This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 7908481 Remove tls_versions from host sni policy check
7908481 is described below
commit 79084814b7aa9a8bb6f9d00db4d387d5d1ce7464
Author: Susan Hinrichs <[email protected]>
AuthorDate: Mon Apr 20 18:06:41 2020 +0000
Remove tls_versions from host sni policy check
(cherry picked from commit 7567ff7d5930a33342302572aa190b9f196e9a44)
---
doc/admin-guide/files/records.config.en.rst | 2 ++
iocore/net/P_SNIActionPerformer.h | 5 -----
2 files changed, 2 insertions(+), 5 deletions(-)
diff --git a/doc/admin-guide/files/records.config.en.rst
b/doc/admin-guide/files/records.config.en.rst
index e7b68ad..85c5d89 100644
--- a/doc/admin-guide/files/records.config.en.rst
+++ b/doc/admin-guide/files/records.config.en.rst
@@ -1835,6 +1835,8 @@ Security
You can override this global setting on a per domain basis in the
:file:`sni.yaml` file using the :ref:`host_sni_policy
attribute<override-host-sni-policy>` action.
+ Currently, only the verify_client policy is checked for host name and SNI
matching.
+
Cache Control
=============
diff --git a/iocore/net/P_SNIActionPerformer.h
b/iocore/net/P_SNIActionPerformer.h
index 8dc95fe..2f9bd01 100644
--- a/iocore/net/P_SNIActionPerformer.h
+++ b/iocore/net/P_SNIActionPerformer.h
@@ -262,11 +262,6 @@ public:
}
return SSL_TLSEXT_ERR_OK;
}
- bool
- TestClientSNIAction(const char *servername, const IpEndpoint &ep, int
&policy) const override
- {
- return !unset;
- }
};
class SNI_IpAllow : public ActionItem
