Simplify SSL_get_servername() to avoid session references

author Ben Kaduk <kaduk@mit.edu>

Tue, 4 Sep 2018 17:30:00 +0000 (12:30 -0500)

committer Matt Caswell <matt@openssl.org>

Fri, 7 Sep 2018 14:21:27 +0000 (15:21 +0100)
author Ben Kaduk <kaduk@mit.edu>
Tue, 4 Sep 2018 17:30:00 +0000 (12:30 -0500)
committer Matt Caswell <matt@openssl.org>
Fri, 7 Sep 2018 14:21:27 +0000 (15:21 +0100)
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c

index 7e8093bcfd4ff8812c82e621691629c11f2773c5..3d25da637d2bc793efa540ef1367f1f12448707c 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2600,18 +2600,14 @@ const char *SSL_get_servername(const SSL *s, const int type)
          return NULL;
  
      /*
-     * TODO(OpenSSL1.2) clean up this compat mess.  This API is
-     * currently a mix of "what did I configure" and "what did the
-     * peer send" and "what was actually negotiated"; we should have
-     * a clear distinction amongst those three.
+     * SNI is not negotiated in pre-TLS-1.3 resumption flows, so fake up an
+     * SNI value to return if we are resuming/resumed.  N.B. that we still
+     * call the relevant callbacks for such resumption flows, and callbacks
+     * might error out if there is not a SNI value available.
       */
-    if (SSL_in_init(s)) {
-        if (s->hit)
-            return s->session->ext.hostname;
-        return s->ext.hostname;
-    }
-    return (s->session != NULL && s->ext.hostname == NULL) ?
-        s->session->ext.hostname : s->ext.hostname;
+    if (s->hit)
+        return s->session->ext.hostname;
+    return s->ext.hostname;
  }
  
  int SSL_get_servername_type(const SSL *s)
author	Ben Kaduk <kaduk@mit.edu>
	Tue, 4 Sep 2018 17:30:00 +0000 (12:30 -0500)
committer	Matt Caswell <matt@openssl.org>
	Fri, 7 Sep 2018 14:21:27 +0000 (15:21 +0100)