You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by "James Peach (JIRA)" <ji...@apache.org> on 2014/06/13 19:59:02 UTC

[jira] [Commented] (TS-2802) Add SNI support for origin servers

    [ https://issues.apache.org/jira/browse/TS-2802?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14030906#comment-14030906 ] 

James Peach commented on TS-2802:
---------------------------------

Use {{ats_strndup}} instead of {{_xstrdup}}.

The SSL SNI name should be attached to the {{NetVCOptions}} rather than the VC itself. If you do that, then you don't need to alter the {{NetVConnection}} interface at all.

I don't think the IP address check should be done in {{SSLNetVConnection::sslClientHandShakeEvent}}, you should do it at the time when the name is originally set.

> Add SNI support for origin servers
> ----------------------------------
>
>                 Key: TS-2802
>                 URL: https://issues.apache.org/jira/browse/TS-2802
>             Project: Traffic Server
>          Issue Type: Improvement
>          Components: SSL
>            Reporter: Bryan Call
>            Assignee: Bryan Call
>              Labels: Review
>             Fix For: 5.1.0
>
>         Attachments: TS-2802.diff
>
>
> test to an origin that requires SNI
> {code}
> [bcall@cat ~]$ tail -1 /usr/local/etc/trafficserver/remap.config
> map http://foo.yahoo.com https://www.mnot.net/blog/2014/05/09/if_you_can_read_this_youre_sniing
> [bcall@cat ~]$ curl -H 'Host: foo.yahoo.com' http://localhost:8080/; echo
> TLS SNI Required.
> {code}



--
This message was sent by Atlassian JIRA
(v6.2#6252)