On Wed, Jun 18, 2014 at 01:06:31PM +0200, Dr. Stephen Henson wrote:
> > This commit does not introduce the alert generation. The alert is
> > generated when the server callback returns SSL_TLSEXT_ERR_ALERT_WARNING,
> > as in Apache's ssl_callback_ServerNameIndication() function in some
> > Apache versions. Are you asking that OpenSSL not send a warning
> > despite Apache's request to do so?
>
> Looking through Apache 2.2 (I'm assuming the OP is using that) we have this:
>
> int ssl_callback_ServerNameIndication(SSL *ssl, int *al, modssl_ctx_t *mctx)
> {
> ... snip ...
> else {
> ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,
> "No matching SSL virtual host for servername "
> "%s found (using default/first virtual host)",
> servername);
> return SSL_TLSEXT_ERR_ALERT_WARNING;
That's the code I saw. Should OpenSSL do Apache a favour and not
send a warning alert anyway, when the extension callback is the
SNI callback?
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
