[openssl-users] SNI callback
Jeremy Harris
jgh at wizmail.org
Wed Nov 28 21:20:09 UTC 2018
On 28/11/2018 21:03, Benjamin Kaduk via openssl-users wrote:
> On Wed, Nov 28, 2018 at 08:48:10PM +0000, Jeremy Harris wrote:
>> OpenSSL 1.1.1 FIPS 11 Sep 2018
>> RHEL 8.0 beta
>>
>> Using SSL_CTX_set_tlsext_servername_callback()
>> when the called routine returns SSL_TLSEXT_ERR_NOACK
>> I was expecting the handshake to fail. It carries
>> on; am I doing something wrong?
>
> NOACK is basically "pretend that there wasn't a callback here";
> you should probably use SSL_TLSEXT_ERR_ALERT_FATAL to abort the
> connection if you want the handshake to fail.
Gotcha.
- Thanks
More information about the openssl-users
mailing list