[fpc-devel] https support; call for testers

Tomas Hajny XHajT03 at hajny.biz
Thu May 1 17:27:34 CEST 2014


On 1 May 14, at 16:36, Michael Van Canneyt wrote:
> On Wed, 30 Apr 2014, Dimitrios Chr. Ioannidis wrote:
> 
> > Hi,
> >
> >  i had to add support for client side Server Name Indication (SNI) TLS 
> > extension which is supported in OpenSSL from version 0.9.8 ( k ? )  ( 
> > http://en.wikipedia.org/wiki/Server_Name_Indication ) .
> >
> >  It's a trivial change ( doesn't break anything, i think ... ) so can you 
> > review it for inclusion ?
> >
> >  Regarding the absense of a switch ( at least ) for the SSCtrl call i read 
> > in the net that "...  but looking at the OpenSSL code there is no harm done 
> > calling SSL_ctrl using undefined cmd parameters. Support for the 
> > SSL_CTRL_SET_TLSEXT_HOSTNAME can also be disabled when compiling openssl 
> > which confirms the no harm done."
> 
> I implemented the support, but did it differently.
> - Added some more missing constants
> - Added Ctrl() method to TSSL object
> - Added SendHostAsSNI : boolean property to TSSLHandler. By default it is set to true.
> 
> Thanks for your addition. 
> Definite proof that open source is still the best way for software development.

Well, yes. Unfortunately, there's also a proof of certain open source 
inefficiency if not following the open source approach fully (in 
particular by forking the original source instead of pushing 
improvements and extensions upstream). :-( The OpenSSL library 
originally comes from Synapse. It was apparently forked by Ales 
Katona back in 2006. Since then, different changes (fixes, 
improvements and extensions) have been performed independently on 
both sides. Would it be better if there's only one version containing 
fixes from both projects (even if this version is located on two 
different places)? Yes, of course, but noone takes care about this... 
:-(

Tomas




More information about the fpc-devel mailing list