curl-library
Re: Patch: OpenSSL Server Name Indication value should match custom Host header
Date: Fri, 5 Nov 2010 11:46:49 +0100
On Fri, Nov 5, 2010 at 11:15 AM, Daniel Stenberg <daniel_at_haxx.se> wrote:
> I first thought we'd add a CURLOPT_HOSTNAME to feed in the name to use for
> SNI and cert checks, but now I think a CURLOPT_RESOLVE list is much better.
>
> That way, we can allow multiple connects and redirects etc to the names
> given in the CURLOPT_RESOLVE list while everything still appears correct.
> And in impact of the general libcurl code should be rather small since we
> only really need to modify the resolving code and nothing in the SSL or HTTP
> layers.
>
> Yes, I like this.
>
> A question is if we should use CURLOPT_RESOLVE to add/remove one host name
> at a time, or if we should provide a linked list of changes?
I vote for providing a linked list of changes. It is consistent with
the way of setting custom headers.
> FYI: I'll be reverting the SNI/cert check changes for Host: that I pushed
> yesterday as they were premature.
What about my SNI change, should that be kept? If so should I proceed
with patching the GnuTLS portion?
-- Phusion | The Computer Science Company Web: http://www.phusion.nl/ E-mail: info_at_phusion.nl Chamber of commerce no: 08173483 (The Netherlands) ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.htmlReceived on 2010-11-05