On Tue, Jun 21, 2022 at 1:34 PM Jacob Champion <jchampion@timescale.com> wrote:
> Is LibreSSL just less liberal in what it'll send via SNI?
Looks like it; I can reproduce with a local build against LibreSSL. On
the one hand it seems like there might be a case for improving the
guards around our call to SSL_set_tlsext_host_name(), but that seems
like overkill for fixing this test -- we can just disable SNI.
Attached is a patch which does that.
There is also a question of why LibreSSL doesn't do the same for the
IPv6 CIDR test. Should we proactively disable SNI for both of them?
--Jacob