This is an automated email from the ASF dual-hosted git repository. bcall pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push: new 7567ff7 Remove tls_versions from host sni policy check 7567ff7 is described below commit 7567ff7d5930a33342302572aa190b9f196e9a44 Author: Susan Hinrichs <shinr...@verizonmedia.com> AuthorDate: Mon Apr 20 18:06:41 2020 +0000 Remove tls_versions from host sni policy check --- doc/admin-guide/files/records.config.en.rst | 2 ++ iocore/net/P_SNIActionPerformer.h | 5 ----- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/doc/admin-guide/files/records.config.en.rst b/doc/admin-guide/files/records.config.en.rst index 21b9bb1..5da2297 100644 --- a/doc/admin-guide/files/records.config.en.rst +++ b/doc/admin-guide/files/records.config.en.rst @@ -1851,6 +1851,8 @@ Security You can override this global setting on a per domain basis in the :file:`sni.yaml` file using the :ref:`host_sni_policy attribute<override-host-sni-policy>` action. + Currently, only the verify_client policy is checked for host name and SNI matching. + Cache Control ============= diff --git a/iocore/net/P_SNIActionPerformer.h b/iocore/net/P_SNIActionPerformer.h index 8dc95fe..2f9bd01 100644 --- a/iocore/net/P_SNIActionPerformer.h +++ b/iocore/net/P_SNIActionPerformer.h @@ -262,11 +262,6 @@ public: } return SSL_TLSEXT_ERR_OK; } - bool - TestClientSNIAction(const char *servername, const IpEndpoint &ep, int &policy) const override - { - return !unset; - } }; class SNI_IpAllow : public ActionItem