[gnutls-devel] GnuTLS | gnutls-cli cannot specify server name while doing xmpp starttls (#777)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Tue May 28 23:24:17 CEST 2019

New Issue was created.

Issue 777: https://gitlab.com/gnutls/gnutls/issues/777
Author:    Luiz Angelo Daros de Luca

## Description of the feature:

XMPP starttls sends the servername before requesting STARTTLS. However, the server might reject that request if the XMPP domains does not match (/host-unknown). This happens specially when "IN SRV" entries are in use for XMPP.

## Applications that this feature may be relevant to:

`gnutls-cli --verify-hostname=mydomain.com --starttls-proto=xmpp jabber.mydomain.com:xmpp-client`

--verify-hostname or --sni-hostname does not help. It does work if mydomain.com IN A matches jabber.mydomain.com. However, this should not be a requirement.

## Is this feature implemented in other libraries (and which)

`openssl s_client -starttls xmpp -xmpphost mydomain.com -connect jabber.mydomain.com:xmpp-client`

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/777
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190528/d7980355/attachment.html>

More information about the Gnutls-devel mailing list