Setting SNI hostname for URLProtocol with URLSession

App & System Services Networking
MatzeLoCal OP
Created Jul ’17
Replies 1
Boosts 0
Views 2.2k
Participants 2

Hi,


is there a way to set SNI hostname when using URLSession (in a URLProtocl) before the SSL-Handshake?


To give you a bit more details:


There is an apache-server, which is only reachable via IP, but it has several vhosts.

The server is installed locally and used for developing and testing.


So, all Request will be done via IP-based URL but in the Request the "Host"-headerfield will be set with the hostname.


THis works with all non-secure http-Request.


But when I connect to an https-vhost (TLS)


The Server will return 400 - Bad Request and the error log on the server says


"Hostname [IP-Address] provided via SNI and hostname [HOSTNAME] provided by HTTP are different."


So my qustion:

Is there a way to add another or alter the Hostname in the SSLHandshake?


Thank you very much in advance.

Replies  1
Boosts  0
Views  2.2k
Participants  2
DTS Engineer OP
Apple
Jul ’17

Is there a way to add another or alter the Hostname in the SSLHandshake?

No. NSURLSession doesn’t give you that sort of low-level control over the TLS handshake.

When setting up a test server I usually access it via its 

.local
name (using a custom CA to issue the certificates, per TN2326 and QA1948). If necessary you can use 
dns-sd
with the 
-R
option to register multiple names for the same server.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
0
Setting SNI hostname for URLProtocol with URLSession
First post date Last post date
 
 
Q