Modify

#982 closed defect (fixed)

Allow GnuTLS (and others?) to use SNI

Reported by: wilmer Owned by: wilmer
Priority: normal Milestone:
Component: BitlBee Version: 3.0.5
Keywords: Cc:
IRC client+version: Client-independent Operating System: Public server
OS version/distro:

Description

Instead of getting monstrous SSL certs from some SSL hosts, BitlBee should tell the SSL lib which hostname it's connecting to so SNI can be used if the server supports it. I'm pretty sure that this will make OAuth for GTalk work better, possibly other things as well.

My guess is that this is what I need: http://www.gnu.org/software/gnutls/reference/gnutls-gnutls.html#gnutls-server-name-set

Attachments (0)

Change History (2)

comment:1 Changed at 2012-08-19T15:21:21Z by wilmer

http://stackoverflow.com/questions/5113333/how-to-implement-server-name-indicationsni-on-openssl-in-c-or-c-are-there-a shows how to do this with OpenSSL.

Annoyingly my first test with this gets me a larger tcpdump for a session with SNI *enabled* which is not exactly what I expected. I'd investigate more but don't particularly feel like SSL headaches ATM.

comment:2 Changed at 2012-12-24T12:52:20Z by wilmer

Resolution: fixed
Status: newclosed

Modify Ticket

Action
as closed The owner will remain wilmer.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.