Sad Clouds wrote:
Hi, is there any sort of documentation on how to use SNI with OpenSSL?
As far as I know, only the source in s_client and s_server.c
It depends on what side you are, and what do you want to test.
As a client, if you want to start a session to a server, and
if you somehow have determined that you use a dns name,
then you just add the servername to an SSL object
before starting the connection.
if (servername != NULL)
{
if (!SSL_set_tlsext_host_name(con,servername))
{
BIO_printf(bio_err,"Unable to set TLS servername extension.\n");
ERR_print_errors(bio_err);
goto end;
}
}
In s_client there is also a callback to detect whether the server
has understood what you send in case you want to act for
whatever reason, for tracing in the case of s_client.
in curl you have for example the following code:
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
if ((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&
#ifdef ENABLE_IPV6
(0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) &&
#endif
sni &&
!SSL_set_tlsext_host_name(connssl->handle, conn->host.name))
infof(data, "WARNING: failed to configure server name indication (SNI) "
"TLS extension\n");
#endif
For example, what functions to use and what steps to take.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
