Re: SNI (SSL virtual hosts)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

valid point, but from what you can find on the web, the only solution provided everywhere was to
disable certificate checking… so maybe that's not me, but this is first time someone spent
some time to check whats going on :)

at least there will be something, maybe this will help someone…

thanks Daniel!


best!
Janusz








On Tuesday, 4 June 2013 at 23:18, Daniel Stenberg wrote:

> On Tue, 4 Jun 2013, Janusz Harkot wrote:
>  
> > > What makes you suggest that's what's happening? Sure, if it would've sent no
> > > or the wrong host name it would probably have that effect.
> >  
> >  
> >  
> > line:
> >  
> > [36] * Re-using existing connection! (#0) with host (nil)
>  
> Ah that. Yes, that's a stupid line to show (that bug has been fixed since).  
> But if you look further down your log you see that the connection which is  
> re-used according to that log line gets closed anyway.
>  
> > it looks like it is working
>  
> Awesome!
>  
> > So, the question is still why it is not working with openssl 0.9.8r - this  
> > version supports SNI by default. This looks like an error in openssl (maybe:  
> > Only allow one SGC handshake restart for SSL/TLS.)
>  
>  
>  
> Right. As you can see in the libcurl code it activates SNI for OpenSSL the  
> exact same way independently of what version that's used.
>  
> > Now is the question, shall this be handled by curl or left alone? (handling  
> > older version of openssl, and force new ssl session?)
>  
>  
>  
> I'm not even completely convinced this is "just" an old-OpenSSL-problem. If  
> that version you're using is the one Apple has provided, there's the risk that  
> the problem is rather caused by their changes!
>  
> I'm reluctant to globally switch off session-id caching for OpenSSL 0.9.8  
> users since that feature has been used for over 8 years in the code and you're  
> the first to have a problem with it! =-/
>  
> --  
>  
> / daniel.haxx.se (http://daniel.haxx.se)
> --
> To unsubscribe from this list: send the line "unsubscribe git" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx (mailto:majordomo@xxxxxxxxxxxxxxx)
> More majordomo info at http://vger.kernel.org/majordomo-info.html



--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]