You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Dec 15, 2022. It is now read-only.
I am setting up a SSL server using this wrapper calling AuthenticateAsServer(cert). Using Firefox 41 I attempt to access the server using ip address. With firefox, if you try to connect using an IP address the server_name extension is not set. When I attempt I get a "server names do not match" exception. It looks like it is setting up the SNI extension attempting to match, seeing that the secure_name extension is not present and failing. Perhaps if the server_name extension is not present it should ignore it?
The text was updated successfully, but these errors were encountered:
Chrome, however, does send a server_name extension when you browse to an IP address. This still fails as openssl is using "localhost" as the server name and chrome sends the ip address you are browsing to.
It doesn't verify that there is any server name. Given that the spec says to not send an IP address as the server name it would make sense to deal with the case of no SNI in the request.
My thought was to do something like.
if (servername !null or !ipaddress) {
sniCb = sniExt.ServerSniCb;
sniExt.AttachSniExtensionServer(ssl.Handle, sslContext.Handle, sniCb);
}
the problem was, I couldn't figure out how to get the actual server name from the ssl stream. I found this in SNI.cs
var extServerNamePtr = Native.SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
var extServerName = Marshal.PtrToStringAnsi(extServerNamePtr);
I tried using that but for some reason the SSL handle isn't correct when in this method. I will admit, all this callback stuff is way beyond me. I tried for a while trying to see if I could piece it out with no luck.
Bottom line, if there is some way to get the server name from the SSLstream object it would help a lot but I couldn't figure out how to do it.
-r
I am setting up a SSL server using this wrapper calling AuthenticateAsServer(cert). Using Firefox 41 I attempt to access the server using ip address. With firefox, if you try to connect using an IP address the server_name extension is not set. When I attempt I get a "server names do not match" exception. It looks like it is setting up the SNI extension attempting to match, seeing that the secure_name extension is not present and failing. Perhaps if the server_name extension is not present it should ignore it?
The text was updated successfully, but these errors were encountered: