Hackney doesn't send SNI (in some cases)

Question

Hackney doesn't send SNI (in some cases)

Closed this issue 4 years ago · 1 comments

Using Hackney 1.15.2:

iex(50)> :hackney.get("https://partners.betvictor.mobi", [], "", [])
[info] TLS :client: In state :certify at ssl_handshake.erl:1768 generated CLIENT ALERT: Fatal - Handshake Failure
 - {:bad_cert, :invalid_key_usage}
{:error,
 {:tls_alert,
  {:handshake_failure,
   'TLS client: In state certify at ssl_handshake.erl:1768 generated CLIENT ALERT: Fatal - Handshake Failure\n {bad_cert,invalid_key_usage}'}}}

Specifying the SNI manually works:

iex(51)> :hackney.get("https://partners.betvictor.mobi", [], "", [ssl_options: [server_name_indication: 'partners.betvictor.mobi']])
{:ok, 403, ...}

The erlang ssl documentation (http://erlang.org/doc/man/ssl.html#type-sni) says about the server_name_indication option: "If not specified it will default to the Host argument of connect/[3,4] unless it is of type inet:ipaddress().". Since Hackney parses the host into an ipaddress, it should perhaps set the SNI hostname when doing a request.

Related: #449

Answer 1 · 2020-05-20T21:24:54.000Z

fixed via 7cbe1f6