diff options
| author | Sergey Kandaurov <pluknet@nginx.com> | 2025-09-22 19:55:16 +0400 |
|---|---|---|
| committer | pluknet <pluknet@nginx.com> | 2025-09-25 19:25:08 +0400 |
| commit | 7f9ced0ce0d70ae60f46ef3ed759efa75e711db4 (patch) | |
| tree | d6e76b58b8814166abb3a704de488c37b0ce1fa7 /src/http | |
| parent | 0373fe5d98c1515640e74fa6f4d32fac1f1d3ab2 (diff) | |
| download | nginx-7f9ced0ce0d70ae60f46ef3ed759efa75e711db4.tar.gz nginx-7f9ced0ce0d70ae60f46ef3ed759efa75e711db4.tar.bz2 | |
SNI: support for early ClientHello callback with BoringSSL.
This brings feature parity with OpenSSL after the previous change,
making it possible to set SSL protocols per virtual server.
Diffstat (limited to 'src/http')
| -rw-r--r-- | src/http/ngx_http_request.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c index 6f6e975b7..16d79c490 100644 --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -895,6 +895,11 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg) return SSL_TLSEXT_ERR_OK; } + if (c->ssl->handshake_rejected) { + *ad = SSL_AD_UNRECOGNIZED_NAME; + return SSL_TLSEXT_ERR_ALERT_FATAL; + } + hc = c->data; if (arg != NULL) { |