Sortix nightly manual
This manual documents Sortix nightly, a development build that has not been officially released. You can instead view this document in the latest official manual.
NAMESSL_CTX_set_tlsext_servername_callback, SSL_CTX_set_tlsext_servername_arg, SSL_get_servername_type, SSL_get_servername, SSL_set_tlsext_host_name — handle server name indication (SNI)
SSL_CTX_set_tlsext_servername_callback(SSL_CTX *ctx, int (*cb)(SSL *ssl, int *alert, void *arg));
SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg);
SSL_get_servername(const SSL *ssl, const int type);
SSL_get_servername_type(const SSL *ssl);
SSL_set_tlsext_host_name(const SSL *ssl, const char *name);
DESCRIPTIONSSL_CTX_set_tlsext_servername_callback() sets the application callback cb used by a server to perform any actions or configuration required based on the servername extension received in the incoming connection. Like the ALPN callback, it is executed during Client Hello processing. When cb is NULL, SNI is not used.
- This is used to indicate that the servername requested by the client has been accepted. Typically a server will call SSL_set_SSL_CTX(3) in the callback to set up a different configuration for the selected servername in this case.
- In this case the servername requested by the client is not accepted and the handshake will be aborted. The value of the alert to be used should be stored in the location pointed to by the alert parameter to the callback. By default this value is initialised to SSL_AD_UNRECOGNIZED_NAME.
- If this value is returned, then the servername is not accepted by the server. However, the handshake will continue and send a warning alert instead. The value of the alert should be stored in the location pointed to by the alert parameter as for SSL_TLSEXT_ERR_ALERT_FATAL above. Note that TLSv1.3 does not support warning alerts, so if TLSv1.3 has been negotiated then this return value is treated the same way as SSL_TLSEXT_ERR_NOACK.
- This return value indicates that the servername is not accepted by the server. No alerts are sent and the server will not acknowledge the requested servername.