curl / Mailing Lists / curl-library / Single Mail

Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Host mismatch SNI?

From: Felipe Gasper via curl-library <curl-library_at_cool.haxx.se>
Date: Fri, 8 May 2020 17:59:58 -0400

> On May 8, 2020, at 5:14 PM, Daniel Stenberg <daniel_at_haxx.se> wrote:
>
> On Fri, 8 May 2020, Felipe Gasper via curl-library wrote:
>
>> Also, if anyone knows: what are the “perils” of making such a request? Does Apache or nginx reject such requests?
>
> I don't know how the servers behave. I *think* they pretty much need to reject requests where the SNI and Host: names mismatch so that you can't request pages from another host name that potentially uses a different certificate etc. But this is mostly a guess on my part.

Thank you, Jeffrey and Daniel!

Apache appears to reject mismatched SNI/Host queries. I’m told that nginx allows them.

I’d like to find a way to configure this--ideally per vhost--but that’s off-topic for this list.

cheers,
-Felipe Gasper
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-05-09

This message: [ Message body ]
Next message: Leo Song via curl-library: ""Connection is still name resolving, can't reuse" error"
Previous message: Daniel Stenberg via curl-library: "Re: Host mismatch SNI?"
In reply to: Daniel Stenberg via curl-library: "Re: Host mismatch SNI?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]