summaryrefslogtreecommitdiffhomepage
path: root/docs/changes.xml
diff options
context:
space:
mode:
authorAndrey Suvorov <a.suvorov@f5.com>2021-07-22 11:23:48 -0700
committerAndrey Suvorov <a.suvorov@f5.com>2021-07-22 11:23:48 -0700
commitf965e358b6ca878ead629dffb2f0df57230995ea (patch)
tree047c668d5ccb94f62dad35ac27e2478e330c42e0 /docs/changes.xml
parentc37ff7ed0ed06b0e928efdb217a8999ff3ff7f50 (diff)
downloadunit-f965e358b6ca878ead629dffb2f0df57230995ea.tar.gz
unit-f965e358b6ca878ead629dffb2f0df57230995ea.tar.bz2
Changing SNI callback return code if a client sends no SNI.
When a client sends no SNI is a common situation. But currently the server processes it as an error and returns SSL_TLSEXT_ERR_ALERT_FATAL causing termination of a current TLS session. The problem occurs if configuration has more than one certificate bundle in a listener. This fix changes the return code to SSL_TLSEXT_ERR_OK and the log level of a message.
Diffstat (limited to 'docs/changes.xml')
-rw-r--r--docs/changes.xml8
1 files changed, 8 insertions, 0 deletions
diff --git a/docs/changes.xml b/docs/changes.xml
index 2aa9bb65..634bf9cd 100644
--- a/docs/changes.xml
+++ b/docs/changes.xml
@@ -45,6 +45,14 @@ process and thread lifecycle hooks in Ruby.
<change type="bugfix">
<para>
+TLS connection was rejected for configuration with more than one
+certificate bundle in a listener if a client did not use SNI.
+</para>
+</change>
+
+
+<change type="bugfix">
+<para>
the router process could crash on TLS connection open when multiple listeners
with TLS certificate configured; the bug had appeared in 1.23.0.
</para>