diff options
| author | Sergey Kandaurov <pluknet@nginx.com> | 2025-09-22 19:55:16 +0400 |
|---|---|---|
| committer | pluknet <pluknet@nginx.com> | 2025-09-25 19:25:08 +0400 |
| commit | 7f9ced0ce0d70ae60f46ef3ed759efa75e711db4 (patch) | |
| tree | d6e76b58b8814166abb3a704de488c37b0ce1fa7 /src/stream | |
| parent | 0373fe5d98c1515640e74fa6f4d32fac1f1d3ab2 (diff) | |
| download | nginx-7f9ced0ce0d70ae60f46ef3ed759efa75e711db4.tar.gz nginx-7f9ced0ce0d70ae60f46ef3ed759efa75e711db4.tar.bz2 | |
SNI: support for early ClientHello callback with BoringSSL.
This brings feature parity with OpenSSL after the previous change,
making it possible to set SSL protocols per virtual server.
Diffstat (limited to 'src/stream')
| -rw-r--r-- | src/stream/ngx_stream_ssl_module.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c index 7bf6304e4..75938b0a2 100644 --- a/src/stream/ngx_stream_ssl_module.c +++ b/src/stream/ngx_stream_ssl_module.c @@ -559,6 +559,11 @@ ngx_stream_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg) return SSL_TLSEXT_ERR_OK; } + if (c->ssl->handshake_rejected) { + *ad = SSL_AD_UNRECOGNIZED_NAME; + return SSL_TLSEXT_ERR_ALERT_FATAL; + } + s = c->data; if (arg) { |