Ubuntu
curl package

add support for SNI

Bug #223855 reported by Mitja Kleider
8
Affects Status Importance Assigned to Milestone
Curl
Unknown
Unknown
curl (Ubuntu)
Fix Released
Wishlist
Unassigned

Bug Description

Binary package hint: curl

Hello,
this is not a bug, but wishlist/discussion (I did not find any option for that and hope somebody can set this to wishlist).

curl is unable to do https on a server having multiple domains and multiple SSL certificates using SNI.
Browsers support it, nautilus works fine, curl is displaying error 51: "The peer's SSL certificate or SSH MD5 fingerprint was not ok ".

A patch for SNI can be found here:
http://curl.haxx.se/mail/lib-2008-02/0050.html

I am no developer and maybe this is not the right place for this feature request, but maybe it is just a compiler option which needs to be set and support for SNI is needed because the only other option for multi-domain server cases would be plain http.

Thank you!

Revision history for this message
Luke Faraone (lfaraone) wrote :

Thank you for your bug report. This bug has been reported to the developers of the software. You can track it and make comments here: http://sourceforge.net/tracker/index.php?func=detail&aid=1953732&group_id=976&atid=100976

Revision history for this message
Luke Faraone (lfaraone) wrote :
Revision history for this message
Luke Faraone (lfaraone) wrote :
Luke Faraone (lfaraone)
Changed in curl:
status: New → Confirmed
Revision history for this message
Caroline Ford (secretlondon) wrote :

Importance ->wishlist

Changed in curl:
importance: Undecided → Wishlist
Revision history for this message
Caroline Ford (secretlondon) wrote :

To get your fix included in Ubuntu, it would help if you tried transforming it into a debdiff (http://wiki.ubuntu.com/PackagingGuide/Recipes/Debdiff) and submit it for review (http://wiki.ubuntu.com/SponsorshipProcess). If you prefer somebody else to do that, that's fine - please just indicate if you're available to do that.

Revision history for this message
Mitja Kleider (mkleider) wrote :

I think that I am not able to do that yet, but the answer on sourceforge was:
> This is already supported in libcurl 7.18.1!

I guess the "fix" will find it's way into newer releases by itself. Thanks for your support!

Revision history for this message
Mitja Kleider (mkleider) wrote :

Works for me in Ubuntu 8.10 (libcurl 7.18.2-1ubuntu4).

Revision history for this message
Adam Buchbinder (adam-buchbinder) wrote :

The feature is indeed present in 8.10 (Intrepid). I ran the following test, which came back as it should:

$ dpkg -l curl
ii curl 7.18.2-1ubuntu4.1
$ curl https://sni.velox.ch/ 2>/dev/null|grep h2
<h2>TLS SNI Test Site: *.sni.velox.ch</h2>
$ curl https://alice.sni.velox.ch/ 2>/dev/null|grep h2
<h2>TLS SNI Test Site: alice.sni.velox.ch</h2>

See bug 338242 for the corresponding problem in wget.

Changed in curl:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.