-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Return SNI in localid for virtual hosting support #126
Comments
There are two callback commands that present the name and that process a returned file descriptor as to-be
The two are so very similar that they are implemented with the same For Cases where a server would be willing to accept anything are rare, because a certificate is always required. When combined with Having said that, the callback behaves differently for this command. When checking the |
Also test and assure that only an SNI that matches a |
The Apache module requires SNI to learn who is calling. It sets
tlsdata.localid=""
and should be sent back the SNI value intlsdata.localid
whentlspool_starttls()
returns successfully. This does not happen yet,localid==""
on return.The callback request flag
PIOF_STARTTLS_LOCALID_CHECK
should always be used in this use case. Without it, a server would be serving any SNI value (inasfar as it holds a certificate) and that is certainly not a good default -- as it would assume that all certificates inlocalid.db
are meant for that one server. It should however always be assumed that other programs may also be using the same TLS Pool, and soPIOF_STARTTLS_LOCALID_CHECK
is a requirement whentlsdata.localid==""
is used.The library can be adapted to return an error when
PIOF_STARTTLS_LOCALID_CHECK
is not set whenlocalid==""
upon callingtlspool_starttls()
, or it may set the flag.The text was updated successfully, but these errors were encountered: