Changing SNI callback return code if a client sends no SNI.

When a client sends no SNI is a common situation.  But currently the server
processes it as an error and returns SSL_TLSEXT_ERR_ALERT_FATAL causing
termination of a current TLS session.  The problem occurs if configuration has
more than one certificate bundle in a listener.

This fix changes the return code to SSL_TLSEXT_ERR_OK and the log level of a
message.

docs/changes.xml

@@ -43,6 +43,14 @@ process and thread lifecycle hooks in Ruby.
 </para>
 </change>
 
+<change type="bugfix">
+<para>
+TLS connection was rejected for configuration with more than one
+certificate bundle in a listener if a client did not use SNI.
+</para>
+</change>
+
+
 <change type="bugfix">
 <para>
 the router process could crash on TLS connection open when multiple listeners

src/nxt_openssl.c

@@ -804,15 +804,15 @@ nxt_openssl_servername(SSL *s, int *ad, void *arg)
     }
 
     servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
-    if (nxt_slow_path(servername == NULL)) {
+
-        nxt_log(c->socket.task, NXT_LOG_ALERT, "SSL_get_servername() returned "
+    if (servername == NULL) {
-                                               "NULL in server name callback");
+        nxt_debug(c->socket.task, "SSL_get_servername(): NULL");
-        return SSL_TLSEXT_ERR_ALERT_FATAL;
+        goto done;
     }
 
     str.length = nxt_strlen(servername);
     if (str.length == 0) {
-        nxt_debug(c->socket.task, "client sent zero-length server name");
+        nxt_debug(c->socket.task, "SSL_get_servername(): \"\" is empty");
         goto done;
     }