cURL / Mailing Lists / curl-library / Single Mail

curl-library

Patch: OpenSSL Server Name Indication value should match custom Host header

From: Hongli Lai <hongli_at_phusion.nl>
Date: Thu, 4 Nov 2010 13:31:27 +0100

I'm using libcurl to send HTTP requests to a specific IP address, but
with a custom host name. I have two use cases that rely on this
behavior:

1. I have a web application that is scaled across multiple servers,
each with its own IP address but all having the same domain name. The
domain name of the web app resolves to multiple IP address. A client
app resolves the domain name, gets the list of all IP addresses, and
sends requests to each server in the web app cluster in a round-robin
manner. The web app does this by sending a request to "https://(ip
address here)/some/uri" while setting the request's Host header to the
domain name.

2. Phusion Passenger is a Ruby application server which integrates
into an existing web server (e.g. Apache). Application processes are
spawned on demand. Some users prefer certain app processes to be
started immediately after the web server starts. This can be achieved
through the PassengerPreStart option: the user sets something like
"PassengerPreStart http://mywebapp.com/", which will cause Phusion
Passenger to send a request to http://127.0.0.1/ with "Host:
mywebapp.com" immediately after the web server is started. This will
cause Phusion Passenger to spawn the app. There are many technical
reasons why Phusion Passenger needs an HTTP request to spawn an app
instead of doing it directly, but for brevity's and relevance's sake
I've omitted the details.

libcurl currently sets the TLS Server Name Indication value to the
URL's host name. This makes it impossible to use Server Name
Indication in the described use cases. The attached patch solves this
problem by setting the Server Name Indication value to that of the
custom Host header, if any.

Any feedback about this patch would be greatly appreciated.

With kind regards,
Hongli Lai

-- 
Phusion | The Computer Science Company
Web: http://www.phusion.nl/
E-mail: info_at_phusion.nl
Chamber of commerce no: 08173483 (The Netherlands)


-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

Received on 2010-11-04