[openssl-users] SNI callback
Benjamin Kaduk
bkaduk at akamai.com
Wed Nov 28 21:03:10 UTC 2018
On Wed, Nov 28, 2018 at 08:48:10PM +0000, Jeremy Harris wrote:
> OpenSSL 1.1.1 FIPS 11 Sep 2018
> RHEL 8.0 beta
>
> Using SSL_CTX_set_tlsext_servername_callback()
> when the called routine returns SSL_TLSEXT_ERR_NOACK
> I was expecting the handshake to fail. It carries
> on; am I doing something wrong?
NOACK is basically "pretend that there wasn't a callback here";
you should probably use SSL_TLSEXT_ERR_ALERT_FATAL to abort the
connection if you want the handshake to fail.
-Ben
More information about the openssl-users
mailing list