Keyserver/security bug 1447 (and 1446 too)
David Shaw
dshaw at jabberwocky.com
Mon Dec 3 17:32:04 CET 2012
On Dec 3, 2012, at 2:27 AM, Phil Pennock <gnupg-devel at spodhuis.org> wrote:
> On 2012-12-02 at 12:57 -0500, David Shaw wrote:
>> As far as I know, libcurl uses the host from the passed-in URL for SNI
>> and there isn't a direct option to set the SNI to an arbitrary value,
>> but looking at the options, CURLOPT_RESOLVE could be used to fix this
>> by feeding in a record with the pool name and the address of the
>> chosen server.
>
> It's not going to help for deployed application code, where you need to
> deal with the library as it exists on machines in the wild, but you
> might be interested in playing with Kristian Fiskerstrand's patch,
> described at:
>
> http://blog.sumptuouscapital.com/2012/10/curl-and-using-http-host-header-for-sni/
>
> Basically, "Copy the SNI from the HTTP Host: header".
I'm all for that patch, but yeah, it doesn't really help for deployed code. I certainly wouldn't cry if the Curl people adopted it, or something similar.
David
More information about the Gnupg-devel
mailing list