cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Patch: OpenSSL Server Name Indication value should match custom Host header

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Thu, 4 Nov 2010 14:47:13 +0100 (CET)

On Thu, 4 Nov 2010, Hongli Lai wrote:

> My patch only deals with OpenSSL. I'll work on GnuTLS support next.

Great!

> There's also an issue with SSL host name verification. Right now it doesn't
> work either with custom Host headers. I tried to fix this in ssluse.c
> verifyhost() but for some reason it wouldn't work correctly: curl
> https://ip-address-of-github -H "Host: github.com" fails with the message
> that github.com doesn't match the "*.github.com" value in the certificate.
>
> It doesn't really matter to me because neither of my use cases really care
> about host name verification but I thought you might want to comment on
> this.

Oh right.

In fact, we should probably extract the custom host name from Host: at a
slightly more central point so that we can re-use it easier for this OpenSSL
check, the GnuTLS check and for cerificate checks...

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2010-11-04

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: Patch: OpenSSL Server Name Indication value should match custom Host header"
Previous message: Hongli Lai: "Re: Patch: OpenSSL Server Name Indication value should match custom Host header"
In reply to: Hongli Lai: "Re: Patch: OpenSSL Server Name Indication value should match custom Host header"
Next in thread: Daniel Stenberg: "Re: Patch: OpenSSL Server Name Indication value should match custom Host header"
Reply: Daniel Stenberg: "Re: Patch: OpenSSL Server Name Indication value should match custom Host header"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]