upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-06-07 15:52:10 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

BUG: ssl: fix crt-list for clients not supporting SNI

Browse source 
I left a mistake in my previous patch bringing the crt-list feature,
it breaks clients with no SNI support.

Also remove the useless wildp = NULL as per a previous discussion.
This commit is contained in:
Emmanuel Hocdet 2013-05-31 12:47:44 +02:00 committed by Willy Tarreau
parent cad8234b00
commit 79274e2c40
1 changed files with 1 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/ssl_sock.c
View file

@ -197,7 +197,7 @@ static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, struct bind_conf *s)
if (!servername) {
return (s->strict_sni ?
SSL_TLSEXT_ERR_ALERT_FATAL :
SSL_TLSEXT_ERR_ALERT_WARNING);
SSL_TLSEXT_ERR_NOACK);
}
for (i = 0; i < trash.size; i++) {
@ -218,7 +218,6 @@ static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, struct bind_conf *s)
node = n;
break;
}
wildp = NULL; /* never match a wildcard after matching a neg */
}
if (!node && wildp) {
/* lookup in wildcards names */