diff options
author | stbuehler <stbuehler@152afb58-edef-0310-8abb-c4023f1b3aa9> | 2009-10-16 22:06:31 +0000 |
---|---|---|
committer | stbuehler <stbuehler@152afb58-edef-0310-8abb-c4023f1b3aa9> | 2009-10-16 22:06:31 +0000 |
commit | b6ee32f1fe79df2ec2eba0d8ec9f4e4b28ab770d (patch) | |
tree | 9dbfadafa3edb60683021b42c1e1d79a8355bba8 | |
parent | c5557df984a80b9ef02f722b2fef3a918ae4e7df (diff) | |
download | lighttpd-b6ee32f1fe79df2ec2eba0d8ec9f4e4b28ab770d.tar.gz |
Don't print ssl error if client didn't support TLS SNI
git-svn-id: svn://svn.lighttpd.net/lighttpd/trunk@2667 152afb58-edef-0310-8abb-c4023f1b3aa9
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | src/network.c | 8 |
2 files changed, 7 insertions, 2 deletions
@@ -146,6 +146,7 @@ NEWS * Add TLS servername indication (SNI) support (fixes #386, thx Peter Colberg <peter@colberg.org>) * Add SSL Client Certificate verification (#1288) * mod_accesslog: escape special characters (fixes #1551, thx icy) + * Don't print ssl error if client didn't support TLS SNI - 1.5.0-r19.. - * -F option added for spawn-fcgi diff --git a/src/network.c b/src/network.c index 9671c27e..b33138d0 100644 --- a/src/network.c +++ b/src/network.c @@ -240,8 +240,11 @@ static int network_ssl_servername_callback(SSL *ssl, int *al, server *srv) { buffer_copy_string(con->uri.scheme, "https"); if (NULL == (servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) { +#if 0 + /* this "error" just means the client didn't support it */ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", "failed to get TLS server name"); +#endif return SSL_TLSEXT_ERR_NOACK; } buffer_copy_string(con->sock->tlsext_server_name, servername); @@ -252,15 +255,16 @@ static int network_ssl_servername_callback(SSL *ssl, int *al, server *srv) { config_patch_connection(srv, con, COMP_HTTP_HOST); if (NULL == con->conf.ssl_ctx) { + /* ssl_ctx <=> pemfile was set <=> ssl_ctx got patched: so this should never happen */ log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:", - "null SSL_CTX for TLS server name", con->sock->tlsext_server_name); + "null SSL_CTX for TLS server name", con->sock->tlsext_server_name); return SSL_TLSEXT_ERR_ALERT_FATAL; } /* switch to new SSL_CTX in reaction to a client's server_name extension */ if (con->conf.ssl_ctx != SSL_set_SSL_CTX(ssl, con->conf.ssl_ctx)) { log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:", - "failed to set SSL_CTX for TLS server name", con->sock->tlsext_server_name); + "failed to set SSL_CTX for TLS server name", con->sock->tlsext_server_name); return SSL_TLSEXT_ERR_ALERT_FATAL; } |