From d3850603933c9319528375088a9b28b9b345246b Mon Sep 17 00:00:00 2001 From: Emmanuel Hocdet Date: Fri, 3 Mar 2017 15:21:26 +0100 Subject: [PATCH] BUG/MEDIUM: ssl: switchctx should not return SSL_TLSEXT_ERR_ALERT_WARNING Extract from RFC 6066: "If the server understood the ClientHello extension but does not recognize the server name, the server SHOULD take one of two actions: either abort the handshake by sending a fatal-level unrecognized_name(112) alert or continue the handshake. It is NOT RECOMMENDED to send a warning-level unrecognized_name(112) alert, because the client's behavior in response to warning-level alerts is unpredictable. If there is a mismatch between the server name used by the client application and the server name of the credential chosen by the server, this mismatch will become apparent when the client application performs the server endpoint identification, at which point the client application will have to decide whether to proceed with the communication." Thanks Roberto Guimaraes for the bug repport, spotted with openssl-1.1.0. This fix must be backported. --- src/ssl_sock.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 1a9c185bb..c626d62a2 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -1625,7 +1625,6 @@ static int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx) } if (!s->strict_sni) /* no certificate match, is the default_ctx */ - /* the client will alert (was SSL_TLSEXT_ERR_ALERT_WARNING, ignored by Boring) */ return 1; abort: /* abort handshake (was SSL_TLSEXT_ERR_ALERT_FATAL) */ @@ -1707,7 +1706,7 @@ static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv) #endif return (s->strict_sni ? SSL_TLSEXT_ERR_ALERT_FATAL : - SSL_TLSEXT_ERR_ALERT_WARNING); + SSL_TLSEXT_ERR_OK); } /* switch ctx */