diff options
author | Andrey Suvorov <a.suvorov@f5.com> | 2021-07-22 11:23:48 -0700 |
---|---|---|
committer | Andrey Suvorov <a.suvorov@f5.com> | 2021-07-22 11:23:48 -0700 |
commit | f965e358b6ca878ead629dffb2f0df57230995ea (patch) | |
tree | 047c668d5ccb94f62dad35ac27e2478e330c42e0 /docs/changes.xml | |
parent | c37ff7ed0ed06b0e928efdb217a8999ff3ff7f50 (diff) | |
download | unit-f965e358b6ca878ead629dffb2f0df57230995ea.tar.gz unit-f965e358b6ca878ead629dffb2f0df57230995ea.tar.bz2 |
Changing SNI callback return code if a client sends no SNI.
When a client sends no SNI is a common situation. But currently the server
processes it as an error and returns SSL_TLSEXT_ERR_ALERT_FATAL causing
termination of a current TLS session. The problem occurs if configuration has
more than one certificate bundle in a listener.
This fix changes the return code to SSL_TLSEXT_ERR_OK and the log level of a
message.
Diffstat (limited to '')
-rw-r--r-- | docs/changes.xml | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/docs/changes.xml b/docs/changes.xml index 2aa9bb65..634bf9cd 100644 --- a/docs/changes.xml +++ b/docs/changes.xml @@ -45,6 +45,14 @@ process and thread lifecycle hooks in Ruby. <change type="bugfix"> <para> +TLS connection was rejected for configuration with more than one +certificate bundle in a listener if a client did not use SNI. +</para> +</change> + + +<change type="bugfix"> +<para> the router process could crash on TLS connection open when multiple listeners with TLS certificate configured; the bug had appeared in 1.23.0. </para> |