On Wed, Jun 18, 2014 at 01:06:31PM +0200, Dr. Stephen Henson wrote: > > This commit does not introduce the alert generation. The alert is > > generated when the server callback returns SSL_TLSEXT_ERR_ALERT_WARNING, > > as in Apache's ssl_callback_ServerNameIndication() function in some > > Apache versions. Are you asking that OpenSSL not send a warning > > despite Apache's request to do so? > > Looking through Apache 2.2 (I'm assuming the OP is using that) we have this: > > int ssl_callback_ServerNameIndication(SSL *ssl, int *al, modssl_ctx_t *mctx) > { > ... snip ... > else { > ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, > "No matching SSL virtual host for servername " > "%s found (using default/first virtual host)", > servername); > return SSL_TLSEXT_ERR_ALERT_WARNING;
That's the code I saw. Should OpenSSL do Apache a favour and not send a warning alert anyway, when the extension callback is the SNI callback? -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org