From 7f9ced0ce0d70ae60f46ef3ed759efa75e711db4 Mon Sep 17 00:00:00 2001 From: Sergey Kandaurov Date: Mon, 22 Sep 2025 19:55:16 +0400 Subject: SNI: support for early ClientHello callback with BoringSSL. This brings feature parity with OpenSSL after the previous change, making it possible to set SSL protocols per virtual server. --- src/stream/ngx_stream_ssl_module.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'src/stream') diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c index 7bf6304e4..75938b0a2 100644 --- a/src/stream/ngx_stream_ssl_module.c +++ b/src/stream/ngx_stream_ssl_module.c @@ -559,6 +559,11 @@ ngx_stream_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg) return SSL_TLSEXT_ERR_OK; } + if (c->ssl->handshake_rejected) { + *ad = SSL_AD_UNRECOGNIZED_NAME; + return SSL_TLSEXT_ERR_ALERT_FATAL; + } + s = c->data; if (arg) { -- cgit