SNI disable by default on 1.0 and 1.1.0?
aeris
aeris+openssl at imirhil.fr
Tue Dec 3 08:27:47 UTC 2019
> I think your tests are just finding the changes from
> https://github.com/openssl/openssl/pull/2614 but other applications using
> libssl still need to use the SSL_set_tlsext_host_name() API in order to
> send the SNI extension.
OK got it.
I have trouble with certificate verification on software using libssl 1.0.2 and
not 1.1.1. And when debugging, I spot the difference of behaviour with openssl
client which also generate _the same_ verification error. This confuse me…
Network debugging the flow show SNI in both case with libssl.
In fact my real problem was because OPENSSLDIR are not the same, and 1.0.2
have no CA but 1.1.1 have one…
Regards,
--
aeris
Individual crypto-terrorist group self-radicalized on the digital darknet
https://imirhil.fr/
Protect your privacy, encrypt your communications
GPG : EFB74277 ECE4E222
OTR : 5769616D 2D3DAC72
https://café-vie-privée.fr/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20191203/dd9af423/attachment.sig>
More information about the openssl-users
mailing list