policy.TLS_FORWARD: send SNI on wire if configured
In https world it's standard to do that, and it's relied on. Real-life example: 8.8.8.8#853 over TLSv1.3 won't send a certificate if we don't send SNI (no idea why; also they do send it with TLSv1.2). As a consequence, we no longer allow multiple hostnames per address-port tuple, but that didn't seem useful.
Showing
- NEWS 4 additions, 0 deletionsNEWS
- daemon/bindings/net.c 3 additions, 9 deletionsdaemon/bindings/net.c
- daemon/network.h 1 addition, 1 deletiondaemon/network.h
- daemon/tls.c 30 additions, 48 deletionsdaemon/tls.c
- daemon/tls.h 2 additions, 2 deletionsdaemon/tls.h
- lib/utils.h 8 additions, 1 deletionlib/utils.h
- modules/policy/policy.lua 1 addition, 1 deletionmodules/policy/policy.lua
Please register or sign in to comment