Modify ↓
Opened at 2012-07-26T12:11:32Z
Closed at 2012-12-24T12:52:20Z
#982 closed defect (fixed)
Allow GnuTLS (and others?) to use SNI
| Reported by: | wilmer | Owned by: | wilmer |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | BitlBee | Version: | 3.0.5 |
| Keywords: | Cc: | ||
| IRC client+version: | Client-independent | Operating System: | Public server |
| OS version/distro: |
Description
Instead of getting monstrous SSL certs from some SSL hosts, BitlBee should tell the SSL lib which hostname it's connecting to so SNI can be used if the server supports it. I'm pretty sure that this will make OAuth for GTalk work better, possibly other things as well.
My guess is that this is what I need: http://www.gnu.org/software/gnutls/reference/gnutls-gnutls.html#gnutls-server-name-set
Attachments (0)
Change History (2)
comment:1 Changed at 2012-08-19T15:21:21Z by
comment:2 Changed at 2012-12-24T12:52:20Z by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Note: See
TracTickets for help on using
tickets.
http://stackoverflow.com/questions/5113333/how-to-implement-server-name-indicationsni-on-openssl-in-c-or-c-are-there-a shows how to do this with OpenSSL.
Annoyingly my first test with this gets me a larger tcpdump for a session with SNI *enabled* which is not exactly what I expected. I'd investigate more but don't particularly feel like SSL headaches ATM.