Hi Daniel,

> Are you possibly using a libcurl before 7.36.0 built to use OpenSSL ?

I am using version 7.36.0 from Debian testing/unstable.

> Patch 965690f67e190 from March 3 was a fix for exactly that kind of trailing
> dots.

This patch seems to address situations for comparisons. However the
problem I am encountering is probably a lack of normalization before
sending a host name to a server (specifically the HostName field of
SNI). If I am reading the RFC correctly the client has to normalize
(e.g. eliminate the trailing dot) before sending this data to the
server.
However as many clients do not do this (also Firefox as of version 24.4)
it might also be reasonable to be more liberal at the server side (while
ignoring the RFC).
So in recap I do believe the mentioned patch is correct but only half
the story. Since in SNI the client is telling the server what HostName
it would like to talk to, this must be normalized already. Later on when
the server replies with the certificate the comparison function needs to
handle it (which the patch seems to do).

Best regards,
Leon
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-04-22