curl-library
Re: Patch: OpenSSL Server Name Indication value should match custom Host header
Date: Thu, 04 Nov 2010 23:19:02 +0100
hello,
soory for the top post, but I am not directly
replying to any particular message.
I am not really convinced that the approach using a
Host header to derive the sni is a good way.
IMO a Host header is something that should be derived
from the URL host part, as well as a SNI, and not
in the other way around.
If one wants to connect to a particular IP address
in order to go to https://some.domain/ then the
problem could be regarded as a "proxy issue",
instead of a proxy that uses CONNECT, one could
invent a direct/immediate proxy type.
So instead of resolving the DNS for a direct connection,
one would use connect to this "proxy".
Another way of looking would be to "resolve" the host
part in a different way, i.e. not passing thru a dns lookup.
like by changing a local /etc/hosts.
One could also add something like /etc/hosts into the
config file, etc.
For protocols other than http, a Host header has no
meaning anyway.
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2010-11-04