Hi Olivier,
> Le 25 oct. 2017 à 14:57, Olivier Houchard <[email protected]> a écrit : > > On Wed, Oct 25, 2017 at 02:37:58PM +0200, Emmanuel Hocdet wrote: >> Hi, >> >> . patches serie rebase from master >> . update openssl 1.1.1 api calls with new early callback name >> (https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_client_hello_cb.html >> >> <https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_client_hello_cb.html>) >> > > That mostly looks like the version I maintained, except : > - if (!SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name)) > + if (!SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) || > !s->generate_certs) > > Shouldn't that be && !s->generate_certs ? Or we'll return SSL_TLSEXT_ERR_NOACK > as soon as we don't generate certificates. Indeed, it’s &&, i test with strict-sni and doesn’t see that. thanks Manu
