Server Name Indication(SNI)support in cups
ajaydharan
ajaydharan.km at gmail.com
Thu Dec 15 22:26:33 PST 2011
> > On Dec 14, 2011, at 11:26 PM, ajaydharan wrote:
> > > ...
> > > I am using openssl 0.9.8r which supports SNI and cups 1.5 version.
> > > ...
> >
> > The current OpenSSL support code does not set the server name; if you could point me to the OpenSSL API that does this we will be happy to add it (it isn't obvious from a search of the documentation...)
> >
> > The GNU TLS and CDSA (Mac OS X) code currently sets the SNI data but the OpenSSL and SSPI (Windows) code does not.
> >
> > > Will this concept even works in cups 1.3 ?
> >
> > No.
> >
> > _________________________________________________________
> > Michael Sweet, Senior Printing System Engineer, PWG Chair
> >
>
> OpenSSL supports SNI concept in version 0.9.8f which was released on 2007. Openssl supports setting of servername extension in TLS. To point exactly in Openssl API, tls.h file supports setting of tlsext_hostname(which is nothing but the servername extension). Using cups1.5 (Mac OS X), the sni data is set by default as "localhost" where i couldn't set the servername.
>
> Any possible solution in cups?
Michael Sweet,
OpenSSL has an API called "SSL_set_tlsext_host_name(ssl,servername)". This sets the servername in the SNI field. I hope this need to be added in CUPS to support the SNI in OpenSSL.
CDSASSL has an API called SSLSetPeerDomainName(tls, hostname length). This sets the server name in the SNI field. As you mentioned, this is already enabled in CUPS.
Regards
Ajay
More information about the cups
mailing list