[openssl-project] Current status of our release criteria

Kurt Roeckx kurt at roeckx.be
Mon Sep 3 21:42:19 UTC 2018


On Mon, Sep 03, 2018 at 05:54:52PM +0100, Matt Caswell wrote:
> 
> #7014: TLSv1.2 SNI hostname works in 1.1.0h, not in 1.1.1 master (as of 18
> 
> Ben has asked for input from the OMC on this one

So SSL_get_servername() was not documented in 1.1.0, but did exist
in it. It's currently documented as:

       SSL_get_servername() returns a servername extension value
       of the specified type if provided in the Client Hello or NULL.

It's clearly a function intended to be used to select which
certificate should be used, during the negotation. But it seems
that someone uses it after the negotation, or the SNI callback,
and now gets NULL in case SNI was sent but not used.

It at least looks like a misuse of the API, but the documentation
does not say when you can call this function, unlike the
SSL_CTX_set_client_hello_cb() documentation.


Kurt



More information about the openssl-project mailing list