On 01/11/2017 05:51 AM, Yann Ylavic wrote:
Could/should we do something about this?
The easier thing would be to strip the SNI to avoid AH02032 with
actual browsers, we won't be less compliant than now.
The hard way seems to be to let the trailing dot in r->hostname (for
redirects/proxypreserve/... to keep it), but then (beyond the compat
issues) we'd have to do something about the SNI with RFC 6066
conforming clients...
I haven't formed a definite opinion on this yet, but see
https://bugzilla.mozilla.org/show_bug.cgi?id=134402
for a similar problem on the client side. I thought some of the RFC
research/history discussed there was interesting.
--Jacob
