Why construct so wierd certificate chain for one web site

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 29/12/14 10:00, Jerry OELoo wrote:
> Thanks Jeffrey & Matt
> 
> Now I have a more question, I do not want to make code use tlsv1
> method and SSL_set_tlsext_host_name to query all website, I just want
> to when encounter this issue, then I will construct tlsv1 and set sni
> name to query certificate, So how can I get this kind of information,
> or what is correct coding process when support sni and non-sni
> webiste. Thanks!

You do not need to use tlsv1 method to be able to call
SSL_set_tlsext_host_name - you can use SSLv23_method and it should work
fine.

The SNI hostname is sent as part of the initial ClientHello, i.e. before
you've done anything with the server - so you have limited options to
avoid it. I don't understand why you would want to.

Matt



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux