Kaspar Brand wrote:
Joe Orton wrote:
the OpenSSL client (SNI extensions should never contain literal IPv4
addresses).
Good point - I've changed neon for future releases to only enable SNI if
the hostname is not a numeric IP address.
This logic should go into OpenSSL, I think...
Making openssl "intelligent" like "you have requested some value that
I don't think is a valid hostname, so I will ignore you sni request"
is not exactly a nice thing. You must reject everything that is not
a DNS hostname. Looks ugly.
If you have just a "raw" IP address an application may probably
already know this case.