Re: SNI disable by default on 1.0 and 1.1.0?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> I think your tests are just finding the changes from
> https://github.com/openssl/openssl/pull/2614 but other applications using
> libssl still need to use the SSL_set_tlsext_host_name() API in order to
> send the SNI extension.

OK got it.

I have trouble with certificate verification on software using libssl 1.0.2 and 
not 1.1.1. And when debugging, I spot the difference of behaviour with openssl 
client which also generate _the same_ verification error. This confuse me…
Network debugging the flow show SNI in both case with libssl.

In fact my real problem was because OPENSSLDIR are not the same, and 1.0.2 
have no CA but 1.1.1 have one…

Regards,
-- 
aeris
Individual crypto-terrorist group self-radicalized on the digital darknet
https://imirhil.fr/

Protect your privacy, encrypt your communications
GPG : EFB74277 ECE4E222
OTR : 5769616D 2D3DAC72
https://café-vie-privée.fr/

Attachment: signature.asc
Description: This is a digitally signed message part.


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux