> This feature is called CURLOPT_HTTPHEADER in libcurl lingo, and when
> you set a custom Host: like this libcurl automatically works with that
> host when it does cookie magic.
>
> We could (or should?) perhaps do the same when a custom Host: is used
> and an SNI name is passed on, as then (lib)curl would still do the
> proper SNI even when trying out a local https:// site like above.
Agree. And by the way I think that this might be the right thing to do
anyway, even without my strange context.
The only restriction I see is that HTTP header is only relevant for HTTP
service while TLS SNI could in theory apply to non HTTP also. However, in
real life, I'm not aware of any TLS server really using SNI apart from HTTPS
servers.
I looked for a way to implement your idea.
Main issue is that today cookiehost if filled only after the TLS session is
built. I did a quick test looking in the header directly and it worked
perfectly (see sample code below). However it looks like we do the job of
looking in the header twice, so maybe you would do it a different way ?
Matthieu
___________
if (sni) {
const char* ptr = Curl_checkheaders(data, "Host:");
sniname = ptr?Curl_copy_header_value(ptr):NULL;
if (!sniname &&
(0 == Curl_inet_pton(AF_INET,
conn->host.name, &addr)) #ifdef ENABLE_IPV6
&& (0 == Curl_inet_pton(AF_INET6,
conn->host.name, &addr)) #endif
) {
sniname=conn->host.name;
}
}
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Daniel Stenberg
Sent: Tuesday, August 10, 2010 12:40 AM
To: libcurl development
Subject: RE: Manual setting of TLS Server Name Indication
On Mon, 9 Aug 2010, Matthieu Speder wrote:
> I'm not sure to understand your idea with the custom Host header : for me
> the server will only get this within the HTTP header, so after the TLS
> transaction took place and it is then too late to modify the handshake to
> request client cert. But maybe I missed something.
I meant like how you pass on a custom Host: header to work with named-based
virtual hosts when you don't have their names in the DNS. Like for example
if
you work on your site www.example.com locally you can still try it with curl
like:
$ curl -H "Host: www.example.com" http://127.0.0.1/
This feature is called CURLOPT_HTTPHEADER in libcurl lingo, and when you set
a
custom Host: like this libcurl automatically works with that host when it
does
cookie magic.
We could (or should?) perhaps do the same when a custom Host: is used and an
SNI name is passed on, as then (lib)curl would still do the proper SNI even
when trying out a local https:// site like above.
--
/ daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
