httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Sylvester <>
Subject Re: Strange error(parse tlsext bug) in mod_ssl since httpd-2.2.12
Date Sun, 25 Oct 2009 21:15:12 GMT
Kaspar Brand wrote:
> Joe Orton wrote:
>>> the OpenSSL client (SNI extensions should never contain literal IPv4
>>> addresses).
>> Good point - I've changed neon for future releases to only enable SNI if 
>> the hostname is not a numeric IP address.
> This logic should go into OpenSSL, I think...
Making openssl "intelligent" like "you have requested some value that
I  don't think is  a valid  hostname, so I will ignore you sni request"
is not exactly a nice thing. You must reject everything that is not
a DNS hostname. Looks ugly.

If you have just a "raw" IP address an application may probably
already know this case.

View raw message