On Thu, Nov 4, 2010 at 1:47 PM, Daniel Stenberg <daniel_at_haxx.se> wrote:
> Peter Sylvester pointed out[1] previously about the hostname in SNI:
>
>     "HostName" contains the fully qualified DNS hostname of the server
>     Literal IPv4 and IPv6 addresses are not permitted in "HostName".
>
> The existing Curl_inet_pton() checks in the code makes sure of that, but not
> after this patch.
>
> The Curl_inet_pton() checks against conn->host.name in the code needs to be
> modified accordingly in your patch to check the 'hostname' variable instead.
>
> Don't you agree?

I'm not sure I understand what you mean. From the relevant code:

  if ((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&
#ifdef ENABLE_IPV6
      (0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) &&
#endif
      sni &&
      !SSL_set_tlsext_host_name(connssl->handle, hostname))

The Curl_inet_pton checks are always executed no matter what I pass to
SSL_set_tlsext_host_name.

Or do you mean that the Curl_inet_pton calls should check the custom
host name instead of the connection host name? If so here's an updated
patch.

-- 
Phusion | The Computer Science Company
Web: http://www.phusion.nl/
E-mail: info_at_phusion.nl
Chamber of commerce no: 08173483 (The Netherlands)

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html