Keyserver/security bug 1447 (and 1446 too)

David Shaw dshaw at
Mon Dec 3 17:32:04 CET 2012

On Dec 3, 2012, at 2:27 AM, Phil Pennock <gnupg-devel at> wrote:

> On 2012-12-02 at 12:57 -0500, David Shaw wrote:
>> As far as I know, libcurl uses the host from the passed-in URL for SNI
>> and there isn't a direct option to set the SNI to an arbitrary value,
>> but looking at the options, CURLOPT_RESOLVE could be used to fix this
>> by feeding in a record with the pool name and the address of the
>> chosen server.
> It's not going to help for deployed application code, where you need to
> deal with the library as it exists on machines in the wild, but you
> might be interested in playing with Kristian Fiskerstrand's patch,
> described at:
> Basically, "Copy the SNI from the HTTP Host: header".

I'm all for that patch, but yeah, it doesn't really help for deployed code.  I certainly wouldn't cry if the Curl people adopted it, or something similar.


More information about the Gnupg-devel mailing list