Hi! The attached patch fixes the tlsproxy example to enable SNI. This explains _part_ of the problem I was seeing with certificate verification, the remaining question is why curl sometimes doesn't do it as it should, but that's not a GnuTLS issue.
Happy hacking! Christian
From 91036d8be3b071c51f22da755bc25aa97d7c133f Mon Sep 17 00:00:00 2001 From: Christian Grothoff <[email protected]> Date: Wed, 13 Jun 2018 18:39:29 +0200 Subject: [PATCH] support SNI in tlsproxy --- crypto-gnutls.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crypto-gnutls.c b/crypto-gnutls.c index d885250..9519b59 100644 --- a/crypto-gnutls.c +++ b/crypto-gnutls.c @@ -293,6 +293,9 @@ tlssession_new (int isserver, } gnutls_session_set_ptr (s->session, (void *) s); + if (s->hostname && *s->hostname) + gnutls_server_name_set (s->session, GNUTLS_NAME_DNS, s->hostname, + strlen (s->hostname)); ret = gnutls_set_default_priority (s->session); if (ret < 0) -- 2.17.1
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
