[jira] [Commented] (THRIFT-3892) Thrift uses TLS SNI extension provided by OpenSSL library. Older version of OpenSSL(< 0.9.8f) may create problem because they do not support 'SSL_set_tlsext_host_name()'.

Wed, 03 Aug 2016 09:48:36 -0700 

    [ 
https://issues.apache.org/jira/browse/THRIFT-3892?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15406195#comment-15406195
 ] 

ASF GitHub Bot commented on THRIFT-3892:
----------------------------------------

Github user udit043 commented on a diff in the pull request:

    https://github.com/apache/thrift/pull/1057#discussion_r73373066
  
    --- Diff: lib/cpp/src/thrift/transport/TSSLSocket.cpp ---
    @@ -471,8 +471,10 @@ void TSSLSocket::checkHandshake() {
           }
         } while (rc == 2);
       } else {
    -    // set the SNI hostname
    -    SSL_set_tlsext_host_name(ssl_, getHost().c_str());
    +    /* OpenSSL < 0.9.8f does not have SSL_set_tlsext_host_name() */
    +    #if defined(SSL_set_tlsext_host_name) // set the SNI hostname
    --- End diff --
    
    I have created a issue regarding this: 
https://issues.apache.org/jira/browse/THRIFT-3892
    No, there is not any alternative for older version. There are very less 
possibilities of someone using very old OpenSSL library. This issue is 
negligible, it is just for improving the project.


> Thrift uses TLS SNI extension provided by OpenSSL library. Older version of 
> OpenSSL(< 0.9.8f) may create problem because they do not support 
> 'SSL_set_tlsext_host_name()'.
> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: THRIFT-3892
>                 URL: https://issues.apache.org/jira/browse/THRIFT-3892
>             Project: Thrift
>          Issue Type: Improvement
>          Components: C++ - Compiler
>            Reporter: Udit Raikwar
>            Priority: Trivial
>              Labels: newbie
>
> Thrift uses TLS SNI extension during SSL handshake provided by OpenSSL 
> library. Older version of OpenSSL(< 0.9.8f) may create problem because they 
> do not support 'SSL_set_tlsext_host_name()'.
> I have created a pull request regarding this issue[1], this issue is although 
> negligible because all newer version of OpenSSL supports TLS SNI extension 
> but checking if TLS SNI extension is supported in user's OpenSSL version is 
> not bad.
> [1]=https://github.com/apache/thrift/pull/1057



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to