exception when no server_name is sent #26
Comments
|
Chrome, however, does send a server_name extension when you browse to an IP address. This still fails as openssl is using "localhost" as the server name and chrome sends the ip address you are browsing to. |
|
I did a bunch of playing around with this and the core problem seems to be here. in SslStreamServer.cs It doesn't verify that there is any server name. Given that the spec says to not send an IP address as the server name it would make sense to deal with the case of no SNI in the request. My thought was to do something like. if (servername !null or !ipaddress) { the problem was, I couldn't figure out how to get the actual server name from the ssl stream. I found this in SNI.cs I tried using that but for some reason the SSL handle isn't correct when in this method. I will admit, all this callback stuff is way beyond me. I tried for a while trying to see if I could piece it out with no luck. Bottom line, if there is some way to get the server name from the SSLstream object it would help a lot but I couldn't figure out how to do it. |
I am setting up a SSL server using this wrapper calling AuthenticateAsServer(cert). Using Firefox 41 I attempt to access the server using ip address. With firefox, if you try to connect using an IP address the server_name extension is not set. When I attempt I get a "server names do not match" exception. It looks like it is setting up the SNI extension attempting to match, seeing that the secure_name extension is not present and failing. Perhaps if the server_name extension is not present it should ignore it?
The text was updated successfully, but these errors were encountered: