> Le 25 oct. 2017 à 15:45, Emmanuel Hocdet <[email protected]> a écrit : > > > Hi Olivier, > > >> Le 25 oct. 2017 à 14:57, Olivier Houchard <[email protected]> a écrit : >> >> On Wed, Oct 25, 2017 at 02:37:58PM +0200, Emmanuel Hocdet wrote: >>> Hi, >>> >>> . patches serie rebase from master >>> . update openssl 1.1.1 api calls with new early callback name >>> (https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_client_hello_cb.html >>> >>> <https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_client_hello_cb.html>) >>> >> >> That mostly looks like the version I maintained, except : >> - if (!SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name)) >> + if (!SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) || >> !s->generate_certs) >> >> Shouldn't that be && !s->generate_certs ? Or we'll return >> SSL_TLSEXT_ERR_NOACK >> as soon as we don't generate certificates. > > Indeed, it’s &&, i test with strict-sni and doesn’t see that. > thanks >
patches serie with simplify condition:
0001-MEDIUM-ssl-convert-CBS-BoringSSL-api-usage-to-neutra.patch
Description: Binary data
0002-MINOR-ssl-support-Openssl-1.1.1-early-callback-for-s.patch
Description: Binary data
0003-MINOR-ssl-generated-certificate-is-missing-in-switch.patch
Description: Binary data
