RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-01-10 07:49:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG: ssl: fix crt-list for clients not supporting SNI

Browse Source 
I left a mistake in my previous patch bringing the crt-list feature,
it breaks clients with no SNI support.

Also remove the useless wildp = NULL as per a previous discussion.
This commit is contained in:
Emmanuel Hocdet 2013-05-31 12:47:44 +02:00 committed by Willy Tarreau
parent cad8234b00
commit 79274e2c40
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/ssl_sock.c
View File

@ -197,7 +197,7 @@ static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, struct bind_conf *s)
if (!servername) { if (!servername) {
return (s->strict_sni ? return (s->strict_sni ?
SSL_TLSEXT_ERR_ALERT_FATAL : SSL_TLSEXT_ERR_ALERT_FATAL :
SSL_TLSEXT_ERR_ALERT_WARNING); SSL_TLSEXT_ERR_NOACK);
} }
for (i = 0; i < trash.size; i++) { for (i = 0; i < trash.size; i++) {
@ -218,7 +218,6 @@ static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, struct bind_conf *s)
node = n; node = n;
break; break;
} }
wildp = NULL; /* never match a wildcard after matching a neg */
} }
if (!node && wildp) { if (!node && wildp) {
/* lookup in wildcards names */ /* lookup in wildcards names */