cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Patch: OpenSSL Server Name Indication value should match custom Host header

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Fri, 5 Nov 2010 13:05:12 +0100 (CET)

On Fri, 5 Nov 2010, Hongli Lai wrote:

>> FYI: I'll be reverting the SNI/cert check changes for Host: that I pushed
>> yesterday as they were premature.
>
> What about my SNI change, should that be kept? If so should I proceed with
> patching the GnuTLS portion?

I removed that as well. If we instead do the changes in the name resolving
layer we get the SNI stuff "for free" and you won't need to do any particular
GnuTLS specific changes either.

We "just" pre-populate the DNS cache with the given host names, and when they
are used then both SNI and cert names checks will work as-is.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2010-11-05

This message: [ Message body ]
Next message: Michael Wood: "Re: Patch: OpenSSL Server Name Indication value should match custom Host header"
Previous message: Peter Sylvester: "Re: Patch: OpenSSL Server Name Indication value should match custom Host header"
In reply to: Hongli Lai: "Re: Patch: OpenSSL Server Name Indication value should match custom Host header"
Next in thread: Daniel Stenberg: "Re: Patch: OpenSSL Server Name Indication value should match custom Host header"
Reply: Daniel Stenberg: "Re: Patch: OpenSSL Server Name Indication value should match custom Host header"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]