Avoid a spurious unrecognized_name alert when a server is running in

pure anon mode and the client sent a SNI extension.
author: lloyd <[email protected]> 2012-06-09 07:18:04 +0000
committer: lloyd <[email protected]> 2012-06-09 07:18:04 +0000
commit: bc8858f4bc68889a8668a9665e1b7352f1ae5fff (patch)
tree: e083145538159aa8c2d7750a4a9286dd55ebcec4
parent: 55538ea412ef728f04ca4d86ec6b34360f7bb92c (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp
index e412c97ab..fcde7a8ce 100644
--- a/src/tls/tls_server.cpp
+++ b/src/tls/tls_server.cpp
@@ -430,8 +430,17 @@ void Server::process_handshake_msg(Handshake_Type type,
 
          if(m_hostname != "" && cert_chains.empty())
             {
-            send_alert(Alert(Alert::UNRECOGNIZED_NAME));
             cert_chains = get_server_certs("", creds);
+
+            /*
+            * Only send the unrecognized_name alert if we couldn't
+            * find any certs for the requested name but did find at
+            * least one cert to use in general. That avoids sending an
+            * unrecognized_name when a server is configured for purely
+            * anonymous operation.
+            */
+            if(!cert_chains.empty())
+               send_alert(Alert(Alert::UNRECOGNIZED_NAME));
             }
 
          m_state->server_hello = new Server_Hello(
author	lloyd <[email protected]>	2012-06-09 07:18:04 +0000
committer	lloyd <[email protected]>	2012-06-09 07:18:04 +0000
commit	bc8858f4bc68889a8668a9665e1b7352f1ae5fff (patch)
tree	e083145538159aa8c2d7750a4a9286dd55ebcec4
parent	55538ea412ef728f04ca4d86ec6b34360f7bb92c (diff)