cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Patch: OpenSSL Server Name Indication value should match custom Host header

From: Hongli Lai <hongli_at_phusion.nl>
Date: Thu, 4 Nov 2010 23:35:04 +0100

On Thu, Nov 4, 2010 at 11:19 PM, Peter Sylvester
<peter.sylvester_at_edelweb.fr> wrote:
> hello,
>
> soory for the top post, but I am not directly
> replying to any particular message.
>
> I am not really convinced that the approach using a
> Host header to derive the sni is a good way.
>
> IMO a Host header is something that should be derived
> from the URL host part, as well as a SNI, and not
> in the other way around.
>
> If one wants to connect to a particular IP address
> in order to go to  https://some.domain/ then the
> problem could be regarded as a "proxy issue",
> instead of a proxy that uses CONNECT, one could
> invent a direct/immediate proxy type.
> So instead of resolving the DNS for a direct connection,
> one would use connect to this "proxy".

That would require me to setup a proxy server, and for what gain? Just
to make an HTTP library do what I want?
Furthermore, requiring a proxy like this prevents me from solving use case 2.

> Another way of looking would be to "resolve" the host
> part in a different way, i.e. not passing thru a dns lookup.
> like by changing a local /etc/hosts.

That would require the user of my app to change his system
configuration, which I consider an unnecessary step that the user
shouldn't have to bother with. Furthermore, this proposal would solve
neither use case 1 nor use case 2.

-- 
Phusion | The Computer Science Company
Web: http://www.phusion.nl/
E-mail: info_at_phusion.nl
Chamber of commerce no: 08173483 (The Netherlands)
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2010-11-04