-
Notifications
You must be signed in to change notification settings - Fork 161
Testing without DNS names or Certificates
Many experimenters want to conduct simple tests of communications between client and server. In many of these configuration, they just want to start the client connection by using the server IP address directly, without specifying a DNS name for the server. The client will just send a command such as:
./picoquicdemo -D 192.0.2.101 4443 /20000000
By default this fails, as noted for example in issue 1424. The client will output a warning:
Careful: NULL SNI is incompatible with HTTP 3. Expect errors!
... and then the connection will fail.
The message "NULL SNI is incompatible with HTTP 3. Expect errors!" is because the user is not providing a server name. In TLS 1.3, the server name is used to verify the server certificate and prevent man-in-the-middle attacks. If you do not have a server name, things will break, just like the message says. The solution is to set an arbitrary host name using the "-n" option, as in:
./picoquicdemo -n test -D <server_name> 4443 /20000000