On Wed, 26 Nov 2003, Sam Varshavchik wrote:
Jon Nelson writes:
>> > >> > Well, 'localhost', for one, won't ever work properly. >> >> And the consequences of that areÃÂÃÂÃÂ? > > It's not just localhost but anything and everything in /etc/hosts that > is not otherwise reflected by DNS.
Again: and the consequences of that are?
You still haven't explained what the problem is, here.
The only impact of couriertls not consulting the hosts file is that the TCPREMOTEHOST and TCPLOCALHOST environment variables will not be set. Now, what exactly is the problem that's caused by that, in your case?
I thought that was the job of couriertcpd?
Ok, I misread what you wrote.
The problem is that a useful program, couriertls, and by useful I mean useful to a user to construct (de)-SSL/TLSify I/O streams, doesn't behave like one would expect it to. Beyond that, how many people here have expected a certain kind of behavior out of courier by altering the /etc/hosts file only to eventually learn that it is not (ever) consulted? How many people here have struggled only to learn that
Yes, I can see how couriertls might be useful in that context. Initially, I added the client options to couriertls purely for my own convenience, when I needed to debug SSL/TLS grok-age from a server.
And, I made a mistake of documenting those options.
That'll teach me a lesson: next time I do something useful, I'm not going to document it :-)
What's so hard about consulting /etc/hosts? It's expected behavior.
There's still the IPv6 issue. The traditional resolver API does not support IPv6.
There is a newer API that supports IPv6, defined by RFC 2553; but I don't know how widely it is implemented in various systems; or whether it checks the host files (it should, but I had no reason to bother to check). Linux had it since the 2.4 kernel series (and, BTW, I wrote the Linux man pages); however I don't think it's in Debian stable, which is still at 2.2. I don't know which of the BSDs have implemented it either. It's an unknown factor.
It wouldn't be too difficult to have couriertls use this, but I don't know how many systems will break.
pgp00000.pgp
Description: PGP signature
