z/OS Tools & Language

Expand all | Collapse all

Curl writes corrupted(?) server name indication (SNI)

  • 1.  Curl writes corrupted(?) server name indication (SNI)

    Posted 10-19-2016 13:06

    Hello, I was helping a mainframe user who couldn’t use curl to access an Apache server (on distributed) with curl 7.28.0 (i370-ibm-openedition) libcurl/7.28.0 OpenSSL/1.0.1c zlib/1.2.7 iconv libssh2/1.4.3

    Apache was returning a 400 error. On a hunch I inspected the TLS server_name extension and sure enough it was garbled (to me does not even look like EBCDIC).

    0000 89 88 a2 a2 a5 95 4b 99 a3 97 4b 99 81 93 85 89 …K…K…
    0010 87 88 4b 89 82 94 4b 83 96 94 …K…K…

    The hostname should be “libfsfe01.hursley.ibm.com” which is not externally addressable.

    You do not need a failing SSL server to see the problem. The Host: header at HTTP layer and server_name extension should be the same ascii bytes even if not getting an error.



  • 2.  RE: Curl writes corrupted(?) server name indication (SNI)

    Posted 10-19-2016 13:15

    argh, it works fine on 7.42.1.



  • 3.  RE: Curl writes corrupted(?) server name indication (SNI)

    Posted 10-21-2016 05:21

    Hi,

    Please use the latest version of cURL in the next time.

    Thanks,
    Andrey