• MorphOS Developer
    Piru
    Posts: 587 from 2003/2/24
    From: finland, the l...
    Quote:

    alfie wrote:
    I finally found that adding
    SSL_set_tlsext_host_name(ssl,hostName);
    f.e.
    SSL_set_tlsext_host_name(ssl,"www.morphos-storage.net");

    makes it work, without even setting a cb

    why this is the only one site I found to need that, I don't know.


    This is due to Server Name Indication" (SNI): https://www.cloudflare.com/en-gb/learning/ssl/what-is-sni/

    Basically many servers only host a single HTTPS enabled site. In order to allow multiple sites to be hosted on a single IP/port SNI was created. If the SNI needed and is not specified the server doesn't know which site you want to talk to -> error. IP/port that only host a single site work without specifying the hostname extension (SNI).

    This particular server is a bit unusual since it errors out during the TLS connection phase already. Typically the server will rather just host their "default" site (which will then result in TLS certificate validation error due to mismatched host certificate) rather than error out like that (this threw me off and I didn't think that missing SNI could have been the issue).

    SNI is definitely needed in modern web and should always be specified.

    [ Edited by Piru 01.07.2024 - 21:22 ]
  • »01.07.24 - 18:04
    Profile