trafficserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bc...@apache.org
Subject [trafficserver] branch master updated: Remove tls_versions from host sni policy check
Date Tue, 28 Apr 2020 23:08:45 GMT
This is an automated email from the ASF dual-hosted git repository.

bcall pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/master by this push:
     new 7567ff7  Remove tls_versions from host sni policy check
7567ff7 is described below

commit 7567ff7d5930a33342302572aa190b9f196e9a44
Author: Susan Hinrichs <shinrich@verizonmedia.com>
AuthorDate: Mon Apr 20 18:06:41 2020 +0000

    Remove tls_versions from host sni policy check
---
 doc/admin-guide/files/records.config.en.rst | 2 ++
 iocore/net/P_SNIActionPerformer.h           | 5 -----
 2 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/doc/admin-guide/files/records.config.en.rst b/doc/admin-guide/files/records.config.en.rst
index 21b9bb1..5da2297 100644
--- a/doc/admin-guide/files/records.config.en.rst
+++ b/doc/admin-guide/files/records.config.en.rst
@@ -1851,6 +1851,8 @@ Security
 
    You can override this global setting on a per domain basis in the :file:`sni.yaml` file
using the :ref:`host_sni_policy attribute<override-host-sni-policy>` action.
 
+   Currently, only the verify_client policy is checked for host name and SNI matching.
+
 Cache Control
 =============
 
diff --git a/iocore/net/P_SNIActionPerformer.h b/iocore/net/P_SNIActionPerformer.h
index 8dc95fe..2f9bd01 100644
--- a/iocore/net/P_SNIActionPerformer.h
+++ b/iocore/net/P_SNIActionPerformer.h
@@ -262,11 +262,6 @@ public:
     }
     return SSL_TLSEXT_ERR_OK;
   }
-  bool
-  TestClientSNIAction(const char *servername, const IpEndpoint &ep, int &policy)
const override
-  {
-    return !unset;
-  }
 };
 
 class SNI_IpAllow : public ActionItem


Mime
View raw message