e0d2453f56
this patch fixes bugs in tls extension handling: 1. if conn->serverName is an empty string, tlsClientExtensions will generate a SNI with an empty hostname, which is forbidden according to RFC 6066: opaque HostName<1..2^16-1>; check if conn->serverName has at least one char. 2. checkClientExtensions fail with clients that doesn't have extensions, because it doesn't check if ext is nil. fix that up. 3. rewrite checkClientExtensions. some parts of the code does not check the length properly, and it could be simplified heavily. |
||
|---|---|---|
| .. | ||
| doc | ||
| games/lib | ||
| include | ||
| lib | ||
| man | ||
| src | ||