Re: Should SSL_get_servername() depend on SNI callback (no-)ACK?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hiya,

On 22/10/2019 17:09, Yann Ylavic wrote:
> Sorry for the shortcut, by "tlsext_hostname" I meant the name of the
> field in SSL_SESSION_ASN1.
> My observation is that when browsers resume a session, s->hit is set
> but s->session->ext.hostname is NULL, which I interpret as no SNI
> found in the SSL_SESSION (and thus no SNI encoded in the session
> ticket, presumably).
> On the other hand, the SNI is always in ClientHello (though there is
> no way to match it against the session's).

FWIW, I also had to play about a bit with that to get ESNI
working with tickets. I can chase down the bits of code for
that in my fork [1] if it's useful.

Cheers,
S.

[1] https://github.com/sftcd/openssl/

Attachment: 0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux