httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Sylvester <peter.sylves...@edelweb.fr>
Subject Re: Strange error(parse tlsext bug) in mod_ssl since httpd-2.2.12
Date Sun, 25 Oct 2009 21:15:12 GMT
Kaspar Brand wrote:
> Joe Orton wrote:
>   
>>> the OpenSSL client (SNI extensions should never contain literal IPv4
>>> addresses).
>>>       
>> Good point - I've changed neon for future releases to only enable SNI if 
>> the hostname is not a numeric IP address.
>>     
>
> This logic should go into OpenSSL, I think...
Making openssl "intelligent" like "you have requested some value that
I  don't think is  a valid  hostname, so I will ignore you sni request"
is not exactly a nice thing. You must reject everything that is not
a DNS hostname. Looks ugly.

If you have just a "raw" IP address an application may probably
already know this case.

Mime
View raw message