> In order to implement SNI you need an SNI callback > The callback should return: > > SSL_TLSEXT_ERR_OK, if it successfully processed the SNI > SSL_TLSEXT_ERR_ALERT_WARNING, to send a warning alert back > SSL_TLSEXT_ERR_ALERT_FATAL, to send a fatal alert back > SSL_TLSEXT_ERR_NOACK, to continue without acknowledging the SNI > at all
Our SSL library used to return SSL_TLSEXT_ERR_ALERT_WARNING if no name match was found, until we discovered that Java SSL treats this as a fatal error when we changed to OK. But it did not seem to cause a problem with any browsers or OpenSSL clients, which I assume ignore it. What would SSL_alert_type_string return in the client? Angus -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
