If a server is not acknowledging SNI then don't reject early_data
SNI needs to be consistent before we accept early_data. However a server may choose to not acknowledge SNI. In that case we have to expect that a client may send it anyway. We change the consistency checks so that not acknowledging is treated more a like a "wild card", accepting any SNI as being consistent. Reviewed-by:Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4738)
Please register or sign in to comment