#3923: mutt may need to support TLS's Server Name Indiciation (SNI) for some
servers, RFC 6066
-------------------------+----------------------
Reporter: m-a | Owner: mutt-dev
Type: enhancement | Status: new
Priority: minor | Milestone:
Component: crypto | Version:
Keywords: |
-------------------------+----------------------
Greetings,
while experimenting with fetchmail's SSL code and testing it with newer
TLS protocols against some servers, it appeared as though googlemail
required the client to use the TLS Server Name Indication (SNI) extension
in some circumstances. I propose to set the expected host name so that
the server side can select and present the right certificates. The OpenSSL
API exposes SSL_set_tlsext_host_name() for this purpose, I don't know
about GnuTLS.
Normative reference: https://tools.ietf.org/html/rfc6066#page-6
(predecessors RFC 4366, 3546.)
Example code:
* fetchmail (OpenSSL-based):
https://gitlab.com/fetchmail/fetchmail/commit/9b8b634312f169fab872f3580c2febe5af031615
(Don't let the array name of _ssl_context[] mislead you, it's an SSL, not
an SSL_CTX.
* OpenSSL's s_client source code as of 1.0.0 or later (-servername
command line option).
--
Ticket URL: <https://dev.mutt.org/trac/ticket/3923>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
