Browse Source

Don't print ssl error if client didn't support TLS SNI

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2666 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.24
Stefan Bühler 12 years ago
parent
commit
1d5d55a484
  1. 1
      NEWS
  2. 8
      src/network.c

1
NEWS

@ -59,6 +59,7 @@ NEWS
* mod_fastcgi: Fix host->active_procs counter, return 503 if connect wasn't successful after 5 tries (fixes #1825)
* mod_accesslog: escape special characters (fixes #1551, thx icy)
* fix mod_webdav crash from #1793 (fixes #2048, thx hiroya)
* Don't print ssl error if client didn't support TLS SNI
- 1.4.23 - 2009-06-19
* Added some extra warning options in cmake and fix the resulting warnings (unused/static functions)

8
src/network.c

@ -72,8 +72,11 @@ static int network_ssl_servername_callback(SSL *ssl, int *al, server *srv) {
buffer_copy_string(con->uri.scheme, "https");
if (NULL == (servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) {
#if 0
/* this "error" just means the client didn't support it */
log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
"failed to get TLS server name");
#endif
return SSL_TLSEXT_ERR_NOACK;
}
buffer_copy_string(con->tlsext_server_name, servername);
@ -87,15 +90,16 @@ static int network_ssl_servername_callback(SSL *ssl, int *al, server *srv) {
config_patch_connection(srv, con, COMP_HTTP_HOST);
if (NULL == con->conf.ssl_ctx) {
/* ssl_ctx <=> pemfile was set <=> ssl_ctx got patched: so this should never happen */
log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:",
"null SSL_CTX for TLS server name", con->tlsext_server_name);
"null SSL_CTX for TLS server name", con->tlsext_server_name);
return SSL_TLSEXT_ERR_ALERT_FATAL;
}
/* switch to new SSL_CTX in reaction to a client's server_name extension */
if (con->conf.ssl_ctx != SSL_set_SSL_CTX(ssl, con->conf.ssl_ctx)) {
log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:",
"failed to set SSL_CTX for TLS server name", con->tlsext_server_name);
"failed to set SSL_CTX for TLS server name", con->tlsext_server_name);
return SSL_TLSEXT_ERR_ALERT_FATAL;
}

Loading…
Cancel
Save