From 1c839885e76faa3cb40d920d80400a6cf9412870 Mon Sep 17 00:00:00 2001 From: Maximilian Fridrich Date: Tue, 30 Jul 2024 09:31:23 +0200 Subject: [PATCH] tls/sni: skip SNI check or server_name absent --- src/tls/openssl/sni.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/tls/openssl/sni.c b/src/tls/openssl/sni.c index 8298e40fd..8be0e7f71 100644 --- a/src/tls/openssl/sni.c +++ b/src/tls/openssl/sni.c @@ -166,10 +166,8 @@ static int ssl_servername_handler(SSL *ssl, int *al, void *arg) const char *sni; sni = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name); - if (!str_isset(sni)) { - *al = SSL_AD_UNRECOGNIZED_NAME; - return SSL_TLSEXT_ERR_ALERT_FATAL; - } + if (!str_isset(sni)) + return SSL_TLSEXT_ERR_OK; /* find and apply matching certificate */ uc = tls_cert_for_sni(tls, sni);