:09:25 -0600
Any way to prevent cURL from sending the server name in the Extensions:
server_name portion of the Client Hello?
I'm using cURL v7.19.5 on a wintel environment to upload a file using http
over SSL. I'm executing a command like this:
curl -v "https://some.server.com" -E ClientCert.crt --key PrivateKey.pem
--pass SomeFunkyPassword -F file=@SomeBigFile.txt
The receiving party rejects the transmission right off the bat, claiming
they cannot support the hostname in the Client Hello. They request that "
some.server.com" be removed. Can this be done? It appears the offending
hostname apears in the following section of the Client Hello (indicated by
"Data").
Secure Socket Layer
Content Type: Handshake (22)
version: TLS 1.0 (0x0301)
Length: 117
-Handshake Protocol: Client Hello
Handshake Type: CLient Hello (1)
Length: 113
version: TLS 1.0 (0x0301)
+Random
Session ID Length: 0
Cipher Suites Length: 40
+Cipher Suites (20 suites)
Compression Methods Length: 1
+Compression Methods (1 method)
Extensions Length: 32
-Extension: server_name
Type: server_name (0x0000)
Length: 28
Data (28 bytes)
Note - I can get this working by specifying the IP instead (and using the -k
option so that cURL doesn't complain of a hostname / server cert subject
mismatch) but that's something I'd like to avoid if at all possible.
Thanks!
-RCB.
-------------------------------------------------------------------
List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2009-07-30