Open etan-status opened 2 years ago
Seems to be a bearssl limitation: https://github.com/status-im/BearSSL/blob/acc70b1be60a6f321e2da618cd35d901b1a598a4/src/x509/x509_minimal.t0#L750-L756
The presence of "server_name" is used as a flag of "verify server name", so we can't send the server_name without verifying it
When
TLSFlags.NoVerifyServerName
is specified, intlsstream.nim
, BearSSL is configured withsslClientReset(res.ccontext, "", 0)
. While this disables server name verification, it also disables sending SNI, leading to connection failure when connecting to servers that require SNI extension to be present (e.g., Alchemy).SNI extension should still be sent, even when
NoVerifyServerName
is specified.(empty string seems to have same behaviour as NULL)