gpt4 book ai didi

libcurl - 为什么 libcurl 不为 IP 设置 SNI?

转载 作者:行者123 更新时间:2023-12-02 02:07:50 33 4
gpt4 key购买 nike

我刚刚注意到当我使用 IP 进行 HTTPS 调用时,libcurl 没有设置 SNI 字段。我发现了这个:

https://github.com/curl/curl/blame/master/lib/vtls/openssl.c

#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
if((0 == Curl_inet_pton(AF_INET, hostname, &addr)) &&
#ifdef ENABLE_IPV6
(0 == Curl_inet_pton(AF_INET6, hostname, &addr)) &&
#endif
sni &&
!SSL_set_tlsext_host_name(BACKEND->handle, hostname))
infof(data, "WARNING: failed to configure server name indication (SNI) "
"TLS extension\n");
#endif

根据Curl_inet_pton文档:

 * inet_pton(af, src, dst)
* convert from presentation format (which usually means ASCII printable)
* to network format (which is usually some kind of binary format).
* return:
* 1 if the address was valid for the specified address family
* 0 if the address wasn't valid (`dst' is untouched in this case)
* -1 if some other error occurred (`dst' is untouched in this case, too)

正如预期的那样,它返回 IP 地址的 1(例如 192.160.0.1),因此不会调用 SSL_set_tlsext_host_name

为什么?

最佳答案

因为这是不允许的。

RFC 3546“传输层安全 (TLS) 扩展”section 3.1说得很清楚:

Literal IPv4 and IPv6 addresses are not permitted in "HostName".

关于libcurl - 为什么 libcurl 不为 IP 设置 SNI?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58631806/

33 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com