BUG/MEDIUM: ssl: switchctx should not return SSL_TLSEXT_ERR_ALERT_WARNING

Extract from RFC 6066: "If the server understood the ClientHello extension but does not recognize the server name, the server SHOULD take one of two actions: either abort the handshake by sending a fatal-level unrecognized_name(112) alert or continue the handshake. It is NOT RECOMMENDED to send a warning-level unrecognized_name(112) alert, because the client's behavior in response to warning-level alerts is unpredictable. If there is a mismatch between the server name used by the client application and the server name of the credential chosen by the server, this mismatch will become apparent when the client application performs the server endpoint identification, at which point the client application will have to decide whether to proceed with the communication." Thanks Roberto Guimaraes for the bug repport, spotted with openssl-1.1.0. This fix must be backported.
2025-09-22 22:31:28 +02:00 · 2017-03-03 15:21:26 +01:00 · 2017-03-03 15:21:26 +01:00 · d385060393
commit d385060393
parent 530141f747
1 changed files with 1 additions and 2 deletions
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@ -1625,7 +1625,6 @@ static int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx)
 	}
 	if (!s->strict_sni)
 		/* no certificate match, is the default_ctx */
-		/* the client will alert (was SSL_TLSEXT_ERR_ALERT_WARNING, ignored by Boring) */
 		return 1;
 abort:
 	/* abort handshake (was SSL_TLSEXT_ERR_ALERT_FATAL) */
@ -1707,7 +1706,7 @@ static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
 #endif
 		return (s->strict_sni ?
 			SSL_TLSEXT_ERR_ALERT_FATAL :
-			SSL_TLSEXT_ERR_ALERT_WARNING);
+			SSL_TLSEXT_ERR_OK);
 	}

 	/* switch ctx */