Don't acknowledge a servername following warning alert in servername cb

If the servername cb decides to send back a warning alert then the handshake continues, but we should not signal to the client that the servername has been accepted. Reviewed-by: N Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/10018) (cherry picked from commit cd624ccd41ac3ac779c1c7a7a1e63427ce9588dd)

Don't acknowledge a servername following warning alert in servername cb
If the servername cb decides to send back a warning alert then the handshake continues, but we should not signal to the client that the servername has been accepted. Reviewed-by: N Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/10018) (cherry picked from commit cd624ccd41ac3ac779c1c7a7a1e63427ce9588dd)
a9a8863b · Matt Caswell · 721eb8f6 · a9a8863b
隐藏空白更改
内联并排

Showing with 1 addition and 0 deletion

ssl/statem/extensions.c ssl/statem/extensions.c +1 -0

未找到文件。
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -1010,6 +1010,7 @@ static int final_server_name(SSL *s, unsigned int context, int sent)
        /* TLSv1.3 doesn't have warning alerts so we suppress this */
        if (!SSL_IS_TLS13(s))
            ssl3_send_alert(s, SSL3_AL_WARNING, altmp);
+        s->servername_done = 0;
        return 1;

    case SSL_TLSEXT_ERR_NOACK: