curl-users
sni disable ...
Date: Thu, 30 Jul 2009 22:59:00 +0200
I looke at the code in ssluse.c
I think it might be useful not to set the sni when either
v2 or v3 are explicitely used.
in ssluse.c
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
if ((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&
#ifdef ENABLE_IPV6
(0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) &&
#endif
!SSL_set_tlsext_host_name(connssl->handle, conn->host.name))
infof(data, "WARNING: failed to configure server name indication (SNI) "
"TLS extension\n");
#endif
replaced by something like
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
if ((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&
#ifdef ENABLE_IPV6
(0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) &&
#endif
data->set.ssl.version != CURL_SSLVERSION_SSLv2 &&
data->set.ssl.version != CURL_SSLVERSION_SSLv3 &&
!SSL_set_tlsext_host_name(connssl->handle, conn->host.name))
infof(data, "WARNING: failed to configure server name indication (SNI) "
"TLS extension\n");
#endif
attached mail follows:
>
> "openssl s_client -connect xfb:port -debug" doesn't work on a ftps server
The point is to get the connection established or not established
and a trace of the connection phase.
The following options are relevant:
-ssl2 - just use SSLv2
-ssl3 - just use SSLv3
-tls1 - just use TLSv1
-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol
-servername host - Set TLS extension servername in ClientHello
and
-tlsextdebug - hex dump of all TLS extensions received
-debug - extra output
-msg - Show protocol messages
-tls1 -no_ssl2 -servername yourxfbhost -debug -tlsextdebug
should fail in the connection phase?
> because when opening connection it talks with FTP protocol. I don't
> known how to do that.
Just type QUIT for example.
-------------------------------------------------------------------
List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2009-07-30