cURL / Mailing Lists / curl-users / Single Mail

curl-users

sni disable ...

From: Peter Sylvester <peter.sylvester_at_edelweb.fr>
Date: Thu, 30 Jul 2009 22:59:00 +0200

I looke at the code in ssluse.c

I think it might be useful not to set the sni when either
v2 or v3 are explicitely used.

in ssluse.c

#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 if ((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&
#ifdef ENABLE_IPV6
     (0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) &&
#endif
     !SSL_set_tlsext_host_name(connssl->handle, conn->host.name))
   infof(data, "WARNING: failed to configure server name indication (SNI) "
         "TLS extension\n");
#endif

replaced by something like

#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 if ((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&
#ifdef ENABLE_IPV6
     (0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) &&
#endif
     data->set.ssl.version != CURL_SSLVERSION_SSLv2 &&
     data->set.ssl.version != CURL_SSLVERSION_SSLv3 &&
     !SSL_set_tlsext_host_name(connssl->handle, conn->host.name))
   infof(data, "WARNING: failed to configure server name indication (SNI) "
         "TLS extension\n");
#endif

attached mail follows:


>
> "openssl s_client -connect xfb:port -debug" doesn't work on a ftps server
The point is to get the connection established or not established
and a trace of the connection phase.
 
The following options are relevant:

 -ssl2 - just use SSLv2
 -ssl3 - just use SSLv3
 -tls1 - just use TLSv1
 -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol
 -servername host - Set TLS extension servername in ClientHello

and

 -tlsextdebug - hex dump of all TLS extensions received
 -debug - extra output
 -msg - Show protocol messages

-tls1 -no_ssl2 -servername yourxfbhost -debug -tlsextdebug

should fail in the connection phase?

> because when opening connection it talks with FTP protocol. I don't
> known how to do that.
Just type QUIT for example.

-------------------------------------------------------------------
List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2009-07-30