> I think your tests are just finding the changes from
> https://github.com/openssl/openssl/pull/2614 but other applications using
> libssl still need to use the SSL_set_tlsext_host_name() API in order to
> send the SNI extension.
OK got it.
I have trouble with certificate verification on
On Mon, Dec 02, 2019 at 10:39:26PM +, Michael Wojcik wrote:
> > SNI is not "disabled" in any of these versions, it is not just turned on
> > by default in the s_client command-line utility (a testing tool). The
> > OpenSSL library does not by default turn on SNI in any of these
> > releases.
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
> Viktor Dukhovni
> Sent: Monday, December 02, 2019 13:48
> To: openssl-users@openssl.org
> Subject: Re: SNI disable by default on 1.0 and 1.1.0?
>
> SNI is not "disabled" in any of these versions, it is not just turned
On Mon, Dec 02, 2019 at 09:05:33PM +0100, aeris wrote:
> Hello here,
>
> I try to compile 1.0.2t and 1.1.0l, but I notice SNI seems disabled by
> default, when it's enabled by default on 1.1.1d…
Please specify whether you are concerned about the s_client behavior
specifically
or the libssl
On Mon, Dec 02, 2019 at 09:05:33PM +0100, aeris wrote:
> I try to compile 1.0.2t and 1.1.0l, but I notice SNI seems disabled by
> default, when it's enabled by default on 1.1.1d…
SNI is not "disabled" in any of these versions, it is not just turned on
by default in the s_client command-line
Hello here,
I try to compile 1.0.2t and 1.1.0l, but I notice SNI seems disabled by
default, when it's enabled by default on 1.1.1d…
openssl-1.0.2t
$ ./config enable-tlsext && make
$ echo -n "" | ./apps/openssl s_client -connect blog.imirhil.fr:443 | ./apps/
openssl x509 -noout -subject