Open fiddlerwoaroof opened 7 years ago
I should mention that, the cl-async code does work with other SSL sites, such as en.wikipedia.org
It looks to me like this has to do with SNI being setup correctly, I ran across this while trying to debug https://github.com/orthecreedence/carrier/issues/16
I came up with a fix, although it's a hack, if I add the following lines just before https://github.com/orthecreedence/cl-async/blob/master/src/ssl/tcp.lisp#L337 , it works:
(cffi:with-foreign-string (host-f host)
(cl+ssl::ssl-set-tlsext-host-name ssl host-f))
The attached patch adds the necessary definitions to make SNI work (use ssl-set-tlsext-host-name
in place of the cl+ssl function in the previous comment). I haven't added anything to tcp-ssl-connect-new
, because I wasn't sure if it needed a new option or extra checking (e.g. I'm not sure it's ok to set an IP address as an SNI host). Hopefully the patch just saves a little time and manual-reading.
I think this one might be finished too?
This still happens with some websites. While the OP site does work, e.g. https://safebooru.org
(and most other sites that use the same old version of that engine) does not.
I have issues connecting to certain SSL servers using cl-async, the code is here: http://paste.lisp.org/display/343066
Basically, this doesn't work, I don't get any output from the read callback.
However, using cl+ssl directly does work: