Keyserver/security bug 1447 (and 1446 too)

Phil Pennock gnupg-devel at spodhuis.org
Mon Dec 3 08:27:20 CET 2012


On 2012-12-02 at 12:57 -0500, David Shaw wrote:
> As far as I know, libcurl uses the host from the passed-in URL for SNI
> and there isn't a direct option to set the SNI to an arbitrary value,
> but looking at the options, CURLOPT_RESOLVE could be used to fix this
> by feeding in a record with the pool name and the address of the
> chosen server.

It's not going to help for deployed application code, where you need to
deal with the library as it exists on machines in the wild, but you
might be interested in playing with Kristian Fiskerstrand's patch,
described at:

http://blog.sumptuouscapital.com/2012/10/curl-and-using-http-host-header-for-sni/

Basically, "Copy the SNI from the HTTP Host: header".

-Phil



More information about the Gnupg-devel mailing list