Commit c5d1fb78 authored May 30, 2018 by Benjamin Kaduk Committed by Benjamin Kaduk Jul 20, 2018

Add TODO comment for a nonsensical public API



The API used to set what SNI value to send in the ClientHello
can also be used on server SSL objects, with undocumented and
un-useful behavior.  Unfortunately, when generic SSL_METHODs
are used, s->server is still set, prior to the start of the
handshake, so we cannot prevent this nonsensical usage at the
present time.  Leave a note to revisit this when ABI-breaking
changes are permitted.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6378)

parent 1c4aa31d

ssl/s3_lib.c

+9 −0

Original line number	Diff line number	Diff line
		@@ -3466,6 +3466,15 @@ long ssl3_ctrl(SSL s, int cmd, long larg, void parg)
		break;
		#endif /* !OPENSSL_NO_EC */
		case SSL_CTRL_SET_TLSEXT_HOSTNAME:
		/*
		* TODO(OpenSSL1.2)
		* This API is only used for a client to set what SNI it will request
		* from the server, but we currently allow it to be used on servers
		* as well, which is a programming error. Currently we just clear
		* the field in SSL_do_handshake() for server SSLs, but when we can
		* make ABI-breaking changes, we may want to make use of this API
		* an error on server SSLs.
		*/
		if (larg == TLSEXT_NAMETYPE_host_name) {
		size_t len;