Hi Emmanuel, On Wed, Oct 25, 2017 at 02:37:58PM +0200, Emmanuel Hocdet wrote: > Hi, > > . patches serie rebase from master > . update openssl 1.1.1 api calls with new early callback name > (https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_client_hello_cb.html > <https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_client_hello_cb.html>) >
That mostly looks like the version I maintained, except : - if (!SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name)) + if (!SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) || !s->generate_certs) Shouldn't that be && !s->generate_certs ? Or we'll return SSL_TLSEXT_ERR_NOACK as soon as we don't generate certificates. Regards, Olivier
