[bop-devel] BOP needs the server name SNI
Ivan Kohler
ivan at freeside.biz
Mon Sep 12 10:56:39 PDT 2022
On Mon, Sep 12, 2022 at 10:22:30AM -0700, Doug Juhlin wrote:
> Ivan, we're using several Business::OnlinePayment modules and suddenly had
> a new problem. One vendor (WorldPay at secure.worldpay.com) seems to be
> requiring that the SNI be passed along. But the BOP modules call
> Net::SSLeay->get_https() which does not include the SNI. We found this
> quote:
>
> https://stackoverflow.com/questions/67537126/perl-netssleay-and-server-name-indications
> *get_https3 like many similar functions ultimately ends up in https_cat
> where the SSL context setup and the SSL handshake are done. Unfortunately,
> setting the server_name extension (SNI) is not done in this really old part
> of the code, which comes from a time where SNI wasn't that essentially for
> using HTTPS as it is today.*
>
>
> Have you heard of this problem? Any suggestions?
>
> Do you know of any other functions like get_https() which handle the
> detailed SSL handshaking and include the SNI?
I have not encountered this problem before in a B:OP context, no.
It looks like LWP supports SNI (unless IO::Socket::SSL or OpenSSL
versions are very old). That seems the most straightforward to
implement to me.
As an aside:
Net::SSLeay does have some sparse documentation concerning SNI, but the
suggested client usage (set_tlsext_host_name) doesn't line up with what
I see IO::Socket::SSL doing, so I dunno if that would work.
https://metacpan.org/dist/Net-SSLeay/view/lib/Net/SSLeay.pod#Low-level-API:-Server-side-Server-Name-Indication-(SNI)-support
--
Ivan Kohler
President and Head Geek, Freeside Internet Services, Inc. http://freeside.biz/
Debian GNU/Linux developer | CPAN author | ski addict
More information about the bop-devel
mailing list