You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@thrift.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/08/03 16:48:20 UTC

[jira] [Commented] (THRIFT-3892) Thrift uses TLS SNI extension provided by OpenSSL library. Older version of OpenSSL(< 0.9.8f) may create problem because they do not support 'SSL_set_tlsext_host_name()'.

    [ https://issues.apache.org/jira/browse/THRIFT-3892?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15406195#comment-15406195 ] 

ASF GitHub Bot commented on THRIFT-3892:
----------------------------------------

Github user udit043 commented on a diff in the pull request:

    https://github.com/apache/thrift/pull/1057#discussion_r73373066
  
    --- Diff: lib/cpp/src/thrift/transport/TSSLSocket.cpp ---
    @@ -471,8 +471,10 @@ void TSSLSocket::checkHandshake() {
           }
         } while (rc == 2);
       } else {
    -    // set the SNI hostname
    -    SSL_set_tlsext_host_name(ssl_, getHost().c_str());
    +    /* OpenSSL < 0.9.8f does not have SSL_set_tlsext_host_name() */
    +    #if defined(SSL_set_tlsext_host_name) // set the SNI hostname
    --- End diff --
    
    I have created a issue regarding this: https://issues.apache.org/jira/browse/THRIFT-3892
    No, there is not any alternative for older version. There are very less possibilities of someone using very old OpenSSL library. This issue is negligible, it is just for improving the project.


> Thrift uses TLS SNI extension provided by OpenSSL library. Older version of OpenSSL(< 0.9.8f) may create problem because they do not support 'SSL_set_tlsext_host_name()'.
> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: THRIFT-3892
>                 URL: https://issues.apache.org/jira/browse/THRIFT-3892
>             Project: Thrift
>          Issue Type: Improvement
>          Components: C++ - Compiler
>            Reporter: Udit Raikwar
>            Priority: Trivial
>              Labels: newbie
>
> Thrift uses TLS SNI extension during SSL handshake provided by OpenSSL library. Older version of OpenSSL(< 0.9.8f) may create problem because they do not support 'SSL_set_tlsext_host_name()'.
> I have created a pull request regarding this issue[1], this issue is although negligible because all newer version of OpenSSL supports TLS SNI extension but checking if TLS SNI extension is supported in user's OpenSSL version is not bad.
> [1]=https://github.com/apache/thrift/pull/1057



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)