You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was enabling TLS on some TCP sockets. I realized I was sort of leaking valid server names if I don't check the requested server name, and fail if it's not part of the certificate... so I started checking on the name given in the initial request. If I didn't find the name in the list, then I return SSL_TLSEXT_ERR_NOACK, and setup some other conditions on my internal state...
When the SSL_do_handshake() returns, there is control data available to send ... which apparently includes the certificate.
I was testing against my TCP service using a browser, and deliberately sending bad hostnames... in the browser I got back an error more like 'common name not correct in certificate'... which means it got back the certificate, even though I said NOACK.... I did set a flag noHost internally, and if there is a noHost status and there's data to send, I don't send the data now, and the browser doesn't get the certificate; and now just indicates connection_closed.
The text was updated successfully, but these errors were encountered:
(3.9.2)
I don't yet have a simple test case of this.
I was enabling TLS on some TCP sockets. I realized I was sort of leaking valid server names if I don't check the requested server name, and fail if it's not part of the certificate... so I started checking on the name given in the initial request. If I didn't find the name in the list, then I return SSL_TLSEXT_ERR_NOACK, and setup some other conditions on my internal state...
When the SSL_do_handshake() returns, there is control data available to send ... which apparently includes the certificate.
I was testing against my TCP service using a browser, and deliberately sending bad hostnames... in the browser I got back an error more like 'common name not correct in certificate'... which means it got back the certificate, even though I said NOACK.... I did set a flag
noHostinternally, and if there is a noHost status and there's data to send, I don't send the data now, and the browser doesn't get the certificate; and now just indicates connection_closed.The text was updated successfully, but these errors were encountered: