cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Patch: OpenSSL Server Name Indication value should match custom Host header

From: Hongli Lai <hongli_at_phusion.nl>
Date: Thu, 4 Nov 2010 14:37:37 +0100

On Thu, Nov 4, 2010 at 2:19 PM, Daniel Stenberg <daniel_at_haxx.se> wrote:
> Yes, that's exactly what I meant. Sorry for expressing myself sloppy. Thanks
> a lot for the update, I've now committed and pushed this fix!

Great, thanks. :)

My patch only deals with OpenSSL. I'll work on GnuTLS support next.

There's also an issue with SSL host name verification. Right now it
doesn't work either with custom Host headers. I tried to fix this in
ssluse.c verifyhost() but for some reason it wouldn't work correctly:
curl https://ip-address-of-github -H "Host: github.com"
fails with the message that github.com doesn't match the
"*.github.com" value in the certificate.

It doesn't really matter to me because neither of my use cases really
care about host name verification but I thought you might want to
comment on this.

-- 
Phusion | The Computer Science Company
Web: http://www.phusion.nl/
E-mail: info_at_phusion.nl
Chamber of commerce no: 08173483 (The Netherlands)
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2010-11-04