curl-library
Re: Patch: OpenSSL Server Name Indication value should match custom Host header
From: Daniel Stenberg <daniel_at_haxx.se>
Date: Fri, 5 Nov 2010 13:05:12 +0100 (CET)
Date: Fri, 5 Nov 2010 13:05:12 +0100 (CET)
On Fri, 5 Nov 2010, Hongli Lai wrote:
>> FYI: I'll be reverting the SNI/cert check changes for Host: that I pushed
>> yesterday as they were premature.
>
> What about my SNI change, should that be kept? If so should I proceed with
> patching the GnuTLS portion?
I removed that as well. If we instead do the changes in the name resolving
layer we get the SNI stuff "for free" and you won't need to do any particular
GnuTLS specific changes either.
We "just" pre-populate the DNS cache with the given host names, and when they
are used then both SNI and cert names checks will work as-is.
-- / daniel.haxx.se ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.htmlReceived on 2010-11-05