Changing SNI callback return code if a client sends no SNI.

When a client sends no SNI is a common situation. But currently the server processes it as an error and returns SSL_TLSEXT_ERR_ALERT_FATAL causing termination of a current TLS session. The problem occurs if configuration has more than one certificate bundle in a listener. This fix changes the return code to SSL_TLSEXT_ERR_OK and the log level of a message.
author: Andrey Suvorov <a.suvorov@f5.com> 2021-07-22 11:23:48 -0700
committer: Andrey Suvorov <a.suvorov@f5.com> 2021-07-22 11:23:48 -0700
commit: f965e358b6ca878ead629dffb2f0df57230995ea (patch)
tree: 047c668d5ccb94f62dad35ac27e2478e330c42e0 /docs
parent: c37ff7ed0ed06b0e928efdb217a8999ff3ff7f50 (diff)
download: unit-f965e358b6ca878ead629dffb2f0df57230995ea.tar.gz
unit-f965e358b6ca878ead629dffb2f0df57230995ea.tar.bz2
1 files changed, 8 insertions, 0 deletions
diff --git a/docs/changes.xml b/docs/changes.xml
index 2aa9bb65..634bf9cd 100644
--- a/docs/changes.xml
+++ b/docs/changes.xml
@@ -45,6 +45,14 @@ process and thread lifecycle hooks in Ruby.
 
 <change type="bugfix">
 <para>
+TLS connection was rejected for configuration with more than one
+certificate bundle in a listener if a client did not use SNI.
+</para>
+</change>
+
+
+<change type="bugfix">
+<para>
 the router process could crash on TLS connection open when multiple listeners
 with TLS certificate configured; the bug had appeared in 1.23.0.
 </para>
author	Andrey Suvorov <a.suvorov@f5.com>	2021-07-22 11:23:48 -0700
committer	Andrey Suvorov <a.suvorov@f5.com>	2021-07-22 11:23:48 -0700
commit	f965e358b6ca878ead629dffb2f0df57230995ea (patch)
tree	047c668d5ccb94f62dad35ac27e2478e330c42e0 /docs
parent	c37ff7ed0ed06b0e928efdb217a8999ff3ff7f50 (diff)
download	unit-f965e358b6ca878ead629dffb2f0df57230995ea.tar.gz unit-f965e358b6ca878ead629dffb2f0df57230995ea.tar.bz2