Sortix nightly manual
This manual documents Sortix nightly, a development build that has not been officially released. You can instead view this document in the latest official manual.
|SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK(3)||Library Functions Manual||SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK(3)|
handle server name indication (SNI)
SSL_CTX_set_tlsext_servername_callback(SSL_CTX *ctx, int (*cb)(SSL *ssl, int *alert, void *arg)); long
SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg); const char *
SSL_get_servername(const SSL *ssl, const int type); int
SSL_get_servername_type(const SSL *ssl); int
SSL_set_tlsext_host_name(const SSL *ssl, const char *name);
SSL_CTX_set_tlsext_servername_callback() sets the application callback cb used by a server to perform any actions or configuration required based on the servername extension received in the incoming connection. Like the ALPN callback, it is executed during Client Hello processing. When cb is
NULL, SNI is not used. The servername callback should return one of the following values:
- This is used to indicate that the servername requested by the client has been accepted. Typically a server will call SSL_set_SSL_CTX(3) in the callback to set up a different configuration for the selected servername in this case.
- In this case the servername requested by the client is not accepted and
the handshake will be aborted. The value of the alert to be used should be
stored in the location pointed to by the
alert parameter to the callback. By
default this value is initialised to
- If this value is returned, then the servername is not accepted by the
server. However, the handshake will continue and send a warning alert
instead. The value of the alert should be stored in the location pointed
to by the alert parameter as for
SSL_TLSEXT_ERR_ALERT_FATALabove. Note that TLSv1.3 does not support warning alerts, so if TLSv1.3 has been negotiated then this return value is treated the same way as
- This return value indicates that the servername is not accepted by the server. No alerts are sent and the server will not acknowledge the requested servername.
SSL_CTX_set_tlsext_servername_arg() sets a context-specific argument to be passed into the callback via the arg parameter for ctx.
SSL_set_tlsext_host_name() sets the server name indication ClientHello extension to contain the value name, or clears it if name is
NULL. The type of server name indication extension is set to
TLSEXT_NAMETYPE_host_nameas defined in RFC 3546. All three functions are implemented as macros.
SSL_CTX_set_tlsext_servername_arg() always return 1 indicating success.
SSL_get_servername() returns a servername extension value of the specified type if provided in the Client Hello, or
SSL_get_servername_type() returns the servername type or -1 if no servername is present. Currently the only supported type (defined in RFC 3546) is
SSL_set_tlsext_host_name() returns 1 on success or 0 in case of an error. ssl(3), SSL_CTX_callback_ctrl(3), SSL_CTX_set_alpn_select_cb(3) OpenBSD 4.5.
|September 1, 2021||Debian|