Hi Daniel, > Are you possibly using a libcurl before 7.36.0 built to use OpenSSL ?
I am using version 7.36.0 from Debian testing/unstable. > Patch 965690f67e190 from March 3 was a fix for exactly that kind of trailing > dots. This patch seems to address situations for comparisons. However the problem I am encountering is probably a lack of normalization before sending a host name to a server (specifically the HostName field of SNI). If I am reading the RFC correctly the client has to normalize (e.g. eliminate the trailing dot) before sending this data to the server. However as many clients do not do this (also Firefox as of version 24.4) it might also be reasonable to be more liberal at the server side (while ignoring the RFC). So in recap I do believe the mentioned patch is correct but only half the story. Since in SNI the client is telling the server what HostName it would like to talk to, this must be normalized already. Later on when the server replies with the certificate the comparison function needs to handle it (which the patch seems to do). Best regards, Leon ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
