cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: RFE: SNI and HTTP Host Header

From: Peter Sylvester <peter.sylvester_at_edelweb.fr>
Date: Sun, 11 Nov 2012 13:38:11 +0100

On 11/11/2012 11:01 AM, Oscar Koeroo wrote:
> On 10-11-12 20:45, Kristian Fiskerstrand wrote:
>> My crawler use curl as the basis for the requests, and as I connect
>> using the hostname found in server-discovery, whereby I need it to be
>> valid for the purpose of a DNS Round Robin, it use the HTTP Host:
>> header matching the keyserver pool. The issue with vanilla curl, is
>> however, that there is no way to manually set the SNI hostname to use,
>> and it will default to the hostname of the request.
> Would a separate option not be more useful for explicit testing the SNI on
> a service which can state the hostname to be pushed via the TLS handshake?
With a URL of https://host.example.com there are normally (at least)
two external things that happen:

- a resolver lookup to fin an address to connect

- what you send as Host: and SNI

I think if one wants to interfere, one should not correct the symptoms but
change something at the origin.

- one can use another local resolver.

- a callback to change the URL immediately after
connection establishment. With openssl it should be possible to use
the ssl ctx call back. there is an example (curlx.c) that changes the
url during certificate validation. This is too late for SNI, but
the ctx callback could directly do it, i.e before sending the client hello.
(I have verified it.), i.e. one should just use set a new URL in that
callback.

>
>
>> As such I have created a (very) crude patch that will use the Host
>> header presented instead. Based on a patch I found in the curl mailing
>> list archives[0, 1] and rebased it to the current 7.2x version (lastly
>> applied to 7.28).
> I had the impression the conn->host.name was used to set the "Host:"
> header. And in the patch I read that the "Host:" is dug up and set as the
> to-be-used SNI value where first the conn->host.name was used.
>
> Could you tell or point me how this interaction works? I'm confused
> because I thought it was the same string :-)
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-library
> Etiquette: http://curl.haxx.se/mail/etiquette.html

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-11-11

This message: [ Message body ]
Next message: Kristian Fiskerstrand: "Re: RFE: SNI and HTTP Host Header [RESOLVED]"
Previous message: Kristian Fiskerstrand: "Re: RFE: SNI and HTTP Host Header"
In reply to: Oscar Koeroo: "Re: RFE: SNI and HTTP Host Header"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]