[fpc-devel] https support; call for testers
Tomas Hajny
XHajT03 at hajny.biz
Thu May 1 17:27:34 CEST 2014
On 1 May 14, at 16:36, Michael Van Canneyt wrote:
> On Wed, 30 Apr 2014, Dimitrios Chr. Ioannidis wrote:
>
> > Hi,
> >
> > i had to add support for client side Server Name Indication (SNI) TLS
> > extension which is supported in OpenSSL from version 0.9.8 ( k ? ) (
> > http://en.wikipedia.org/wiki/Server_Name_Indication ) .
> >
> > It's a trivial change ( doesn't break anything, i think ... ) so can you
> > review it for inclusion ?
> >
> > Regarding the absense of a switch ( at least ) for the SSCtrl call i read
> > in the net that "... but looking at the OpenSSL code there is no harm done
> > calling SSL_ctrl using undefined cmd parameters. Support for the
> > SSL_CTRL_SET_TLSEXT_HOSTNAME can also be disabled when compiling openssl
> > which confirms the no harm done."
>
> I implemented the support, but did it differently.
> - Added some more missing constants
> - Added Ctrl() method to TSSL object
> - Added SendHostAsSNI : boolean property to TSSLHandler. By default it is set to true.
>
> Thanks for your addition.
> Definite proof that open source is still the best way for software development.
Well, yes. Unfortunately, there's also a proof of certain open source
inefficiency if not following the open source approach fully (in
particular by forking the original source instead of pushing
improvements and extensions upstream). :-( The OpenSSL library
originally comes from Synapse. It was apparently forked by Ales
Katona back in 2006. Since then, different changes (fixes,
improvements and extensions) have been performed independently on
both sides. Would it be better if there's only one version containing
fixes from both projects (even if this version is located on two
different places)? Yes, of course, but noone takes care about this...
:-(
Tomas
More information about the fpc-devel
mailing list