-
Notifications
You must be signed in to change notification settings - Fork 283
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SNI support #258
Comments
Indeed, this is also affecting a gnutls based build with TLS 1.3 enabled, such as Claws Mail on Fedora 29 when contacting Google Mail via IMAP. |
Could you send a pull request? Thanks! |
If I knew enough of the internals of libetpan, I would know where to access the server name of that would be needed. I've ended up in src/data-types/mailstream_ssl.c when I had a look, but didn't find it. |
I'm wanting SNI support in Claws Mail as well. It looks to me like it would be a huge pain to feed the server name (when there is one) all the way through from where the socket is opened to where the TLS configuration happens. At present only the file descriptor of the socket is passed through to the mailstream implementations and many functions would need to be modified to pass more information through. On the other hand, it would be easy enough to add a new exported function for clients to call from within the optional callback (e.g. when using I have seen a very experimental patch work against gnutls in conjunction with a very experimental patch to Claws Mail. If the approach is considered reasonable I will finish testing against openssl and submit a pull request, just as soon as I've figured out how to use GitHub sufficiently to do that! |
Candidate pull request following the approach I suggested created, for consideration. Experimental patch for Claws Mail that utilises it attached to http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4103 in case it helps anybody. |
libetspan seems to not call SSL_set_tlsext_host_name() for indicating TLS SNI [1] which causes that it gets wrong certificate from (for example) imap server.
So this is feature request about adding SNI support.
openssl-*/apps/s_client.c does that in such way:
so I hope it is also easy for libetpan.
The text was updated successfully, but these errors were encountered: