[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Server Name Indication?
1) Adding the constants to GSKSSL_H is no big deal, of course. But,
I'll need to know which.
------
Id add everything thats not there. These for sure:
GSK_SSL_EXTN_SERVERNAME_REQUEST (230)
GSK_SSL_EXTN_SERVERNAME_CRITICAL_REQUEST (231)
GSK_SSL_EXTN_SERVERNAME_LIST (232)
GSK_SSL_EXTN_SERVERNAME_CRITICAL_LIST (233)
-----
2) This won't be supported on older releases of IBM i, so we'll need
to
figure out how to handle that. My thinking is that we would just
call
gsk_set_attribute_buffer() and ignore any errors it returns. Older
systems that don't include this functionality could just ignore it.
(We'd log it to the debug log, though, in case someone had problems
due
to this, then we could see what's going on..)
-----
I agree.
-----
3) It looks to me that the difference between
GSK_SSL_EXTN_SERVERNAME_CRITICAL_REQUEST and
GSK_SSL_EXTN_SERVERNAME_REQUEST is that the 'CRITICAL' one will fail
to
connect to any server that does not use SNI. So, it seems to me
that
we should use the non-critical one in HTTPAPI, unless there's a
reason
that we want to force the use of SNI (which I don't think would be a
good default, but could be enabled by the caller by calling a
http_force_sni() procedure or something like that.) Is there a
situation where forcing this to be 'critical' is important?
-----
I dont know. IBM told me that either 230 or 231 should work. I havent
tried 230 yet. I will do so.
-----
4) I don't like the idea of adding this to https_init(), because
https_init() establishes an environment for use in multiple HTTP
requests (to different servers). It seems to me that this is more
appropriate to CommSSL_Upgrade(). Will that work? Or can this
only
be set at the environment level?
-----
I will call it from CommSSL_Upgrade and let you know.
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------