Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove automatic SNI extension fallback in WolfSSLEngineHelper #249

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Remove automatic SNI extension fallback in WolfSSLEngineHelper #249

wants to merge 1 commit into from

Conversation

gasbytes
Copy link
Contributor

@gasbytes gasbytes commented Jan 7, 2025

Only set Server Name Indication (SNI) extension when explicitly configured through SSLParameters. Remove automatic fallback logic that would set SNI based on hostname or peer address, as this could cause unexpected behavior and test failures.

This change:

  • Fixes test failures in SSLSocketExplorerWithSrvSNI
  • Improves compatibility with standard JSSE behavior
  • Adds debug logging when SNI is not configured

@gasbytes
Remove automatic SNI extension fallback in WolfSSLEngineHelper
a164fd9 
Only set Server Name Indication (SNI) extension when explicitly configured
through SSLParameters. Remove automatic fallback logic that would set SNI
based on hostname or peer address, as this could cause unexpected behavior
and test failures.

This change:
- Fixes test failures in SSLSocketExplorerWithSrvSNI
- Improves compatibility with standard JSSE behavior
- Adds debug logging when SNI is not configured
@gasbytes gasbytes requested a review from cconlon January 7, 2025 16:55
@gasbytes gasbytes marked this pull request as draft January 7, 2025 17:16
@gasbytes gasbytes marked this pull request as ready for review January 7, 2025 21:19
@cconlon
Copy link
Member

cconlon commented Jan 10, 2025

I'm a little hesitant about this change, since I want to say we have had customers with failing connections until this behavior was added. Are we sure that SunJSSE only sets the SNI extension in the ClientHello when set in the SSLParameters, and doesn't pick it up if the SSLSocket is created using certain inputs?

Also, did we decide that this did indeed fix the SSLSocketExplorerWithSrvSNI test, or was that one that was broken by something else?

Thanks,
Chris

@cconlon cconlon assigned gasbytes and unassigned wolfSSL-Bot Jan 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cconlon cconlon Awaiting requested review from cconlon

At least 1 approving review is required to merge this pull request.

Assignees

@gasbytes gasbytes

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gasbytes @cconlon @wolfSSL-Bot