Changeset 8985a6b in mod_gnutls for src/gnutls_hooks.c


Ignore:
Timestamp:
Jan 29, 2013, 8:05:42 PM (7 years ago)
Author:
Daniel Kahn Gillmor <dkg@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, master, msva, upstream
Children:
c5bf40b
Parents:
a4006d3
git-author:
Daniel Kahn Gillmor <dkg@…> (01/29/13 00:32:49)
git-committer:
Daniel Kahn Gillmor <dkg@…> (01/29/13 20:05:42)
Message:

allow certificate use for clients without SNI

The test removed here causes certificate lookup to fail if the client
offers no SNI. Many TLS clients cannot (or do not wish to) offer SNI,
and most TLS clients refuse to proceed with the handshake if the
server does not offer a certificate.

This enables mod_gnutls to work for all such clients (and resolves
tests/04_basic_nosni)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_hooks.c

    ra4006d3 r8985a6b  
    113113    tsc = mgs_find_sni_server(session);
    114114
    115     if (tsc == NULL) {
    116         // No TLS vhost configured!
    117                 return GNUTLS_E_NO_CERTIFICATE_FOUND;
    118         } else {
    119         // Found a TLS vhost
     115    if (tsc != NULL) {
     116        // Found a TLS vhost based on the SNI from the client; use it instead.
    120117        ctxt->sc = tsc;
    121118        }
Note: See TracChangeset for help on using the changeset viewer.