cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: Manual setting of TLS Server Name Indication

From: Matthieu Speder <mspeder_at_users.sourceforge.net>
Date: Tue, 10 Aug 2010 10:23:10 +0200

(Sending this one a second time, since it looks like my first one
disappeared somewhere :-)

> This feature is called CURLOPT_HTTPHEADER in libcurl lingo, and when
> you set a custom Host: like this libcurl automatically works with that
> host when it does cookie magic.
>
> We could (or should?) perhaps do the same when a custom Host: is used
> and an SNI name is passed on, as then (lib)curl would still do the
> proper SNI even when trying out a local https:// site like above.

Agree. And by the way I think that this might be the right thing to do
anyway, even without my strange context.
The only restriction I see is that HTTP header is only relevant for HTTP
service while TLS SNI could in theory apply to non HTTP also. However, in
real life, I'm not aware of any TLS server really using SNI apart from HTTPS
servers.

I looked for a way to implement your idea.
Main issue is that today cookiehost if filled only after the TLS session is
built. I did a quick test looking in the header directly and it worked
perfectly (see sample code below). However it looks like we do the job of
looking in the header twice, so maybe you would do it a different way ?

Matthieu
___________

  if (sni) {
                const char* ptr = Curl_checkheaders(data, "Host:");
                sniname = ptr?Curl_copy_header_value(ptr):NULL;
                if (!sniname &&
                                (0 == Curl_inet_pton(AF_INET,
conn->host.name, &addr)) #ifdef ENABLE_IPV6
                                && (0 == Curl_inet_pton(AF_INET6,
conn->host.name, &addr)) #endif
                ) {
                        sniname=conn->host.name;
                }
        }

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2010-08-10