Re: [PATCH] possibly dangerous warnigns in lib/nss.c
Date: Thu, 08 Oct 2009 09:20:49 -0400
Kamil Dudka wrote:
> On Thursday 08 of October 2009 00:07:25 Guenter wrote:
>> it enables server-side SSL virtual hosting on one IP with multiple
>> certs; client-side there needs to be support for the handshake the
>> server sends ...
>> we have enabled SSI with Apache 2.2.12, and lighttpd even added already
>> earlier; all major browsers meanwhile support it too, and so we did also
>> add it to curl ...
> Gün, thanks for the explanation! Now I can see the article about "Server Name
> Indication" in the RFC. Do we really need to turn off SSL_V2_COMPATIBLE_HELLO
> to transmit the "ServerNameList"? I haven't had enough time to look to the
> nss' code. But I wonder how this is done in Firefox which uses nss and works
> just fine.
> You can try it youself with the following URLs:
> https://tcs.mysap.com/invoke/tc/getCert?SAPServerCA.der (NSS error -12229)
> https://www.orange.sk/ (NSS error -12226)
I think we'll have to ask the NSS developers. I've got an e-mail to some
- application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature