httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaspar Brand <httpd-dev.2...@velox.ch>
Subject Re: Strange error(parse tlsext bug) in mod_ssl since httpd-2.2.12
Date Sun, 25 Oct 2009 16:24:22 GMT
Joe Orton wrote:
>> the OpenSSL client (SNI extensions should never contain literal IPv4
>> addresses).
> 
> Good point - I've changed neon for future releases to only enable SNI if 
> the hostname is not a numeric IP address.

This logic should go into OpenSSL, I think... I know that this is
httpd-dev (not openssl-dev), but since Steve is listening anyway:
something like the attached patch? For the client side (i.e. in
ssl3_ctrl()), depending on how schoolmasterish OpenSSL should be towards
its users, the check could also be moved further down / be rejected with
INVALID_SERVERNAME.

Kaspar

Mime
View raw message