> I think your tests are just finding the changes from > https://github.com/openssl/openssl/pull/2614 but other applications using > libssl still need to use the SSL_set_tlsext_host_name() API in order to > send the SNI extension. OK got it. I have trouble with certificate verification on software using libssl 1.0.2 and not 1.1.1. And when debugging, I spot the difference of behaviour with openssl client which also generate _the same_ verification error. This confuse me… Network debugging the flow show SNI in both case with libssl. In fact my real problem was because OPENSSLDIR are not the same, and 1.0.2 have no CA but 1.1.1 have one… Regards, -- aeris Individual crypto-terrorist group self-radicalized on the digital darknet https://imirhil.fr/ Protect your privacy, encrypt your communications GPG : EFB74277 ECE4E222 OTR : 5769616D 2D3DAC72 https://café-vie-privée.fr/
Attachment:
signature.asc
Description: This is a digitally signed message part.
