[openssl-users] Why construct so wierd certificate chain for one web site
Matt Caswell
matt at openssl.org
Tue Dec 30 23:35:32 UTC 2014
On 29/12/14 10:00, Jerry OELoo wrote:
> Thanks Jeffrey & Matt
>
> Now I have a more question, I do not want to make code use tlsv1
> method and SSL_set_tlsext_host_name to query all website, I just want
> to when encounter this issue, then I will construct tlsv1 and set sni
> name to query certificate, So how can I get this kind of information,
> or what is correct coding process when support sni and non-sni
> webiste. Thanks!
You do not need to use tlsv1 method to be able to call
SSL_set_tlsext_host_name - you can use SSLv23_method and it should work
fine.
The SNI hostname is sent as part of the initial ClientHello, i.e. before
you've done anything with the server - so you have limited options to
avoid it. I don't understand why you would want to.
Matt
More information about the openssl-users
mailing list