Changing SNI callback return code if a client sends no SNI.
When a client sends no SNI is a common situation. But currently the server processes it as an error and returns SSL_TLSEXT_ERR_ALERT_FATAL causing termination of a current TLS session. The problem occurs if configuration has more than one certificate bundle in a listener. This fix changes the return code to SSL_TLSEXT_ERR_OK and the log level of a message.
This commit is contained in:
Andrey Suvorov
@@ -43,6 +43,14 @@ process and thread lifecycle hooks in Ruby.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
<change type="bugfix">
|
||||
<para>
|
||||
TLS connection was rejected for configuration with more than one
|
||||
certificate bundle in a listener if a client did not use SNI.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
|
||||
<change type="bugfix">
|
||||
<para>
|
||||
the router process could crash on TLS connection open when multiple listeners
|
||||
|
||||
Reference in New Issue
Block a user