bzp2010 commented on code in PR #12366:
URL: https://github.com/apache/apisix/pull/12366#discussion_r2162851981
##########
apisix/init.lua:
##########
@@ -391,6 +400,17 @@ local function verify_https_client(ctx)
", but the host is ", host)
return false
end
+
+ local session_hostname, err = apisix_ssl.session_hostname()
+ if err then
+ core.log.error("failed to get session hostname: ", err)
+ return false
+ end
+ if session_hostname and session_hostname ~= ngx.ctx.client_hello_sni
then
+ core.log.error("sni in client hello mismatch hostname of ssl
session, ",
+ "sni: ", ngx.ctx.client_hello_sni, ", hostname:
", session_hostname)
+ return false
+ end
Review Comment:
What is the difference between this and the other modification that looks
the same above?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
