From: Janusz Harkot <janusz.harkot@gmail.com>
To: Daniel Stenberg <daniel@haxx.se>
Cc: git@vger.kernel.org
Subject: Re: SNI (SSL virtual hosts)
Date: Tue, 4 Jun 2013 12:19:54 +0200 [thread overview]
Message-ID: <8B7A2C3A8CC346D6B34D153F591F878F@gmail.com> (raw)
In-Reply-To: <alpine.DEB.2.00.1306041142200.16303@tvnag.unkk.fr>
> It does. git uses libcurl for the HTTPS parts and it has support SNI for a
> long time, assuming you built libcurl with a TLS library that handles it.
>
> Which libcurl version and SSL backend is this? (curl -V usually tells)
$ curl -V
curl 7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IPv6 Largefile NTLM NTLM_WB SSL libz
$ otool -L /usr/local/bin/git
/usr/local/bin/git:
/usr/lib/libz.1.dylib (compatibility version 1.0.0, current version 1.2.5)
/usr/lib/libiconv.2.dylib (compatibility version 7.0.0, current version 7.0.0)
/usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0)
/usr/local/opt/openssl/lib/libssl.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 169.3.0)
> If you made it working by disabling certificate verification then it sounds as
> if SNI might still have worked and the problem was rahter something else, as
> without SNI you can't do name-based virtual hosting over HTTPS - but perhaps
> you wanted to communicate with the "default" server on that IP?
here is a log (with GIT_CURL_VERBOSE=1)
https://gist.github.com/anonymous/8f6533a755ae5c710c75
Initial connection is correct (line 10 - shows that it reads correct certificate),
but then subsequent call to the server (line 68) shows that the defat server certificate is used.
It looks like the second call was without hostname (?).
Thanks!
Janusz
next prev parent reply other threads:[~2013-06-04 10:20 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <DC851F5EA18E478DACB62178624BF5B7@gmail.com>
2013-06-04 9:36 ` SNI (SSL virtual hosts) Janusz Harkot
2013-06-04 9:45 ` Daniel Stenberg
2013-06-04 10:19 ` Janusz Harkot [this message]
2013-06-04 11:58 ` Daniel Stenberg
2013-06-04 16:59 ` Janusz Harkot
2013-06-04 21:18 ` Daniel Stenberg
2013-06-04 21:26 ` Janusz Harkot
2013-06-05 6:58 ` Daniel Stenberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8B7A2C3A8CC346D6B34D153F591F878F@gmail.com \
--to=janusz.harkot@gmail.com \
--cc=daniel@haxx.se \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).