[Bug 1551464] Re: apt-get sources should support TLS SNI (server name)

[TJ Pusateri]

I think you may have misunderstood the request. I have a server that
supports multiple domains and each have their own TLS certificates.
Using the openssl client, I can connect to each of the unique hostnames.
They all map back to the same IP address.

But if I host a repo over TLS on this server, this fails because it
receives the primary server name TLS certificate instead of the hostname
specified in the source list. This is exactly the scenario SNI was
invented for.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1551464

Title:
  apt-get sources should support TLS SNI (server name)

Status in apt package in Ubuntu:
  Invalid

Bug description:
  There needs to be an option in apt source.list entries to specify the
  server name to be used by TLS for the Server Name Indication (SNI).

  The openSSL equivalent is '-servername'.

  Currently, when accessing sources over https when multiple names are
  used on the same IP address, there is no way to specify which server
  name should be used and so the default name is always used.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: apt 1.0.1ubuntu2.11
  ProcVersionSignature: Ubuntu 4.2.0-30.35~14.04.1-generic 4.2.8-ckt3
  Uname: Linux 4.2.0-30-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.19
  Architecture: amd64
  Date: Mon Feb 29 17:25:22 2016
  InstallationDate: Installed on 2016-02-26 (3 days ago)
  InstallationMedia: Xubuntu 14.04.4 LTS "Trusty Tahr" - Release amd64 (20160217.1)
  ProcEnviron:
   TERM=xterm
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: apt
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1551464/+subscriptions