Closed ThomasWaldmann closed 10 years ago
ThomasWaldmann
commented
10 years ago also, the OpenSSL compatibility layer within gnutls seems to miss the SSL_set_tlsext_host_name function - otherwise the fix in https://github.com/troglobit/inadyn/pull/64 would have been easier...
troglobit
commented
10 years ago Yes I know, the compat layer has its limitations. It was a quick fix for me to use it to get GnuTLS support -- I'd prefer a native GnuTLS implementation ...
troglobit
commented
10 years ago Fixed in f5d65e1, you are more than welcome to double check that it works for both OpenSSL and GnuTLS now. This is likely the last change that goes into 1.99.11 before handing over to Debian.
ThomasWaldmann
commented
10 years ago did some tests of current master branch: openssl: SNI works, correct cert details logged gnutls: SNI seems to work (gets through to right server), but wrong cert details logged
ThomasWaldmann
commented
10 years ago please see https://github.com/troglobit/inadyn/pull/66 and close after merging.
troglobit
commented
10 years ago Merged! :)
it does not submit the servername, so it might talk to some "default" server on same IP (that may also have a different certificate). i noticed it when it didn't log the correct server name after my last fix. somehow it works though, so it seems to get wrong certs, but correct server... (no idea how that can be).
i am working on a fix, at least for openssl (for gnutls there seem to be linktime issues with my current work):
/usr/bin/ld: src/ssl.o: undefined reference to symbol 'gnutls_server_name_set@@GNUTLS_1_4' //usr/lib/x86_64-linux-gnu/libgnutls.so.26: error adding symbols: DSO missing from command line