This is an automated email from the ASF dual-hosted git repository.
bcall pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 7567ff7 Remove tls_versions from host sni policy check
7567ff7 is described below
commit 7567ff7d5930a33342302572aa190b9f196e9a44
Author: Susan Hinrichs <[email protected]>
AuthorDate: Mon Apr 20 18:06:41 2020 +0000
Remove tls_versions from host sni policy check
---
doc/admin-guide/files/records.config.en.rst | 2 ++
iocore/net/P_SNIActionPerformer.h | 5 -----
2 files changed, 2 insertions(+), 5 deletions(-)
diff --git a/doc/admin-guide/files/records.config.en.rst
b/doc/admin-guide/files/records.config.en.rst
index 21b9bb1..5da2297 100644
--- a/doc/admin-guide/files/records.config.en.rst
+++ b/doc/admin-guide/files/records.config.en.rst
@@ -1851,6 +1851,8 @@ Security
You can override this global setting on a per domain basis in the
:file:`sni.yaml` file using the :ref:`host_sni_policy
attribute<override-host-sni-policy>` action.
+ Currently, only the verify_client policy is checked for host name and SNI
matching.
+
Cache Control
=============
diff --git a/iocore/net/P_SNIActionPerformer.h
b/iocore/net/P_SNIActionPerformer.h
index 8dc95fe..2f9bd01 100644
--- a/iocore/net/P_SNIActionPerformer.h
+++ b/iocore/net/P_SNIActionPerformer.h
@@ -262,11 +262,6 @@ public:
}
return SSL_TLSEXT_ERR_OK;
}
- bool
- TestClientSNIAction(const char *servername, const IpEndpoint &ep, int
&policy) const override
- {
- return !unset;
- }
};
class SNI_IpAllow : public ActionItem
