Summary: | konqueror does not send correct SNI hostname to https server | ||
---|---|---|---|
Product: | [Frameworks and Libraries] kio | Reporter: | Alain Knaff <kde> |
Component: | kssl | Assignee: | Konqueror Developers <konq-bugs> |
Status: | RESOLVED DUPLICATE | ||
Severity: | normal | CC: | daniel.subs, faure, flo, kde, meyerm, qbast, Sascha-bugs.kde.org |
Priority: | NOR | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Platform: | unspecified | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: |
Description
Alain Knaff
2008-11-12 10:47:29 UTC
Fixing this requires Trolltech to add support for SNI in QSslSocket. Qt in turn relies on OpenSSL which should support SNI in version 0.9.9 (not released yet). According to the page at http://people.apache.org/~fuankg/diffs/httpd-2.2.x-sni.diff , SNI is supported starting from openssl version 0.9.8f which is out already (I've got 0.9.8g here on my Kubuntu box) FYI Apache just released httpd 2.2.12 in July 2009 with full server side support for SNI. The code required just after the SSL_new call. See the openssl apps/s_client.c code for an example: SSL_new.... +#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) + /* If SNI isn't supported, we just don't call it and fail silently, + * as there's not much else we can do. + */ + if ((proto_version != SSL_VERSION_SSL2) && server_hostname) + SSL_set_tlsext_host_name(self->ssl, server_hostname); +#endif (extracted from http://bugs.python.org/issue5639) FYI a current SNI test site is https://sni.velox.ch/ which lists many common browsers supporting SNI. tested with konqueror 4.3.1 see bug 122433 as per comment #1 here is the Qt merge request: http://qt.gitorious.org/qt/qt/merge_requests/1574 It doesn't depend on openssl 0.9.9 as some versions of 0.9.8 have it optionally and the last few releases have it enabled by default. after looking at this closer this bug should be marked as a duplicate of 122433. *** This bug has been confirmed by popular vote. *** *** This bug has been marked as a duplicate of bug 122433 *** |