On Tue, 4 Jun 2013, Janusz Harkot wrote:

Which libcurl version and SSL backend is this? (curl -V usually tells)
$ curl -V
curl 7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5


From what I can tell, that OpenSSL version supports SNI fine and libcurl has
supported it since 7.18.1.

here is a log (with GIT_CURL_VERBOSE=1)

https://gist.github.com/anonymous/8f6533a755ae5c710c75

Initial connection is correct (line 10 - shows that it reads correct certificate), but then subsequent call to the server (line 68) shows that the defat server certificate is used.

It looks like the second call was without hostname (?).

What makes you suggest that's what's happening? Sure, if it would've sent no or the wrong host name it would probably have that effect.

Any chance you can snoop on the network and the SSL handshake to see who's to blame? I can't but to think that is is a very common use case!

--

 / daniel.haxx.se
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to