Throw a handshake failure if we cannot find the given SNI hostname.

2016-06-08 16:46:28 +02:00 · 2016-06-08 16:46:28 +02:00 · afd4182975
parent f62430d1fa
commit afd4182975
1 changed files with 3 additions and 2 deletions
--- a/src/kore.c
+++ b/src/kore.c
@ -202,7 +202,7 @@ main(int argc, char *argv[])

 #if !defined(KORE_NO_TLS)
 int
-kore_tls_sni_cb(SSL *ssl, int *ad, void *arg)
+kore_tls_sni_cb(SSL *ssl, int *al, void *arg)
 {
 	struct kore_domain	*dom;
 	const char		*sname;
@ -224,7 +224,8 @@ kore_tls_sni_cb(SSL *ssl, int *ad, void *arg)
 		return (SSL_TLSEXT_ERR_OK);
 	}

-	return (SSL_TLSEXT_ERR_NOACK);
+	*al = SSL_AD_HANDSHAKE_FAILURE;
+	return (SSL_TLSEXT_ERR_ALERT_FATAL);
 }

 void